From c80a7765d95edfbd199d958bb08a055dd1272701 Mon Sep 17 00:00:00 2001 From: Rob White Date: Sun, 4 Aug 2024 21:48:03 +0000 Subject: [PATCH] update: source github.com/jsonnet-libs/k8s@91eace26 --- 0.7-experimental/_gen/gateway/main.libsonnet | 6 + .../_gen/gateway/v1alpha2/gateway.libsonnet | 148 ++ .../gateway/v1alpha2/gatewayClass.libsonnet | 72 + .../_gen/gateway/v1alpha2/grpcRoute.libsonnet | 317 ++++ .../_gen/gateway/v1alpha2/httpRoute.libsonnet | 398 +++++ .../_gen/gateway/v1alpha2/main.libsonnet | 12 + .../gateway/v1alpha2/referenceGrant.libsonnet | 81 + .../_gen/gateway/v1alpha2/tcpRoute.libsonnet | 100 ++ .../_gen/gateway/v1alpha2/tlsRoute.libsonnet | 104 ++ .../_gen/gateway/v1alpha2/udpRoute.libsonnet | 100 ++ .../_gen/gateway/v1beta1/gateway.libsonnet | 148 ++ .../gateway/v1beta1/gatewayClass.libsonnet | 72 + .../_gen/gateway/v1beta1/httpRoute.libsonnet | 398 +++++ .../_gen/gateway/v1beta1/main.libsonnet | 8 + .../gateway/v1beta1/referenceGrant.libsonnet | 81 + 0.7-experimental/gen.libsonnet | 5 + 0.7-experimental/main.libsonnet | 1 + 0.8-experimental/_gen/gateway/main.libsonnet | 6 + .../_gen/gateway/v1alpha2/gateway.libsonnet | 148 ++ .../gateway/v1alpha2/gatewayClass.libsonnet | 72 + .../_gen/gateway/v1alpha2/grpcRoute.libsonnet | 317 ++++ .../_gen/gateway/v1alpha2/httpRoute.libsonnet | 398 +++++ .../_gen/gateway/v1alpha2/main.libsonnet | 12 + .../gateway/v1alpha2/referenceGrant.libsonnet | 81 + .../_gen/gateway/v1alpha2/tcpRoute.libsonnet | 100 ++ .../_gen/gateway/v1alpha2/tlsRoute.libsonnet | 104 ++ .../_gen/gateway/v1alpha2/udpRoute.libsonnet | 100 ++ .../_gen/gateway/v1beta1/gateway.libsonnet | 148 ++ .../gateway/v1beta1/gatewayClass.libsonnet | 72 + .../_gen/gateway/v1beta1/httpRoute.libsonnet | 398 +++++ .../_gen/gateway/v1beta1/main.libsonnet | 8 + .../gateway/v1beta1/referenceGrant.libsonnet | 81 + 0.8-experimental/gen.libsonnet | 5 + 0.8-experimental/main.libsonnet | 1 + 1.0-experimental/_gen/gateway/main.libsonnet | 7 + .../_gen/gateway/v1/gateway.libsonnet | 159 ++ .../_gen/gateway/v1/gatewayClass.libsonnet | 72 + .../_gen/gateway/v1/httpRoute.libsonnet | 405 +++++ .../_gen/gateway/v1/main.libsonnet | 7 + .../v1alpha2/backendTLSPolicy.libsonnet | 88 + .../_gen/gateway/v1alpha2/grpcRoute.libsonnet | 317 ++++ .../_gen/gateway/v1alpha2/main.libsonnet | 10 + .../gateway/v1alpha2/referenceGrant.libsonnet | 81 + .../_gen/gateway/v1alpha2/tcpRoute.libsonnet | 100 ++ .../_gen/gateway/v1alpha2/tlsRoute.libsonnet | 104 ++ .../_gen/gateway/v1alpha2/udpRoute.libsonnet | 100 ++ .../_gen/gateway/v1beta1/gateway.libsonnet | 159 ++ .../gateway/v1beta1/gatewayClass.libsonnet | 72 + .../_gen/gateway/v1beta1/httpRoute.libsonnet | 405 +++++ .../_gen/gateway/v1beta1/main.libsonnet | 8 + .../gateway/v1beta1/referenceGrant.libsonnet | 81 + 1.0-experimental/gen.libsonnet | 5 + 1.0-experimental/main.libsonnet | 1 + 1.1-experimental/_gen/gateway/main.libsonnet | 8 + .../_gen/gateway/v1/gateway.libsonnet | 186 ++ .../_gen/gateway/v1/gatewayClass.libsonnet | 72 + .../_gen/gateway/v1/grpcRoute.libsonnet | 333 ++++ .../_gen/gateway/v1/httpRoute.libsonnet | 421 +++++ .../_gen/gateway/v1/main.libsonnet | 8 + .../v1alpha2/backendLBPolicy.libsonnet | 84 + .../_gen/gateway/v1alpha2/grpcRoute.libsonnet | 333 ++++ .../_gen/gateway/v1alpha2/main.libsonnet | 10 + .../gateway/v1alpha2/referenceGrant.libsonnet | 81 + .../_gen/gateway/v1alpha2/tcpRoute.libsonnet | 100 ++ .../_gen/gateway/v1alpha2/tlsRoute.libsonnet | 104 ++ .../_gen/gateway/v1alpha2/udpRoute.libsonnet | 100 ++ .../v1alpha3/backendTLSPolicy.libsonnet | 90 + .../_gen/gateway/v1alpha3/main.libsonnet | 5 + .../_gen/gateway/v1beta1/gateway.libsonnet | 186 ++ .../gateway/v1beta1/gatewayClass.libsonnet | 72 + .../_gen/gateway/v1beta1/httpRoute.libsonnet | 421 +++++ .../_gen/gateway/v1beta1/main.libsonnet | 8 + .../gateway/v1beta1/referenceGrant.libsonnet | 81 + 1.1-experimental/gen.libsonnet | 5 + 1.1-experimental/main.libsonnet | 1 + 1.1/_gen/gateway/main.libsonnet | 7 + 1.1/_gen/gateway/v1/gateway.libsonnet | 148 ++ 1.1/_gen/gateway/v1/gatewayClass.libsonnet | 72 + 1.1/_gen/gateway/v1/grpcRoute.libsonnet | 317 ++++ 1.1/_gen/gateway/v1/httpRoute.libsonnet | 398 +++++ 1.1/_gen/gateway/v1/main.libsonnet | 8 + 1.1/_gen/gateway/v1alpha2/grpcRoute.libsonnet | 317 ++++ 1.1/_gen/gateway/v1alpha2/main.libsonnet | 6 + .../gateway/v1alpha2/referenceGrant.libsonnet | 81 + 1.1/_gen/gateway/v1beta1/gateway.libsonnet | 148 ++ .../gateway/v1beta1/gatewayClass.libsonnet | 72 + 1.1/_gen/gateway/v1beta1/httpRoute.libsonnet | 398 +++++ 1.1/_gen/gateway/v1beta1/main.libsonnet | 8 + .../gateway/v1beta1/referenceGrant.libsonnet | 81 + 1.1/gen.libsonnet | 5 + 1.1/main.libsonnet | 1 + docs/0.7-experimental/README.md | 13 + docs/0.7-experimental/gateway/index.md | 10 + .../gateway/v1alpha2/gateway.md | 568 ++++++ .../gateway/v1alpha2/gatewayClass.md | 269 +++ .../gateway/v1alpha2/grpcRoute.md | 1208 +++++++++++++ .../gateway/v1alpha2/httpRoute.md | 1498 ++++++++++++++++ .../gateway/v1alpha2/index.md | 16 + .../gateway/v1alpha2/referenceGrant.md | 314 ++++ .../gateway/v1alpha2/tcpRoute.md | 393 ++++ .../gateway/v1alpha2/tlsRoute.md | 413 +++++ .../gateway/v1alpha2/udpRoute.md | 393 ++++ .../gateway/v1beta1/gateway.md | 568 ++++++ .../gateway/v1beta1/gatewayClass.md | 269 +++ .../gateway/v1beta1/httpRoute.md | 1498 ++++++++++++++++ .../0.7-experimental/gateway/v1beta1/index.md | 12 + .../gateway/v1beta1/referenceGrant.md | 314 ++++ docs/0.8-experimental/README.md | 13 + docs/0.8-experimental/gateway/index.md | 10 + .../gateway/v1alpha2/gateway.md | 568 ++++++ .../gateway/v1alpha2/gatewayClass.md | 269 +++ .../gateway/v1alpha2/grpcRoute.md | 1208 +++++++++++++ .../gateway/v1alpha2/httpRoute.md | 1498 ++++++++++++++++ .../gateway/v1alpha2/index.md | 16 + .../gateway/v1alpha2/referenceGrant.md | 314 ++++ .../gateway/v1alpha2/tcpRoute.md | 393 ++++ .../gateway/v1alpha2/tlsRoute.md | 413 +++++ .../gateway/v1alpha2/udpRoute.md | 393 ++++ .../gateway/v1beta1/gateway.md | 568 ++++++ .../gateway/v1beta1/gatewayClass.md | 269 +++ .../gateway/v1beta1/httpRoute.md | 1498 ++++++++++++++++ .../0.8-experimental/gateway/v1beta1/index.md | 12 + .../gateway/v1beta1/referenceGrant.md | 314 ++++ docs/1.0-experimental/README.md | 13 + docs/1.0-experimental/gateway/index.md | 11 + docs/1.0-experimental/gateway/v1/gateway.md | 613 +++++++ .../gateway/v1/gatewayClass.md | 269 +++ docs/1.0-experimental/gateway/v1/httpRoute.md | 1521 ++++++++++++++++ docs/1.0-experimental/gateway/v1/index.md | 11 + .../gateway/v1alpha2/backendTLSPolicy.md | 335 ++++ .../gateway/v1alpha2/grpcRoute.md | 1208 +++++++++++++ .../gateway/v1alpha2/index.md | 14 + .../gateway/v1alpha2/referenceGrant.md | 314 ++++ .../gateway/v1alpha2/tcpRoute.md | 393 ++++ .../gateway/v1alpha2/tlsRoute.md | 413 +++++ .../gateway/v1alpha2/udpRoute.md | 393 ++++ .../gateway/v1beta1/gateway.md | 613 +++++++ .../gateway/v1beta1/gatewayClass.md | 269 +++ .../gateway/v1beta1/httpRoute.md | 1521 ++++++++++++++++ .../1.0-experimental/gateway/v1beta1/index.md | 12 + .../gateway/v1beta1/referenceGrant.md | 314 ++++ docs/1.1-experimental/README.md | 13 + docs/1.1-experimental/gateway/index.md | 12 + docs/1.1-experimental/gateway/v1/gateway.md | 711 ++++++++ .../gateway/v1/gatewayClass.md | 269 +++ docs/1.1-experimental/gateway/v1/grpcRoute.md | 1263 +++++++++++++ docs/1.1-experimental/gateway/v1/httpRoute.md | 1576 +++++++++++++++++ docs/1.1-experimental/gateway/v1/index.md | 12 + .../gateway/v1alpha2/backendLBPolicy.md | 317 ++++ .../gateway/v1alpha2/grpcRoute.md | 1263 +++++++++++++ .../gateway/v1alpha2/index.md | 14 + .../gateway/v1alpha2/referenceGrant.md | 314 ++++ .../gateway/v1alpha2/tcpRoute.md | 393 ++++ .../gateway/v1alpha2/tlsRoute.md | 413 +++++ .../gateway/v1alpha2/udpRoute.md | 393 ++++ .../gateway/v1alpha3/backendTLSPolicy.md | 346 ++++ .../gateway/v1alpha3/index.md | 9 + .../gateway/v1beta1/gateway.md | 711 ++++++++ .../gateway/v1beta1/gatewayClass.md | 269 +++ .../gateway/v1beta1/httpRoute.md | 1576 +++++++++++++++++ .../1.1-experimental/gateway/v1beta1/index.md | 12 + .../gateway/v1beta1/referenceGrant.md | 314 ++++ docs/1.1/README.md | 13 + docs/1.1/gateway/index.md | 11 + docs/1.1/gateway/v1/gateway.md | 568 ++++++ docs/1.1/gateway/v1/gatewayClass.md | 269 +++ docs/1.1/gateway/v1/grpcRoute.md | 1208 +++++++++++++ docs/1.1/gateway/v1/httpRoute.md | 1498 ++++++++++++++++ docs/1.1/gateway/v1/index.md | 12 + docs/1.1/gateway/v1alpha2/grpcRoute.md | 1208 +++++++++++++ docs/1.1/gateway/v1alpha2/index.md | 10 + docs/1.1/gateway/v1alpha2/referenceGrant.md | 314 ++++ docs/1.1/gateway/v1beta1/gateway.md | 568 ++++++ docs/1.1/gateway/v1beta1/gatewayClass.md | 269 +++ docs/1.1/gateway/v1beta1/httpRoute.md | 1498 ++++++++++++++++ docs/1.1/gateway/v1beta1/index.md | 12 + docs/1.1/gateway/v1beta1/referenceGrant.md | 314 ++++ docs/README.md | 5 + 178 files changed, 52785 insertions(+) create mode 100644 0.7-experimental/_gen/gateway/main.libsonnet create mode 100644 0.7-experimental/_gen/gateway/v1alpha2/gateway.libsonnet create mode 100644 0.7-experimental/_gen/gateway/v1alpha2/gatewayClass.libsonnet create mode 100644 0.7-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet create mode 100644 0.7-experimental/_gen/gateway/v1alpha2/httpRoute.libsonnet create mode 100644 0.7-experimental/_gen/gateway/v1alpha2/main.libsonnet create mode 100644 0.7-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet create mode 100644 0.7-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet create mode 100644 0.7-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet create mode 100644 0.7-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet create mode 100644 0.7-experimental/_gen/gateway/v1beta1/gateway.libsonnet create mode 100644 0.7-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet create mode 100644 0.7-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet create mode 100644 0.7-experimental/_gen/gateway/v1beta1/main.libsonnet create mode 100644 0.7-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet create mode 100644 0.7-experimental/gen.libsonnet create mode 100644 0.7-experimental/main.libsonnet create mode 100644 0.8-experimental/_gen/gateway/main.libsonnet create mode 100644 0.8-experimental/_gen/gateway/v1alpha2/gateway.libsonnet create mode 100644 0.8-experimental/_gen/gateway/v1alpha2/gatewayClass.libsonnet create mode 100644 0.8-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet create mode 100644 0.8-experimental/_gen/gateway/v1alpha2/httpRoute.libsonnet create mode 100644 0.8-experimental/_gen/gateway/v1alpha2/main.libsonnet create mode 100644 0.8-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet create mode 100644 0.8-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet create mode 100644 0.8-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet create mode 100644 0.8-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet create mode 100644 0.8-experimental/_gen/gateway/v1beta1/gateway.libsonnet create mode 100644 0.8-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet create mode 100644 0.8-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet create mode 100644 0.8-experimental/_gen/gateway/v1beta1/main.libsonnet create mode 100644 0.8-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet create mode 100644 0.8-experimental/gen.libsonnet create mode 100644 0.8-experimental/main.libsonnet create mode 100644 1.0-experimental/_gen/gateway/main.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1/gateway.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1/gatewayClass.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1/httpRoute.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1/main.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1alpha2/backendTLSPolicy.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1alpha2/main.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1beta1/gateway.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1beta1/main.libsonnet create mode 100644 1.0-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet create mode 100644 1.0-experimental/gen.libsonnet create mode 100644 1.0-experimental/main.libsonnet create mode 100644 1.1-experimental/_gen/gateway/main.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1/gateway.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1/gatewayClass.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1/grpcRoute.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1/httpRoute.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1/main.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1alpha2/backendLBPolicy.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1alpha2/main.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1alpha3/backendTLSPolicy.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1alpha3/main.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1beta1/gateway.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1beta1/main.libsonnet create mode 100644 1.1-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet create mode 100644 1.1-experimental/gen.libsonnet create mode 100644 1.1-experimental/main.libsonnet create mode 100644 1.1/_gen/gateway/main.libsonnet create mode 100644 1.1/_gen/gateway/v1/gateway.libsonnet create mode 100644 1.1/_gen/gateway/v1/gatewayClass.libsonnet create mode 100644 1.1/_gen/gateway/v1/grpcRoute.libsonnet create mode 100644 1.1/_gen/gateway/v1/httpRoute.libsonnet create mode 100644 1.1/_gen/gateway/v1/main.libsonnet create mode 100644 1.1/_gen/gateway/v1alpha2/grpcRoute.libsonnet create mode 100644 1.1/_gen/gateway/v1alpha2/main.libsonnet create mode 100644 1.1/_gen/gateway/v1alpha2/referenceGrant.libsonnet create mode 100644 1.1/_gen/gateway/v1beta1/gateway.libsonnet create mode 100644 1.1/_gen/gateway/v1beta1/gatewayClass.libsonnet create mode 100644 1.1/_gen/gateway/v1beta1/httpRoute.libsonnet create mode 100644 1.1/_gen/gateway/v1beta1/main.libsonnet create mode 100644 1.1/_gen/gateway/v1beta1/referenceGrant.libsonnet create mode 100644 1.1/gen.libsonnet create mode 100644 1.1/main.libsonnet create mode 100644 docs/0.7-experimental/README.md create mode 100644 docs/0.7-experimental/gateway/index.md create mode 100644 docs/0.7-experimental/gateway/v1alpha2/gateway.md create mode 100644 docs/0.7-experimental/gateway/v1alpha2/gatewayClass.md create mode 100644 docs/0.7-experimental/gateway/v1alpha2/grpcRoute.md create mode 100644 docs/0.7-experimental/gateway/v1alpha2/httpRoute.md create mode 100644 docs/0.7-experimental/gateway/v1alpha2/index.md create mode 100644 docs/0.7-experimental/gateway/v1alpha2/referenceGrant.md create mode 100644 docs/0.7-experimental/gateway/v1alpha2/tcpRoute.md create mode 100644 docs/0.7-experimental/gateway/v1alpha2/tlsRoute.md create mode 100644 docs/0.7-experimental/gateway/v1alpha2/udpRoute.md create mode 100644 docs/0.7-experimental/gateway/v1beta1/gateway.md create mode 100644 docs/0.7-experimental/gateway/v1beta1/gatewayClass.md create mode 100644 docs/0.7-experimental/gateway/v1beta1/httpRoute.md create mode 100644 docs/0.7-experimental/gateway/v1beta1/index.md create mode 100644 docs/0.7-experimental/gateway/v1beta1/referenceGrant.md create mode 100644 docs/0.8-experimental/README.md create mode 100644 docs/0.8-experimental/gateway/index.md create mode 100644 docs/0.8-experimental/gateway/v1alpha2/gateway.md create mode 100644 docs/0.8-experimental/gateway/v1alpha2/gatewayClass.md create mode 100644 docs/0.8-experimental/gateway/v1alpha2/grpcRoute.md create mode 100644 docs/0.8-experimental/gateway/v1alpha2/httpRoute.md create mode 100644 docs/0.8-experimental/gateway/v1alpha2/index.md create mode 100644 docs/0.8-experimental/gateway/v1alpha2/referenceGrant.md create mode 100644 docs/0.8-experimental/gateway/v1alpha2/tcpRoute.md create mode 100644 docs/0.8-experimental/gateway/v1alpha2/tlsRoute.md create mode 100644 docs/0.8-experimental/gateway/v1alpha2/udpRoute.md create mode 100644 docs/0.8-experimental/gateway/v1beta1/gateway.md create mode 100644 docs/0.8-experimental/gateway/v1beta1/gatewayClass.md create mode 100644 docs/0.8-experimental/gateway/v1beta1/httpRoute.md create mode 100644 docs/0.8-experimental/gateway/v1beta1/index.md create mode 100644 docs/0.8-experimental/gateway/v1beta1/referenceGrant.md create mode 100644 docs/1.0-experimental/README.md create mode 100644 docs/1.0-experimental/gateway/index.md create mode 100644 docs/1.0-experimental/gateway/v1/gateway.md create mode 100644 docs/1.0-experimental/gateway/v1/gatewayClass.md create mode 100644 docs/1.0-experimental/gateway/v1/httpRoute.md create mode 100644 docs/1.0-experimental/gateway/v1/index.md create mode 100644 docs/1.0-experimental/gateway/v1alpha2/backendTLSPolicy.md create mode 100644 docs/1.0-experimental/gateway/v1alpha2/grpcRoute.md create mode 100644 docs/1.0-experimental/gateway/v1alpha2/index.md create mode 100644 docs/1.0-experimental/gateway/v1alpha2/referenceGrant.md create mode 100644 docs/1.0-experimental/gateway/v1alpha2/tcpRoute.md create mode 100644 docs/1.0-experimental/gateway/v1alpha2/tlsRoute.md create mode 100644 docs/1.0-experimental/gateway/v1alpha2/udpRoute.md create mode 100644 docs/1.0-experimental/gateway/v1beta1/gateway.md create mode 100644 docs/1.0-experimental/gateway/v1beta1/gatewayClass.md create mode 100644 docs/1.0-experimental/gateway/v1beta1/httpRoute.md create mode 100644 docs/1.0-experimental/gateway/v1beta1/index.md create mode 100644 docs/1.0-experimental/gateway/v1beta1/referenceGrant.md create mode 100644 docs/1.1-experimental/README.md create mode 100644 docs/1.1-experimental/gateway/index.md create mode 100644 docs/1.1-experimental/gateway/v1/gateway.md create mode 100644 docs/1.1-experimental/gateway/v1/gatewayClass.md create mode 100644 docs/1.1-experimental/gateway/v1/grpcRoute.md create mode 100644 docs/1.1-experimental/gateway/v1/httpRoute.md create mode 100644 docs/1.1-experimental/gateway/v1/index.md create mode 100644 docs/1.1-experimental/gateway/v1alpha2/backendLBPolicy.md create mode 100644 docs/1.1-experimental/gateway/v1alpha2/grpcRoute.md create mode 100644 docs/1.1-experimental/gateway/v1alpha2/index.md create mode 100644 docs/1.1-experimental/gateway/v1alpha2/referenceGrant.md create mode 100644 docs/1.1-experimental/gateway/v1alpha2/tcpRoute.md create mode 100644 docs/1.1-experimental/gateway/v1alpha2/tlsRoute.md create mode 100644 docs/1.1-experimental/gateway/v1alpha2/udpRoute.md create mode 100644 docs/1.1-experimental/gateway/v1alpha3/backendTLSPolicy.md create mode 100644 docs/1.1-experimental/gateway/v1alpha3/index.md create mode 100644 docs/1.1-experimental/gateway/v1beta1/gateway.md create mode 100644 docs/1.1-experimental/gateway/v1beta1/gatewayClass.md create mode 100644 docs/1.1-experimental/gateway/v1beta1/httpRoute.md create mode 100644 docs/1.1-experimental/gateway/v1beta1/index.md create mode 100644 docs/1.1-experimental/gateway/v1beta1/referenceGrant.md create mode 100644 docs/1.1/README.md create mode 100644 docs/1.1/gateway/index.md create mode 100644 docs/1.1/gateway/v1/gateway.md create mode 100644 docs/1.1/gateway/v1/gatewayClass.md create mode 100644 docs/1.1/gateway/v1/grpcRoute.md create mode 100644 docs/1.1/gateway/v1/httpRoute.md create mode 100644 docs/1.1/gateway/v1/index.md create mode 100644 docs/1.1/gateway/v1alpha2/grpcRoute.md create mode 100644 docs/1.1/gateway/v1alpha2/index.md create mode 100644 docs/1.1/gateway/v1alpha2/referenceGrant.md create mode 100644 docs/1.1/gateway/v1beta1/gateway.md create mode 100644 docs/1.1/gateway/v1beta1/gatewayClass.md create mode 100644 docs/1.1/gateway/v1beta1/httpRoute.md create mode 100644 docs/1.1/gateway/v1beta1/index.md create mode 100644 docs/1.1/gateway/v1beta1/referenceGrant.md diff --git a/0.7-experimental/_gen/gateway/main.libsonnet b/0.7-experimental/_gen/gateway/main.libsonnet new file mode 100644 index 0000000..c4aac5d --- /dev/null +++ b/0.7-experimental/_gen/gateway/main.libsonnet @@ -0,0 +1,6 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help=''), + v1alpha2: (import 'v1alpha2/main.libsonnet'), + v1beta1: (import 'v1beta1/main.libsonnet'), +} diff --git a/0.7-experimental/_gen/gateway/v1alpha2/gateway.libsonnet b/0.7-experimental/_gen/gateway/v1alpha2/gateway.libsonnet new file mode 100644 index 0000000..a9e040f --- /dev/null +++ b/0.7-experimental/_gen/gateway/v1alpha2/gateway.libsonnet @@ -0,0 +1,148 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help='"Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of Gateway', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'Gateway', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of Gateway."'), + spec: { + '#addresses':: d.obj(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended"'), + addresses: { + '#withType':: d.fn(help='"Type of the address."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value of the address. The validity of the values will depend on the type and support by the controller. \\n Examples: `1.2.3.4`, `128::1`, `my-ip-address`."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#listeners':: d.obj(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \\n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \\\"compatible\\\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \\n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \\n 1. Either each Listener within the group specifies the \\\"HTTP\\\" Protocol or each Listener within the group specifies either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol. \\n 2. Each Listener within the group specifies a Hostname that is unique within the group. \\n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \\n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \\n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \\\"Conflicted\\\" condition in the Listener status. \\n Support: Core\""), + listeners: { + '#allowedRoutes':: d.obj(help='"AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present. \\n Although a client request may match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria: \\n * The most specific match as defined by the Route type. * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \\"2020-09-08 01:02:03\\" is given precedence over a Route with a creation timestamp of \\"2020-09-08 01:02:04\\". * If everything else is equivalent, the Route appearing first in alphabetical order (namespace/name) should be given precedence. For example, foo/bar is given precedence over foo/baz. \\n All valid rules within a Route attached to this Listener should be implemented. Invalid Route rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from valid to invalid, support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported. \\n Support: Core"'), + allowedRoutes: { + '#kinds':: d.obj(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\""), + kinds: { + '#withGroup':: d.fn(help='"Group is the group of the Route."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the Route."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + }, + '#namespaces':: d.obj(help='"Namespaces indicates namespaces from which Routes may be attached to this Listener. This is restricted to the namespace of this Gateway by default. \\n Support: Core"'), + namespaces: { + '#selector':: d.obj(help='"Selector must be specified when From is set to \\"Selector\\". In that case, only Routes in Namespaces matching this Selector will be selected by this Gateway. This field is ignored for other values of \\"From\\". \\n Support: Core"'), + selector: { + '#matchExpressions':: d.obj(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."'), + matchExpressions: { + '#withKey':: d.fn(help='"key is the label key that the selector applies to."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withOperator':: d.fn(help="\"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\"", args=[d.arg(name='operator', type=d.T.string)]), + withOperator(operator): { operator: operator }, + '#withValues':: d.fn(help='"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."', args=[d.arg(name='values', type=d.T.array)]), + withValues(values): { values: if std.isArray(v=values) then values else [values] }, + '#withValuesMixin':: d.fn(help='"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='values', type=d.T.array)]), + withValuesMixin(values): { values+: if std.isArray(v=values) then values else [values] }, + }, + '#withMatchExpressions':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressions(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchExpressionsMixin':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressionsMixin(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions+: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchLabels':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \\"key\\", the operator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabels(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels: matchLabels } } } }, + '#withMatchLabelsMixin':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \\"key\\", the operator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabelsMixin(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels+: matchLabels } } } }, + }, + '#withFrom':: d.fn(help='"From indicates where Routes will be selected for this Gateway. Possible values are: * All: Routes in all namespaces may be used by this Gateway. * Selector: Routes in namespaces selected by the selector may be used by this Gateway. * Same: Only Routes in the same namespace may be used by this Gateway. \\n Support: Core"', args=[d.arg(name='from', type=d.T.string)]), + withFrom(from): { allowedRoutes+: { namespaces+: { from: from } } }, + }, + '#withKinds':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\"", args=[d.arg(name='kinds', type=d.T.array)]), + withKinds(kinds): { allowedRoutes+: { kinds: if std.isArray(v=kinds) then kinds else [kinds] } }, + '#withKindsMixin':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='kinds', type=d.T.array)]), + withKindsMixin(kinds): { allowedRoutes+: { kinds+: if std.isArray(v=kinds) then kinds else [kinds] } }, + }, + '#tls':: d.obj(help='"TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \\"HTTPS\\" or \\"TLS\\". It is invalid to set this field if the Protocol field is \\"HTTP\\", \\"TCP\\", or \\"UDP\\". \\n The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener. \\n The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. \\n Support: Core"'), + tls: { + '#certificateRefs':: d.obj(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"'), + certificateRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"Secret\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#withCertificateRefs':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefs(certificateRefs): { tls+: { certificateRefs: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withCertificateRefsMixin':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefsMixin(certificateRefs): { tls+: { certificateRefs+: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withMode':: d.fn(help="\"Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: \\n - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificateRefs to be set and contain at least one element. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRefs field is ignored in this mode. \\n Support: Core\"", args=[d.arg(name='mode', type=d.T.string)]), + withMode(mode): { tls+: { mode: mode } }, + '#withOptions':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \\n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \\n Support: Implementation-specific"', args=[d.arg(name='options', type=d.T.object)]), + withOptions(options): { tls+: { options: options } }, + '#withOptionsMixin':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \\n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \\n Support: Implementation-specific"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='options', type=d.T.object)]), + withOptionsMixin(options): { tls+: { options+: options } }, + }, + '#withHostname':: d.fn(help="\"Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. This field is ignored for protocols that don't require hostname based matching. \\n Implementations MUST apply Hostname matching appropriately for each of the following protocols: \\n * TLS: The Listener Hostname MUST match the SNI. * HTTP: The Listener Hostname MUST match the Host header of the request. * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP protocol layers as described above. If an implementation does not ensure that both the SNI and Host header match the Listener hostname, it MUST clearly document that. \\n For HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` array. When both listener and route specify hostnames, there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n Support: Core\"", args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { hostname: hostname }, + '#withName':: d.fn(help='"Name is the name of the Listener. This name MUST be unique within a Gateway. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withPort':: d.fn(help='"Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. \\n Support: Core"', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withProtocol':: d.fn(help='"Protocol specifies the network protocol this listener expects to receive. \\n Support: Core"', args=[d.arg(name='protocol', type=d.T.string)]), + withProtocol(protocol): { protocol: protocol }, + }, + '#withAddresses':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended"', args=[d.arg(name='addresses', type=d.T.array)]), + withAddresses(addresses): { spec+: { addresses: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withAddressesMixin':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='addresses', type=d.T.array)]), + withAddressesMixin(addresses): { spec+: { addresses+: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withGatewayClassName':: d.fn(help='"GatewayClassName used for this Gateway. This is the name of a GatewayClass resource."', args=[d.arg(name='gatewayClassName', type=d.T.string)]), + withGatewayClassName(gatewayClassName): { spec+: { gatewayClassName: gatewayClassName } }, + '#withListeners':: d.fn(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \\n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \\\"compatible\\\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \\n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \\n 1. Either each Listener within the group specifies the \\\"HTTP\\\" Protocol or each Listener within the group specifies either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol. \\n 2. Each Listener within the group specifies a Hostname that is unique within the group. \\n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \\n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \\n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \\\"Conflicted\\\" condition in the Listener status. \\n Support: Core\"", args=[d.arg(name='listeners', type=d.T.array)]), + withListeners(listeners): { spec+: { listeners: if std.isArray(v=listeners) then listeners else [listeners] } }, + '#withListenersMixin':: d.fn(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \\n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \\\"compatible\\\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \\n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \\n 1. Either each Listener within the group specifies the \\\"HTTP\\\" Protocol or each Listener within the group specifies either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol. \\n 2. Each Listener within the group specifies a Hostname that is unique within the group. \\n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \\n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \\n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \\\"Conflicted\\\" condition in the Listener status. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='listeners', type=d.T.array)]), + withListenersMixin(listeners): { spec+: { listeners+: if std.isArray(v=listeners) then listeners else [listeners] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.7-experimental/_gen/gateway/v1alpha2/gatewayClass.libsonnet b/0.7-experimental/_gen/gateway/v1alpha2/gatewayClass.libsonnet new file mode 100644 index 0000000..2e9f2f6 --- /dev/null +++ b/0.7-experimental/_gen/gateway/v1alpha2/gatewayClass.libsonnet @@ -0,0 +1,72 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gatewayClass', url='', help='"GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \\n It is recommended that this resource be used as a template for Gateways. This means that a Gateway is based on the state of the GatewayClass at the time it was created and changes to the GatewayClass or associated parameters are not propagated down to existing Gateways. This recommendation is intended to limit the blast radius of changes to GatewayClass or associated parameters. If implementations choose to propagate GatewayClass changes to existing Gateways, that MUST be clearly documented by the implementation. \\n Whenever one or more Gateways are using a GatewayClass, implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the associated GatewayClass. This ensures that a GatewayClass associated with a Gateway is not deleted while in use. \\n GatewayClass is a Cluster level resource."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GatewayClass', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'GatewayClass', + } + self.metadata.withName(name=name) + self.metadata.withAnnotations(annotations={ + 'tanka.dev/namespaced': 'false', + }), + '#spec':: d.obj(help='"Spec defines the desired state of GatewayClass."'), + spec: { + '#parametersRef':: d.obj(help="\"ParametersRef is a reference to a resource that contains the configuration parameters corresponding to the GatewayClass. This is optional if the controller does not require any additional configuration. \\n ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, or an implementation-specific custom resource. The resource can be cluster-scoped or namespace-scoped. \\n If the referent cannot be found, the GatewayClass's \\\"InvalidParameters\\\" status condition will be true. \\n Support: Implementation-specific\""), + parametersRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { spec+: { parametersRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is kind of the referent."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { spec+: { parametersRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { parametersRef+: { name: name } } }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. This field is required when referring to a Namespace-scoped resource and MUST be unset when referring to a Cluster-scoped resource."', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { parametersRef+: { namespace: namespace } } }, + }, + '#withControllerName':: d.fn(help='"ControllerName is the name of the controller that is managing Gateways of this class. The value of this field MUST be a domain prefixed path. \\n Example: \\"example.net/gateway-controller\\". \\n This field is not mutable and cannot be empty. \\n Support: Core"', args=[d.arg(name='controllerName', type=d.T.string)]), + withControllerName(controllerName): { spec+: { controllerName: controllerName } }, + '#withDescription':: d.fn(help='"Description helps describe a GatewayClass with more details."', args=[d.arg(name='description', type=d.T.string)]), + withDescription(description): { spec+: { description: description } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.7-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet b/0.7-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet new file mode 100644 index 0000000..c54a279 --- /dev/null +++ b/0.7-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet @@ -0,0 +1,317 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='grpcRoute', url='', help='"GRPCRoute provides a way to route gRPC requests. This includes the capability to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. Filters can be used to specify additional processing steps. Backends specify where matching requests will be routed. \\n GRPCRoute falls under extended support within the Gateway API. Within the following specification, the word \\"MUST\\" indicates that an implementation supporting GRPCRoute must conform to the indicated requirement, but an implementation not supporting this route type need not follow the requirement unless explicitly indicated. \\n Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via ALPN. If the implementation does not support this, then it MUST set the \\"Accepted\\" condition to \\"False\\" for the affected listener with a reason of \\"UnsupportedProtocol\\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1. \\n Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST support HTTP/2 over cleartext TCP (h2c, https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial upgrade from HTTP/1.1, i.e. with prior knowledge (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation does not support this, then it MUST set the \\"Accepted\\" condition to \\"False\\" for the affected listener with a reason of \\"UnsupportedProtocol\\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1, i.e. without prior knowledge. \\n Support: Extended"'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GRPCRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'GRPCRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of GRPCRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n Support: Core (Gateway) \\n Support: Implementation-specific (Other Resources)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \u003cgateway:experimental\u003e\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of GRPC matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \\n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \\n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n Support: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations supporting GRPCRoute MUST support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n "', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying a core filter multiple times has unspecified or implementation-specific conformance. Support: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n Support: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations supporting GRPCRoute MUST support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n "', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \\n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \\n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \\n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \\n If no matches are specified, the implementation MUST match every gRPC request. \\n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria."'), + matches: { + '#headers':: d.obj(help='"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the gRPC Header to be matched. \\n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help='"Type specifies how to match against the value of the header."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of the gRPC Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#method':: d.obj(help='"Method specifies a gRPC request service/method matcher. If this field is not specified, all services and methods will match."'), + method: { + '#withMethod':: d.fn(help='"Value of the method to match against. If left empty or omitted, will match all services. \\n At least one of Service and Method MUST be a non-empty string."', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method+: { method: method } }, + '#withService':: d.fn(help='"Value of the service to match against. If left empty or omitted, will match any service. \\n At least one of Service and Method MUST be a non-empty string."', args=[d.arg(name='service', type=d.T.string)]), + withService(service): { method+: { service: service } }, + '#withType':: d.fn(help='"Type specifies how to match against the service and/or method. Support: Core (Exact with service and method specified) \\n Support: Implementation-specific (Exact with method specified but no service specified) \\n Support: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { method+: { type: type } }, + }, + '#withHeaders':: d.fn(help='"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \\n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \\n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \\n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \\n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying a core filter multiple times has unspecified or implementation-specific conformance. Support: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying a core filter multiple times has unspecified or implementation-specific conformance. Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \\n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \\n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \\n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \\n If no matches are specified, the implementation MUST match every gRPC request. \\n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \\n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \\n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \\n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \\n If no matches are specified, the implementation MUST match every gRPC request. \\n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. \\n If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the GRPCRoute specified `test.example.com` and `test.example.net`, `test.example.net` MUST NOT be considered for a match. \\n If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\\"{namespace}/{name}\\\". \\n The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. \\n Support: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. \\n If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the GRPCRoute specified `test.example.com` and `test.example.net`, `test.example.net` MUST NOT be considered for a match. \\n If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\\"{namespace}/{name}\\\". \\n The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of GRPC matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of GRPC matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.7-experimental/_gen/gateway/v1alpha2/httpRoute.libsonnet b/0.7-experimental/_gen/gateway/v1alpha2/httpRoute.libsonnet new file mode 100644 index 0000000..be6484f --- /dev/null +++ b/0.7-experimental/_gen/gateway/v1alpha2/httpRoute.libsonnet @@ -0,0 +1,398 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='httpRoute', url='', help='"HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of HTTPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'HTTPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of HTTPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n Support: Core (Gateway) \\n Support: Implementation-specific (Other Resources)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \u003cgateway:experimental\u003e\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of HTTP matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n Support: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \\n Support: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" would be modified to \\"/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \\n Support: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location` header in the response. \\n If no port is specified, the redirect port MUST be derived using the following rules: \\n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \\\"http\\\" to port 80 and \\\"https\\\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \\n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \\n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \\n Support: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \\n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding. \\n Support: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" would be modified to \\"/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during forwarding. \\n Support: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations must support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying a core filter multiple times has unspecified or implementation-specific conformance. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \\n Support: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n Support: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \\n Support: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" would be modified to \\"/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \\n Support: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location` header in the response. \\n If no port is specified, the redirect port MUST be derived using the following rules: \\n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \\\"http\\\" to port 80 and \\\"https\\\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \\n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \\n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \\n Support: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \\n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding. \\n Support: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" would be modified to \\"/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during forwarding. \\n Support: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations must support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."'), + matches: { + '#headers':: d.obj(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent. \\n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \\"Set-Cookie\\"."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the header. \\n Support: Core (Exact) \\n Support: Implementation-specific (RegularExpression) \\n Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#path':: d.obj(help='"Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the \\"/\\" path is provided."'), + path: { + '#withType':: d.fn(help='"Type specifies how to match against the path Value. \\n Support: Core (Exact, PathPrefix) \\n Support: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { path+: { type: type } }, + '#withValue':: d.fn(help='"Value of the HTTP path to match against."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { path+: { value: value } }, + }, + '#queryParams':: d.obj(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"'), + queryParams: { + '#withName':: d.fn(help='"Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). \\n If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. \\n If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is *recommended* that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. \\n Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the query parameter. \\n Support: Extended (Exact) \\n Support: Implementation-specific (RegularExpression) \\n Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP query param to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withHeaders':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + '#withMethod':: d.fn(help='"Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \\n Support: Extended"', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method: method }, + '#withQueryParams':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParams(queryParams): { queryParams: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + '#withQueryParamsMixin':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParamsMixin(queryParams): { queryParams+: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying a core filter multiple times has unspecified or implementation-specific conformance. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \\n Support: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying a core filter multiple times has unspecified or implementation-specific conformance. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match. \\n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \\n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \\n Support: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match. \\n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \\n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.7-experimental/_gen/gateway/v1alpha2/main.libsonnet b/0.7-experimental/_gen/gateway/v1alpha2/main.libsonnet new file mode 100644 index 0000000..e41116d --- /dev/null +++ b/0.7-experimental/_gen/gateway/v1alpha2/main.libsonnet @@ -0,0 +1,12 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1alpha2', url='', help=''), + gateway: (import 'gateway.libsonnet'), + gatewayClass: (import 'gatewayClass.libsonnet'), + grpcRoute: (import 'grpcRoute.libsonnet'), + httpRoute: (import 'httpRoute.libsonnet'), + referenceGrant: (import 'referenceGrant.libsonnet'), + tcpRoute: (import 'tcpRoute.libsonnet'), + tlsRoute: (import 'tlsRoute.libsonnet'), + udpRoute: (import 'udpRoute.libsonnet'), +} diff --git a/0.7-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet b/0.7-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet new file mode 100644 index 0000000..2443604 --- /dev/null +++ b/0.7-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet @@ -0,0 +1,81 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='referenceGrant', url='', help='"ReferenceGrant identifies kinds of resources in other namespaces that are trusted to reference the specified kinds of resources in the same namespace as the policy. \\n Each ReferenceGrant can be used to represent a unique trust relationship. Additional Reference Grants can be used to add to the set of trusted sources of inbound references for the namespace they are defined within. \\n All cross-namespace references in Gateway API (with the exception of cross-namespace Gateway-route attachment) require a ReferenceGrant. \\n ReferenceGrant is a form of runtime verification allowing users to assert which cross-namespace object references are permitted. Implementations that support ReferenceGrant MUST NOT permit cross-namespace references which have no grant, and MUST respond to the removal of a grant by revoking the access that the grant allowed. \\n Support: Core"'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of ReferenceGrant', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'ReferenceGrant', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of ReferenceGrant."'), + spec: { + '#from':: d.obj(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"'), + from: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \\"Core\\" support level for this field. \\n When used to permit a SecretObjectReference: \\n * Gateway \\n When used to permit a BackendObjectReference: \\n * GRPCRoute * HTTPRoute * TCPRoute * TLSRoute * UDPRoute"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#to':: d.obj(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"'), + to: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \\"Core\\" support level for this field: \\n * Secret when used to permit a SecretObjectReference * Service when used to permit a BackendObjectReference"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. When unspecified, this policy refers to all resources of the specified Group and Kind in the local namespace."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withFrom':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"', args=[d.arg(name='from', type=d.T.array)]), + withFrom(from): { spec+: { from: if std.isArray(v=from) then from else [from] } }, + '#withFromMixin':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='from', type=d.T.array)]), + withFromMixin(from): { spec+: { from+: if std.isArray(v=from) then from else [from] } }, + '#withTo':: d.fn(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"', args=[d.arg(name='to', type=d.T.array)]), + withTo(to): { spec+: { to: if std.isArray(v=to) then to else [to] } }, + '#withToMixin':: d.fn(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='to', type=d.T.array)]), + withToMixin(to): { spec+: { to+: if std.isArray(v=to) then to else [to] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.7-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet b/0.7-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet new file mode 100644 index 0000000..ef03961 --- /dev/null +++ b/0.7-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet @@ -0,0 +1,100 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='tcpRoute', url='', help='"TCPRoute provides a way to route TCP requests. When combined with a Gateway listener, it can be used to forward connections on the port specified by the listener to a set of backends specified by the TCPRoute."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of TCPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'TCPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of TCPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n Support: Core (Gateway) \\n Support: Implementation-specific (Other Resources)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \u003cgateway:experimental\u003e\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of TCP matchers and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"'), + backendRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of TCP matchers and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of TCP matchers and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.7-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet b/0.7-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet new file mode 100644 index 0000000..5984cfa --- /dev/null +++ b/0.7-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet @@ -0,0 +1,104 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='tlsRoute', url='', help='"The TLSRoute resource is similar to TCPRoute, but can be configured to match against TLS-specific metadata. This allows more flexibility in matching streams for a given TLS listener. \\n If you need to forward traffic to a single target for a TLS listener, you could choose to use a TCPRoute with a TLS listener."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of TLSRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'TLSRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of TLSRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n Support: Core (Gateway) \\n Support: Implementation-specific (Other Resources)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \u003cgateway:experimental\u003e\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of TLS matchers and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"'), + backendRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed in SNI names per RFC 6066. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and TLSRoute, there must be at least one intersecting hostname for the TLSRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \\n If both the Listener and TLSRoute have specified hostnames, any TLSRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the TLSRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and TLSRoute have specified hostnames, and none match with the criteria above, then the TLSRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n Support: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed in SNI names per RFC 6066. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and TLSRoute, there must be at least one intersecting hostname for the TLSRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \\n If both the Listener and TLSRoute have specified hostnames, any TLSRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the TLSRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and TLSRoute have specified hostnames, and none match with the criteria above, then the TLSRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of TLS matchers and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of TLS matchers and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.7-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet b/0.7-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet new file mode 100644 index 0000000..599bfe8 --- /dev/null +++ b/0.7-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet @@ -0,0 +1,100 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='udpRoute', url='', help='"UDPRoute provides a way to route UDP traffic. When combined with a Gateway listener, it can be used to forward traffic on the port specified by the listener to a set of backends specified by the UDPRoute."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of UDPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'UDPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of UDPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n Support: Core (Gateway) \\n Support: Implementation-specific (Other Resources)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \u003cgateway:experimental\u003e\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of UDP matchers and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"'), + backendRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of UDP matchers and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of UDP matchers and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.7-experimental/_gen/gateway/v1beta1/gateway.libsonnet b/0.7-experimental/_gen/gateway/v1beta1/gateway.libsonnet new file mode 100644 index 0000000..2473e49 --- /dev/null +++ b/0.7-experimental/_gen/gateway/v1beta1/gateway.libsonnet @@ -0,0 +1,148 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help='"Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of Gateway', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'Gateway', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of Gateway."'), + spec: { + '#addresses':: d.obj(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended"'), + addresses: { + '#withType':: d.fn(help='"Type of the address."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value of the address. The validity of the values will depend on the type and support by the controller. \\n Examples: `1.2.3.4`, `128::1`, `my-ip-address`."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#listeners':: d.obj(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \\n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \\\"compatible\\\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \\n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \\n 1. Either each Listener within the group specifies the \\\"HTTP\\\" Protocol or each Listener within the group specifies either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol. \\n 2. Each Listener within the group specifies a Hostname that is unique within the group. \\n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \\n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \\n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \\\"Conflicted\\\" condition in the Listener status. \\n Support: Core\""), + listeners: { + '#allowedRoutes':: d.obj(help='"AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present. \\n Although a client request may match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria: \\n * The most specific match as defined by the Route type. * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \\"2020-09-08 01:02:03\\" is given precedence over a Route with a creation timestamp of \\"2020-09-08 01:02:04\\". * If everything else is equivalent, the Route appearing first in alphabetical order (namespace/name) should be given precedence. For example, foo/bar is given precedence over foo/baz. \\n All valid rules within a Route attached to this Listener should be implemented. Invalid Route rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from valid to invalid, support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported. \\n Support: Core"'), + allowedRoutes: { + '#kinds':: d.obj(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\""), + kinds: { + '#withGroup':: d.fn(help='"Group is the group of the Route."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the Route."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + }, + '#namespaces':: d.obj(help='"Namespaces indicates namespaces from which Routes may be attached to this Listener. This is restricted to the namespace of this Gateway by default. \\n Support: Core"'), + namespaces: { + '#selector':: d.obj(help='"Selector must be specified when From is set to \\"Selector\\". In that case, only Routes in Namespaces matching this Selector will be selected by this Gateway. This field is ignored for other values of \\"From\\". \\n Support: Core"'), + selector: { + '#matchExpressions':: d.obj(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."'), + matchExpressions: { + '#withKey':: d.fn(help='"key is the label key that the selector applies to."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withOperator':: d.fn(help="\"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\"", args=[d.arg(name='operator', type=d.T.string)]), + withOperator(operator): { operator: operator }, + '#withValues':: d.fn(help='"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."', args=[d.arg(name='values', type=d.T.array)]), + withValues(values): { values: if std.isArray(v=values) then values else [values] }, + '#withValuesMixin':: d.fn(help='"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='values', type=d.T.array)]), + withValuesMixin(values): { values+: if std.isArray(v=values) then values else [values] }, + }, + '#withMatchExpressions':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressions(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchExpressionsMixin':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressionsMixin(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions+: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchLabels':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \\"key\\", the operator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabels(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels: matchLabels } } } }, + '#withMatchLabelsMixin':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \\"key\\", the operator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabelsMixin(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels+: matchLabels } } } }, + }, + '#withFrom':: d.fn(help='"From indicates where Routes will be selected for this Gateway. Possible values are: * All: Routes in all namespaces may be used by this Gateway. * Selector: Routes in namespaces selected by the selector may be used by this Gateway. * Same: Only Routes in the same namespace may be used by this Gateway. \\n Support: Core"', args=[d.arg(name='from', type=d.T.string)]), + withFrom(from): { allowedRoutes+: { namespaces+: { from: from } } }, + }, + '#withKinds':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\"", args=[d.arg(name='kinds', type=d.T.array)]), + withKinds(kinds): { allowedRoutes+: { kinds: if std.isArray(v=kinds) then kinds else [kinds] } }, + '#withKindsMixin':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='kinds', type=d.T.array)]), + withKindsMixin(kinds): { allowedRoutes+: { kinds+: if std.isArray(v=kinds) then kinds else [kinds] } }, + }, + '#tls':: d.obj(help='"TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \\"HTTPS\\" or \\"TLS\\". It is invalid to set this field if the Protocol field is \\"HTTP\\", \\"TCP\\", or \\"UDP\\". \\n The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener. \\n The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. \\n Support: Core"'), + tls: { + '#certificateRefs':: d.obj(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"'), + certificateRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"Secret\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#withCertificateRefs':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefs(certificateRefs): { tls+: { certificateRefs: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withCertificateRefsMixin':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefsMixin(certificateRefs): { tls+: { certificateRefs+: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withMode':: d.fn(help="\"Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: \\n - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificateRefs to be set and contain at least one element. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRefs field is ignored in this mode. \\n Support: Core\"", args=[d.arg(name='mode', type=d.T.string)]), + withMode(mode): { tls+: { mode: mode } }, + '#withOptions':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \\n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \\n Support: Implementation-specific"', args=[d.arg(name='options', type=d.T.object)]), + withOptions(options): { tls+: { options: options } }, + '#withOptionsMixin':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \\n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \\n Support: Implementation-specific"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='options', type=d.T.object)]), + withOptionsMixin(options): { tls+: { options+: options } }, + }, + '#withHostname':: d.fn(help="\"Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. This field is ignored for protocols that don't require hostname based matching. \\n Implementations MUST apply Hostname matching appropriately for each of the following protocols: \\n * TLS: The Listener Hostname MUST match the SNI. * HTTP: The Listener Hostname MUST match the Host header of the request. * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP protocol layers as described above. If an implementation does not ensure that both the SNI and Host header match the Listener hostname, it MUST clearly document that. \\n For HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` array. When both listener and route specify hostnames, there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n Support: Core\"", args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { hostname: hostname }, + '#withName':: d.fn(help='"Name is the name of the Listener. This name MUST be unique within a Gateway. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withPort':: d.fn(help='"Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. \\n Support: Core"', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withProtocol':: d.fn(help='"Protocol specifies the network protocol this listener expects to receive. \\n Support: Core"', args=[d.arg(name='protocol', type=d.T.string)]), + withProtocol(protocol): { protocol: protocol }, + }, + '#withAddresses':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended"', args=[d.arg(name='addresses', type=d.T.array)]), + withAddresses(addresses): { spec+: { addresses: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withAddressesMixin':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='addresses', type=d.T.array)]), + withAddressesMixin(addresses): { spec+: { addresses+: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withGatewayClassName':: d.fn(help='"GatewayClassName used for this Gateway. This is the name of a GatewayClass resource."', args=[d.arg(name='gatewayClassName', type=d.T.string)]), + withGatewayClassName(gatewayClassName): { spec+: { gatewayClassName: gatewayClassName } }, + '#withListeners':: d.fn(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \\n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \\\"compatible\\\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \\n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \\n 1. Either each Listener within the group specifies the \\\"HTTP\\\" Protocol or each Listener within the group specifies either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol. \\n 2. Each Listener within the group specifies a Hostname that is unique within the group. \\n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \\n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \\n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \\\"Conflicted\\\" condition in the Listener status. \\n Support: Core\"", args=[d.arg(name='listeners', type=d.T.array)]), + withListeners(listeners): { spec+: { listeners: if std.isArray(v=listeners) then listeners else [listeners] } }, + '#withListenersMixin':: d.fn(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \\n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \\\"compatible\\\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \\n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \\n 1. Either each Listener within the group specifies the \\\"HTTP\\\" Protocol or each Listener within the group specifies either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol. \\n 2. Each Listener within the group specifies a Hostname that is unique within the group. \\n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \\n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \\n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \\\"Conflicted\\\" condition in the Listener status. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='listeners', type=d.T.array)]), + withListenersMixin(listeners): { spec+: { listeners+: if std.isArray(v=listeners) then listeners else [listeners] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.7-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet b/0.7-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet new file mode 100644 index 0000000..a819833 --- /dev/null +++ b/0.7-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet @@ -0,0 +1,72 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gatewayClass', url='', help='"GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \\n It is recommended that this resource be used as a template for Gateways. This means that a Gateway is based on the state of the GatewayClass at the time it was created and changes to the GatewayClass or associated parameters are not propagated down to existing Gateways. This recommendation is intended to limit the blast radius of changes to GatewayClass or associated parameters. If implementations choose to propagate GatewayClass changes to existing Gateways, that MUST be clearly documented by the implementation. \\n Whenever one or more Gateways are using a GatewayClass, implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the associated GatewayClass. This ensures that a GatewayClass associated with a Gateway is not deleted while in use. \\n GatewayClass is a Cluster level resource."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GatewayClass', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'GatewayClass', + } + self.metadata.withName(name=name) + self.metadata.withAnnotations(annotations={ + 'tanka.dev/namespaced': 'false', + }), + '#spec':: d.obj(help='"Spec defines the desired state of GatewayClass."'), + spec: { + '#parametersRef':: d.obj(help="\"ParametersRef is a reference to a resource that contains the configuration parameters corresponding to the GatewayClass. This is optional if the controller does not require any additional configuration. \\n ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, or an implementation-specific custom resource. The resource can be cluster-scoped or namespace-scoped. \\n If the referent cannot be found, the GatewayClass's \\\"InvalidParameters\\\" status condition will be true. \\n Support: Implementation-specific\""), + parametersRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { spec+: { parametersRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is kind of the referent."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { spec+: { parametersRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { parametersRef+: { name: name } } }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. This field is required when referring to a Namespace-scoped resource and MUST be unset when referring to a Cluster-scoped resource."', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { parametersRef+: { namespace: namespace } } }, + }, + '#withControllerName':: d.fn(help='"ControllerName is the name of the controller that is managing Gateways of this class. The value of this field MUST be a domain prefixed path. \\n Example: \\"example.net/gateway-controller\\". \\n This field is not mutable and cannot be empty. \\n Support: Core"', args=[d.arg(name='controllerName', type=d.T.string)]), + withControllerName(controllerName): { spec+: { controllerName: controllerName } }, + '#withDescription':: d.fn(help='"Description helps describe a GatewayClass with more details."', args=[d.arg(name='description', type=d.T.string)]), + withDescription(description): { spec+: { description: description } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.7-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet b/0.7-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet new file mode 100644 index 0000000..80bf085 --- /dev/null +++ b/0.7-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet @@ -0,0 +1,398 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='httpRoute', url='', help='"HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of HTTPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'HTTPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of HTTPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n Support: Core (Gateway) \\n Support: Implementation-specific (Other Resources)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \u003cgateway:experimental\u003e\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of HTTP matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n Support: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \\n Support: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" would be modified to \\"/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \\n Support: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location` header in the response. \\n If no port is specified, the redirect port MUST be derived using the following rules: \\n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \\\"http\\\" to port 80 and \\\"https\\\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \\n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \\n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \\n Support: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \\n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding. \\n Support: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" would be modified to \\"/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during forwarding. \\n Support: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations must support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying a core filter multiple times has unspecified or implementation-specific conformance. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \\n Support: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n Support: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \\n Support: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" would be modified to \\"/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \\n Support: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location` header in the response. \\n If no port is specified, the redirect port MUST be derived using the following rules: \\n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \\\"http\\\" to port 80 and \\\"https\\\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \\n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \\n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \\n Support: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \\n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding. \\n Support: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" would be modified to \\"/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during forwarding. \\n Support: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations must support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."'), + matches: { + '#headers':: d.obj(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent. \\n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \\"Set-Cookie\\"."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the header. \\n Support: Core (Exact) \\n Support: Implementation-specific (RegularExpression) \\n Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#path':: d.obj(help='"Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the \\"/\\" path is provided."'), + path: { + '#withType':: d.fn(help='"Type specifies how to match against the path Value. \\n Support: Core (Exact, PathPrefix) \\n Support: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { path+: { type: type } }, + '#withValue':: d.fn(help='"Value of the HTTP path to match against."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { path+: { value: value } }, + }, + '#queryParams':: d.obj(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"'), + queryParams: { + '#withName':: d.fn(help='"Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). \\n If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. \\n If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is *recommended* that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. \\n Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the query parameter. \\n Support: Extended (Exact) \\n Support: Implementation-specific (RegularExpression) \\n Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP query param to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withHeaders':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + '#withMethod':: d.fn(help='"Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \\n Support: Extended"', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method: method }, + '#withQueryParams':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParams(queryParams): { queryParams: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + '#withQueryParamsMixin':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParamsMixin(queryParams): { queryParams+: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying a core filter multiple times has unspecified or implementation-specific conformance. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \\n Support: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying a core filter multiple times has unspecified or implementation-specific conformance. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match. \\n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \\n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \\n Support: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match. \\n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \\n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \\n The only kind of parent resource with \\"Core\\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.7-experimental/_gen/gateway/v1beta1/main.libsonnet b/0.7-experimental/_gen/gateway/v1beta1/main.libsonnet new file mode 100644 index 0000000..e6189e7 --- /dev/null +++ b/0.7-experimental/_gen/gateway/v1beta1/main.libsonnet @@ -0,0 +1,8 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1beta1', url='', help=''), + gateway: (import 'gateway.libsonnet'), + gatewayClass: (import 'gatewayClass.libsonnet'), + httpRoute: (import 'httpRoute.libsonnet'), + referenceGrant: (import 'referenceGrant.libsonnet'), +} diff --git a/0.7-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet b/0.7-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet new file mode 100644 index 0000000..ff2f629 --- /dev/null +++ b/0.7-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet @@ -0,0 +1,81 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='referenceGrant', url='', help='"ReferenceGrant identifies kinds of resources in other namespaces that are trusted to reference the specified kinds of resources in the same namespace as the policy. \\n Each ReferenceGrant can be used to represent a unique trust relationship. Additional Reference Grants can be used to add to the set of trusted sources of inbound references for the namespace they are defined within. \\n All cross-namespace references in Gateway API (with the exception of cross-namespace Gateway-route attachment) require a ReferenceGrant. \\n ReferenceGrant is a form of runtime verification allowing users to assert which cross-namespace object references are permitted. Implementations that support ReferenceGrant MUST NOT permit cross-namespace references which have no grant, and MUST respond to the removal of a grant by revoking the access that the grant allowed. \\n Support: Core"'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of ReferenceGrant', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'ReferenceGrant', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of ReferenceGrant."'), + spec: { + '#from':: d.obj(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"'), + from: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \\"Core\\" support level for this field. \\n When used to permit a SecretObjectReference: \\n * Gateway \\n When used to permit a BackendObjectReference: \\n * GRPCRoute * HTTPRoute * TCPRoute * TLSRoute * UDPRoute"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#to':: d.obj(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"'), + to: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \\"Core\\" support level for this field: \\n * Secret when used to permit a SecretObjectReference * Service when used to permit a BackendObjectReference"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. When unspecified, this policy refers to all resources of the specified Group and Kind in the local namespace."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withFrom':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"', args=[d.arg(name='from', type=d.T.array)]), + withFrom(from): { spec+: { from: if std.isArray(v=from) then from else [from] } }, + '#withFromMixin':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='from', type=d.T.array)]), + withFromMixin(from): { spec+: { from+: if std.isArray(v=from) then from else [from] } }, + '#withTo':: d.fn(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"', args=[d.arg(name='to', type=d.T.array)]), + withTo(to): { spec+: { to: if std.isArray(v=to) then to else [to] } }, + '#withToMixin':: d.fn(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='to', type=d.T.array)]), + withToMixin(to): { spec+: { to+: if std.isArray(v=to) then to else [to] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.7-experimental/gen.libsonnet b/0.7-experimental/gen.libsonnet new file mode 100644 index 0000000..d585bf6 --- /dev/null +++ b/0.7-experimental/gen.libsonnet @@ -0,0 +1,5 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway-api', url='github.com/jsonnet-libs/gateway-api-libsonnet/0.7-experimental/main.libsonnet', help=''), + gateway:: (import '_gen/gateway/main.libsonnet'), +} diff --git a/0.7-experimental/main.libsonnet b/0.7-experimental/main.libsonnet new file mode 100644 index 0000000..f5597a5 --- /dev/null +++ b/0.7-experimental/main.libsonnet @@ -0,0 +1 @@ +(import 'gen.libsonnet') diff --git a/0.8-experimental/_gen/gateway/main.libsonnet b/0.8-experimental/_gen/gateway/main.libsonnet new file mode 100644 index 0000000..c4aac5d --- /dev/null +++ b/0.8-experimental/_gen/gateway/main.libsonnet @@ -0,0 +1,6 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help=''), + v1alpha2: (import 'v1alpha2/main.libsonnet'), + v1beta1: (import 'v1beta1/main.libsonnet'), +} diff --git a/0.8-experimental/_gen/gateway/v1alpha2/gateway.libsonnet b/0.8-experimental/_gen/gateway/v1alpha2/gateway.libsonnet new file mode 100644 index 0000000..febe4dd --- /dev/null +++ b/0.8-experimental/_gen/gateway/v1alpha2/gateway.libsonnet @@ -0,0 +1,148 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help='"Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of Gateway', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'Gateway', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of Gateway."'), + spec: { + '#addresses':: d.obj(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended \\n "'), + addresses: { + '#withType':: d.fn(help='"Type of the address."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value of the address. The validity of the values will depend on the type and support by the controller. \\n Examples: `1.2.3.4`, `128::1`, `my-ip-address`."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#listeners':: d.obj(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \\n Within the HTTP Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \\n 1. Port: 80, Protocol: HTTP 2. Port: 443, Protocol: HTTPS \\n Within the TLS Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \\n 1. Port: 443, Protocol: TLS \\n Port and protocol combinations not listed above are considered Extended. \\n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \\\"compatible\\\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \\n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \\n 1. Either each Listener within the group specifies the \\\"HTTP\\\" Protocol or each Listener within the group specifies either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol. \\n 2. Each Listener within the group specifies a Hostname that is unique within the group. \\n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \\n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \\n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \\\"Conflicted\\\" condition in the Listener status. \\n Support: Core\""), + listeners: { + '#allowedRoutes':: d.obj(help='"AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present. \\n Although a client request may match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria: \\n * The most specific match as defined by the Route type. * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \\"2020-09-08 01:02:03\\" is given precedence over a Route with a creation timestamp of \\"2020-09-08 01:02:04\\". * If everything else is equivalent, the Route appearing first in alphabetical order (namespace/name) should be given precedence. For example, foo/bar is given precedence over foo/baz. \\n All valid rules within a Route attached to this Listener should be implemented. Invalid Route rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from valid to invalid, support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported. \\n Support: Core"'), + allowedRoutes: { + '#kinds':: d.obj(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\""), + kinds: { + '#withGroup':: d.fn(help='"Group is the group of the Route."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the Route."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + }, + '#namespaces':: d.obj(help='"Namespaces indicates namespaces from which Routes may be attached to this Listener. This is restricted to the namespace of this Gateway by default. \\n Support: Core"'), + namespaces: { + '#selector':: d.obj(help='"Selector must be specified when From is set to \\"Selector\\". In that case, only Routes in Namespaces matching this Selector will be selected by this Gateway. This field is ignored for other values of \\"From\\". \\n Support: Core"'), + selector: { + '#matchExpressions':: d.obj(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."'), + matchExpressions: { + '#withKey':: d.fn(help='"key is the label key that the selector applies to."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withOperator':: d.fn(help="\"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\"", args=[d.arg(name='operator', type=d.T.string)]), + withOperator(operator): { operator: operator }, + '#withValues':: d.fn(help='"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."', args=[d.arg(name='values', type=d.T.array)]), + withValues(values): { values: if std.isArray(v=values) then values else [values] }, + '#withValuesMixin':: d.fn(help='"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='values', type=d.T.array)]), + withValuesMixin(values): { values+: if std.isArray(v=values) then values else [values] }, + }, + '#withMatchExpressions':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressions(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchExpressionsMixin':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressionsMixin(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions+: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchLabels':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \\"key\\", the operator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabels(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels: matchLabels } } } }, + '#withMatchLabelsMixin':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \\"key\\", the operator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabelsMixin(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels+: matchLabels } } } }, + }, + '#withFrom':: d.fn(help='"From indicates where Routes will be selected for this Gateway. Possible values are: \\n * All: Routes in all namespaces may be used by this Gateway. * Selector: Routes in namespaces selected by the selector may be used by this Gateway. * Same: Only Routes in the same namespace may be used by this Gateway. \\n Support: Core"', args=[d.arg(name='from', type=d.T.string)]), + withFrom(from): { allowedRoutes+: { namespaces+: { from: from } } }, + }, + '#withKinds':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\"", args=[d.arg(name='kinds', type=d.T.array)]), + withKinds(kinds): { allowedRoutes+: { kinds: if std.isArray(v=kinds) then kinds else [kinds] } }, + '#withKindsMixin':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='kinds', type=d.T.array)]), + withKindsMixin(kinds): { allowedRoutes+: { kinds+: if std.isArray(v=kinds) then kinds else [kinds] } }, + }, + '#tls':: d.obj(help='"TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \\"HTTPS\\" or \\"TLS\\". It is invalid to set this field if the Protocol field is \\"HTTP\\", \\"TCP\\", or \\"UDP\\". \\n The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener. \\n The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. \\n Support: Core"'), + tls: { + '#certificateRefs':: d.obj(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"'), + certificateRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"Secret\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#withCertificateRefs':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefs(certificateRefs): { tls+: { certificateRefs: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withCertificateRefsMixin':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefsMixin(certificateRefs): { tls+: { certificateRefs+: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withMode':: d.fn(help="\"Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: \\n - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificateRefs to be set and contain at least one element. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRefs field is ignored in this mode. \\n Support: Core\"", args=[d.arg(name='mode', type=d.T.string)]), + withMode(mode): { tls+: { mode: mode } }, + '#withOptions':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \\n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \\n Support: Implementation-specific"', args=[d.arg(name='options', type=d.T.object)]), + withOptions(options): { tls+: { options: options } }, + '#withOptionsMixin':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \\n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \\n Support: Implementation-specific"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='options', type=d.T.object)]), + withOptionsMixin(options): { tls+: { options+: options } }, + }, + '#withHostname':: d.fn(help="\"Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. This field is ignored for protocols that don't require hostname based matching. \\n Implementations MUST apply Hostname matching appropriately for each of the following protocols: \\n * TLS: The Listener Hostname MUST match the SNI. * HTTP: The Listener Hostname MUST match the Host header of the request. * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP protocol layers as described above. If an implementation does not ensure that both the SNI and Host header match the Listener hostname, it MUST clearly document that. \\n For HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` array. When both listener and route specify hostnames, there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n Support: Core\"", args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { hostname: hostname }, + '#withName':: d.fn(help='"Name is the name of the Listener. This name MUST be unique within a Gateway. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withPort':: d.fn(help='"Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. \\n Support: Core"', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withProtocol':: d.fn(help='"Protocol specifies the network protocol this listener expects to receive. \\n Support: Core"', args=[d.arg(name='protocol', type=d.T.string)]), + withProtocol(protocol): { protocol: protocol }, + }, + '#withAddresses':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended \\n "', args=[d.arg(name='addresses', type=d.T.array)]), + withAddresses(addresses): { spec+: { addresses: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withAddressesMixin':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='addresses', type=d.T.array)]), + withAddressesMixin(addresses): { spec+: { addresses+: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withGatewayClassName':: d.fn(help='"GatewayClassName used for this Gateway. This is the name of a GatewayClass resource."', args=[d.arg(name='gatewayClassName', type=d.T.string)]), + withGatewayClassName(gatewayClassName): { spec+: { gatewayClassName: gatewayClassName } }, + '#withListeners':: d.fn(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \\n Within the HTTP Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \\n 1. Port: 80, Protocol: HTTP 2. Port: 443, Protocol: HTTPS \\n Within the TLS Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \\n 1. Port: 443, Protocol: TLS \\n Port and protocol combinations not listed above are considered Extended. \\n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \\\"compatible\\\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \\n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \\n 1. Either each Listener within the group specifies the \\\"HTTP\\\" Protocol or each Listener within the group specifies either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol. \\n 2. Each Listener within the group specifies a Hostname that is unique within the group. \\n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \\n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \\n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \\\"Conflicted\\\" condition in the Listener status. \\n Support: Core\"", args=[d.arg(name='listeners', type=d.T.array)]), + withListeners(listeners): { spec+: { listeners: if std.isArray(v=listeners) then listeners else [listeners] } }, + '#withListenersMixin':: d.fn(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \\n Within the HTTP Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \\n 1. Port: 80, Protocol: HTTP 2. Port: 443, Protocol: HTTPS \\n Within the TLS Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \\n 1. Port: 443, Protocol: TLS \\n Port and protocol combinations not listed above are considered Extended. \\n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \\\"compatible\\\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \\n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \\n 1. Either each Listener within the group specifies the \\\"HTTP\\\" Protocol or each Listener within the group specifies either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol. \\n 2. Each Listener within the group specifies a Hostname that is unique within the group. \\n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \\n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \\n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \\\"Conflicted\\\" condition in the Listener status. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='listeners', type=d.T.array)]), + withListenersMixin(listeners): { spec+: { listeners+: if std.isArray(v=listeners) then listeners else [listeners] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.8-experimental/_gen/gateway/v1alpha2/gatewayClass.libsonnet b/0.8-experimental/_gen/gateway/v1alpha2/gatewayClass.libsonnet new file mode 100644 index 0000000..2e9f2f6 --- /dev/null +++ b/0.8-experimental/_gen/gateway/v1alpha2/gatewayClass.libsonnet @@ -0,0 +1,72 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gatewayClass', url='', help='"GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \\n It is recommended that this resource be used as a template for Gateways. This means that a Gateway is based on the state of the GatewayClass at the time it was created and changes to the GatewayClass or associated parameters are not propagated down to existing Gateways. This recommendation is intended to limit the blast radius of changes to GatewayClass or associated parameters. If implementations choose to propagate GatewayClass changes to existing Gateways, that MUST be clearly documented by the implementation. \\n Whenever one or more Gateways are using a GatewayClass, implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the associated GatewayClass. This ensures that a GatewayClass associated with a Gateway is not deleted while in use. \\n GatewayClass is a Cluster level resource."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GatewayClass', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'GatewayClass', + } + self.metadata.withName(name=name) + self.metadata.withAnnotations(annotations={ + 'tanka.dev/namespaced': 'false', + }), + '#spec':: d.obj(help='"Spec defines the desired state of GatewayClass."'), + spec: { + '#parametersRef':: d.obj(help="\"ParametersRef is a reference to a resource that contains the configuration parameters corresponding to the GatewayClass. This is optional if the controller does not require any additional configuration. \\n ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, or an implementation-specific custom resource. The resource can be cluster-scoped or namespace-scoped. \\n If the referent cannot be found, the GatewayClass's \\\"InvalidParameters\\\" status condition will be true. \\n Support: Implementation-specific\""), + parametersRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { spec+: { parametersRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is kind of the referent."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { spec+: { parametersRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { parametersRef+: { name: name } } }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. This field is required when referring to a Namespace-scoped resource and MUST be unset when referring to a Cluster-scoped resource."', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { parametersRef+: { namespace: namespace } } }, + }, + '#withControllerName':: d.fn(help='"ControllerName is the name of the controller that is managing Gateways of this class. The value of this field MUST be a domain prefixed path. \\n Example: \\"example.net/gateway-controller\\". \\n This field is not mutable and cannot be empty. \\n Support: Core"', args=[d.arg(name='controllerName', type=d.T.string)]), + withControllerName(controllerName): { spec+: { controllerName: controllerName } }, + '#withDescription':: d.fn(help='"Description helps describe a GatewayClass with more details."', args=[d.arg(name='description', type=d.T.string)]), + withDescription(description): { spec+: { description: description } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.8-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet b/0.8-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet new file mode 100644 index 0000000..c98faf5 --- /dev/null +++ b/0.8-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet @@ -0,0 +1,317 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='grpcRoute', url='', help='"GRPCRoute provides a way to route gRPC requests. This includes the capability to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. Filters can be used to specify additional processing steps. Backends specify where matching requests will be routed. \\n GRPCRoute falls under extended support within the Gateway API. Within the following specification, the word \\"MUST\\" indicates that an implementation supporting GRPCRoute must conform to the indicated requirement, but an implementation not supporting this route type need not follow the requirement unless explicitly indicated. \\n Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via ALPN. If the implementation does not support this, then it MUST set the \\"Accepted\\" condition to \\"False\\" for the affected listener with a reason of \\"UnsupportedProtocol\\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1. \\n Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST support HTTP/2 over cleartext TCP (h2c, https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial upgrade from HTTP/1.1, i.e. with prior knowledge (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation does not support this, then it MUST set the \\"Accepted\\" condition to \\"False\\" for the affected listener with a reason of \\"UnsupportedProtocol\\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1, i.e. without prior knowledge."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GRPCRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'GRPCRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of GRPCRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n Support for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of GRPC matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \\n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \\n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n Support: Implementation-specific \\n This filter can be used multiple times within the same rule."'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations supporting GRPCRoute MUST support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n "', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n Support: Implementation-specific \\n This filter can be used multiple times within the same rule."'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations supporting GRPCRoute MUST support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n "', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \\n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \\n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \\n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \\n If no matches are specified, the implementation MUST match every gRPC request. \\n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria."'), + matches: { + '#headers':: d.obj(help='"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the gRPC Header to be matched. \\n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help='"Type specifies how to match against the value of the header."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of the gRPC Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#method':: d.obj(help='"Method specifies a gRPC request service/method matcher. If this field is not specified, all services and methods will match."'), + method: { + '#withMethod':: d.fn(help='"Value of the method to match against. If left empty or omitted, will match all services. \\n At least one of Service and Method MUST be a non-empty string."', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method+: { method: method } }, + '#withService':: d.fn(help='"Value of the service to match against. If left empty or omitted, will match any service. \\n At least one of Service and Method MUST be a non-empty string."', args=[d.arg(name='service', type=d.T.string)]), + withService(service): { method+: { service: service } }, + '#withType':: d.fn(help='"Type specifies how to match against the service and/or method. Support: Core (Exact with service and method specified) \\n Support: Implementation-specific (Exact with method specified but no service specified) \\n Support: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { method+: { type: type } }, + }, + '#withHeaders':: d.fn(help='"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \\n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \\n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \\n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \\n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \\n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \\n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \\n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \\n If no matches are specified, the implementation MUST match every gRPC request. \\n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \\n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \\n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \\n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \\n If no matches are specified, the implementation MUST match every gRPC request. \\n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. \\n If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the GRPCRoute specified `test.example.com` and `test.example.net`, `test.example.net` MUST NOT be considered for a match. \\n If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\\"{namespace}/{name}\\\". \\n The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. \\n Support: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. \\n If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the GRPCRoute specified `test.example.com` and `test.example.net`, `test.example.net` MUST NOT be considered for a match. \\n If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\\"{namespace}/{name}\\\". \\n The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of GRPC matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of GRPC matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.8-experimental/_gen/gateway/v1alpha2/httpRoute.libsonnet b/0.8-experimental/_gen/gateway/v1alpha2/httpRoute.libsonnet new file mode 100644 index 0000000..c7c118e --- /dev/null +++ b/0.8-experimental/_gen/gateway/v1alpha2/httpRoute.libsonnet @@ -0,0 +1,398 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='httpRoute', url='', help='"HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of HTTPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'HTTPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of HTTPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n Support for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of HTTP matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n This filter can be used multiple times within the same rule. \\n Support: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \\n Support: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \\n Support: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location` header in the response. \\n If no port is specified, the redirect port MUST be derived using the following rules: \\n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \\\"http\\\" to port 80 and \\\"https\\\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \\n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \\n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \\n Support: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \\n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding. \\n Support: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during forwarding. \\n Support: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations must support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n This filter can be used multiple times within the same rule. \\n Support: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \\n Support: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \\n Support: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location` header in the response. \\n If no port is specified, the redirect port MUST be derived using the following rules: \\n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \\\"http\\\" to port 80 and \\\"https\\\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \\n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \\n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \\n Support: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \\n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding. \\n Support: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during forwarding. \\n Support: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations must support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."'), + matches: { + '#headers':: d.obj(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent. \\n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \\"Set-Cookie\\"."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the header. \\n Support: Core (Exact) \\n Support: Implementation-specific (RegularExpression) \\n Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#path':: d.obj(help='"Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the \\"/\\" path is provided."'), + path: { + '#withType':: d.fn(help='"Type specifies how to match against the path Value. \\n Support: Core (Exact, PathPrefix) \\n Support: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { path+: { type: type } }, + '#withValue':: d.fn(help='"Value of the HTTP path to match against."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { path+: { value: value } }, + }, + '#queryParams':: d.obj(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"'), + queryParams: { + '#withName':: d.fn(help='"Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). \\n If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. \\n If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is *recommended* that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. \\n Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the query parameter. \\n Support: Extended (Exact) \\n Support: Implementation-specific (RegularExpression) \\n Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP query param to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withHeaders':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + '#withMethod':: d.fn(help='"Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \\n Support: Extended"', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method: method }, + '#withQueryParams':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParams(queryParams): { queryParams: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + '#withQueryParamsMixin':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParamsMixin(queryParams): { queryParams+: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \\n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \\n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \\n Support: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \\n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \\n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.8-experimental/_gen/gateway/v1alpha2/main.libsonnet b/0.8-experimental/_gen/gateway/v1alpha2/main.libsonnet new file mode 100644 index 0000000..e41116d --- /dev/null +++ b/0.8-experimental/_gen/gateway/v1alpha2/main.libsonnet @@ -0,0 +1,12 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1alpha2', url='', help=''), + gateway: (import 'gateway.libsonnet'), + gatewayClass: (import 'gatewayClass.libsonnet'), + grpcRoute: (import 'grpcRoute.libsonnet'), + httpRoute: (import 'httpRoute.libsonnet'), + referenceGrant: (import 'referenceGrant.libsonnet'), + tcpRoute: (import 'tcpRoute.libsonnet'), + tlsRoute: (import 'tlsRoute.libsonnet'), + udpRoute: (import 'udpRoute.libsonnet'), +} diff --git a/0.8-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet b/0.8-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet new file mode 100644 index 0000000..72403a4 --- /dev/null +++ b/0.8-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet @@ -0,0 +1,81 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='referenceGrant', url='', help='"ReferenceGrant identifies kinds of resources in other namespaces that are trusted to reference the specified kinds of resources in the same namespace as the policy. \\n Each ReferenceGrant can be used to represent a unique trust relationship. Additional Reference Grants can be used to add to the set of trusted sources of inbound references for the namespace they are defined within. \\n A ReferenceGrant is required for all cross-namespace references in Gateway API (with the exception of cross-namespace Route-Gateway attachment, which is governed by the AllowedRoutes configuration on the Gateway, and cross-namespace Service ParentRefs on a \\"consumer\\" mesh Route, which defines routing rules applicable only to workloads in the Route namespace). ReferenceGrants allowing a reference from a Route to a Service are only applicable to BackendRefs. \\n ReferenceGrant is a form of runtime verification allowing users to assert which cross-namespace object references are permitted. Implementations that support ReferenceGrant MUST NOT permit cross-namespace references which have no grant, and MUST respond to the removal of a grant by revoking the access that the grant allowed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of ReferenceGrant', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'ReferenceGrant', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of ReferenceGrant."'), + spec: { + '#from':: d.obj(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"'), + from: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \\"Core\\" support level for this field. \\n When used to permit a SecretObjectReference: \\n * Gateway \\n When used to permit a BackendObjectReference: \\n * GRPCRoute * HTTPRoute * TCPRoute * TLSRoute * UDPRoute"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#to':: d.obj(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"'), + to: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \\"Core\\" support level for this field: \\n * Secret when used to permit a SecretObjectReference * Service when used to permit a BackendObjectReference"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. When unspecified, this policy refers to all resources of the specified Group and Kind in the local namespace."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withFrom':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"', args=[d.arg(name='from', type=d.T.array)]), + withFrom(from): { spec+: { from: if std.isArray(v=from) then from else [from] } }, + '#withFromMixin':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='from', type=d.T.array)]), + withFromMixin(from): { spec+: { from+: if std.isArray(v=from) then from else [from] } }, + '#withTo':: d.fn(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"', args=[d.arg(name='to', type=d.T.array)]), + withTo(to): { spec+: { to: if std.isArray(v=to) then to else [to] } }, + '#withToMixin':: d.fn(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='to', type=d.T.array)]), + withToMixin(to): { spec+: { to+: if std.isArray(v=to) then to else [to] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.8-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet b/0.8-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet new file mode 100644 index 0000000..f331792 --- /dev/null +++ b/0.8-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet @@ -0,0 +1,100 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='tcpRoute', url='', help='"TCPRoute provides a way to route TCP requests. When combined with a Gateway listener, it can be used to forward connections on the port specified by the listener to a set of backends specified by the TCPRoute."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of TCPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'TCPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of TCPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n Support for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of TCP matchers and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"'), + backendRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of TCP matchers and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of TCP matchers and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.8-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet b/0.8-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet new file mode 100644 index 0000000..46f8efd --- /dev/null +++ b/0.8-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet @@ -0,0 +1,104 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='tlsRoute', url='', help='"The TLSRoute resource is similar to TCPRoute, but can be configured to match against TLS-specific metadata. This allows more flexibility in matching streams for a given TLS listener. \\n If you need to forward traffic to a single target for a TLS listener, you could choose to use a TCPRoute with a TLS listener."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of TLSRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'TLSRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of TLSRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n Support for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of TLS matchers and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"'), + backendRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed in SNI names per RFC 6066. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and TLSRoute, there must be at least one intersecting hostname for the TLSRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \\n If both the Listener and TLSRoute have specified hostnames, any TLSRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the TLSRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and TLSRoute have specified hostnames, and none match with the criteria above, then the TLSRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n Support: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed in SNI names per RFC 6066. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and TLSRoute, there must be at least one intersecting hostname for the TLSRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \\n If both the Listener and TLSRoute have specified hostnames, any TLSRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the TLSRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and TLSRoute have specified hostnames, and none match with the criteria above, then the TLSRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of TLS matchers and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of TLS matchers and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.8-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet b/0.8-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet new file mode 100644 index 0000000..09db0d0 --- /dev/null +++ b/0.8-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet @@ -0,0 +1,100 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='udpRoute', url='', help='"UDPRoute provides a way to route UDP traffic. When combined with a Gateway listener, it can be used to forward traffic on the port specified by the listener to a set of backends specified by the UDPRoute."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of UDPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'UDPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of UDPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n Support for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of UDP matchers and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"'), + backendRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of UDP matchers and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of UDP matchers and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.8-experimental/_gen/gateway/v1beta1/gateway.libsonnet b/0.8-experimental/_gen/gateway/v1beta1/gateway.libsonnet new file mode 100644 index 0000000..d7b0a22 --- /dev/null +++ b/0.8-experimental/_gen/gateway/v1beta1/gateway.libsonnet @@ -0,0 +1,148 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help='"Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of Gateway', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'Gateway', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of Gateway."'), + spec: { + '#addresses':: d.obj(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended \\n "'), + addresses: { + '#withType':: d.fn(help='"Type of the address."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value of the address. The validity of the values will depend on the type and support by the controller. \\n Examples: `1.2.3.4`, `128::1`, `my-ip-address`."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#listeners':: d.obj(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \\n Within the HTTP Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \\n 1. Port: 80, Protocol: HTTP 2. Port: 443, Protocol: HTTPS \\n Within the TLS Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \\n 1. Port: 443, Protocol: TLS \\n Port and protocol combinations not listed above are considered Extended. \\n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \\\"compatible\\\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \\n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \\n 1. Either each Listener within the group specifies the \\\"HTTP\\\" Protocol or each Listener within the group specifies either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol. \\n 2. Each Listener within the group specifies a Hostname that is unique within the group. \\n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \\n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \\n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \\\"Conflicted\\\" condition in the Listener status. \\n Support: Core\""), + listeners: { + '#allowedRoutes':: d.obj(help='"AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present. \\n Although a client request may match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria: \\n * The most specific match as defined by the Route type. * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \\"2020-09-08 01:02:03\\" is given precedence over a Route with a creation timestamp of \\"2020-09-08 01:02:04\\". * If everything else is equivalent, the Route appearing first in alphabetical order (namespace/name) should be given precedence. For example, foo/bar is given precedence over foo/baz. \\n All valid rules within a Route attached to this Listener should be implemented. Invalid Route rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from valid to invalid, support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported. \\n Support: Core"'), + allowedRoutes: { + '#kinds':: d.obj(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\""), + kinds: { + '#withGroup':: d.fn(help='"Group is the group of the Route."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the Route."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + }, + '#namespaces':: d.obj(help='"Namespaces indicates namespaces from which Routes may be attached to this Listener. This is restricted to the namespace of this Gateway by default. \\n Support: Core"'), + namespaces: { + '#selector':: d.obj(help='"Selector must be specified when From is set to \\"Selector\\". In that case, only Routes in Namespaces matching this Selector will be selected by this Gateway. This field is ignored for other values of \\"From\\". \\n Support: Core"'), + selector: { + '#matchExpressions':: d.obj(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."'), + matchExpressions: { + '#withKey':: d.fn(help='"key is the label key that the selector applies to."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withOperator':: d.fn(help="\"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\"", args=[d.arg(name='operator', type=d.T.string)]), + withOperator(operator): { operator: operator }, + '#withValues':: d.fn(help='"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."', args=[d.arg(name='values', type=d.T.array)]), + withValues(values): { values: if std.isArray(v=values) then values else [values] }, + '#withValuesMixin':: d.fn(help='"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='values', type=d.T.array)]), + withValuesMixin(values): { values+: if std.isArray(v=values) then values else [values] }, + }, + '#withMatchExpressions':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressions(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchExpressionsMixin':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressionsMixin(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions+: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchLabels':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \\"key\\", the operator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabels(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels: matchLabels } } } }, + '#withMatchLabelsMixin':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \\"key\\", the operator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabelsMixin(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels+: matchLabels } } } }, + }, + '#withFrom':: d.fn(help='"From indicates where Routes will be selected for this Gateway. Possible values are: \\n * All: Routes in all namespaces may be used by this Gateway. * Selector: Routes in namespaces selected by the selector may be used by this Gateway. * Same: Only Routes in the same namespace may be used by this Gateway. \\n Support: Core"', args=[d.arg(name='from', type=d.T.string)]), + withFrom(from): { allowedRoutes+: { namespaces+: { from: from } } }, + }, + '#withKinds':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\"", args=[d.arg(name='kinds', type=d.T.array)]), + withKinds(kinds): { allowedRoutes+: { kinds: if std.isArray(v=kinds) then kinds else [kinds] } }, + '#withKindsMixin':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='kinds', type=d.T.array)]), + withKindsMixin(kinds): { allowedRoutes+: { kinds+: if std.isArray(v=kinds) then kinds else [kinds] } }, + }, + '#tls':: d.obj(help='"TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \\"HTTPS\\" or \\"TLS\\". It is invalid to set this field if the Protocol field is \\"HTTP\\", \\"TCP\\", or \\"UDP\\". \\n The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener. \\n The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. \\n Support: Core"'), + tls: { + '#certificateRefs':: d.obj(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"'), + certificateRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"Secret\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#withCertificateRefs':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefs(certificateRefs): { tls+: { certificateRefs: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withCertificateRefsMixin':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefsMixin(certificateRefs): { tls+: { certificateRefs+: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withMode':: d.fn(help="\"Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: \\n - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificateRefs to be set and contain at least one element. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRefs field is ignored in this mode. \\n Support: Core\"", args=[d.arg(name='mode', type=d.T.string)]), + withMode(mode): { tls+: { mode: mode } }, + '#withOptions':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \\n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \\n Support: Implementation-specific"', args=[d.arg(name='options', type=d.T.object)]), + withOptions(options): { tls+: { options: options } }, + '#withOptionsMixin':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \\n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \\n Support: Implementation-specific"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='options', type=d.T.object)]), + withOptionsMixin(options): { tls+: { options+: options } }, + }, + '#withHostname':: d.fn(help="\"Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. This field is ignored for protocols that don't require hostname based matching. \\n Implementations MUST apply Hostname matching appropriately for each of the following protocols: \\n * TLS: The Listener Hostname MUST match the SNI. * HTTP: The Listener Hostname MUST match the Host header of the request. * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP protocol layers as described above. If an implementation does not ensure that both the SNI and Host header match the Listener hostname, it MUST clearly document that. \\n For HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` array. When both listener and route specify hostnames, there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n Support: Core\"", args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { hostname: hostname }, + '#withName':: d.fn(help='"Name is the name of the Listener. This name MUST be unique within a Gateway. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withPort':: d.fn(help='"Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. \\n Support: Core"', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withProtocol':: d.fn(help='"Protocol specifies the network protocol this listener expects to receive. \\n Support: Core"', args=[d.arg(name='protocol', type=d.T.string)]), + withProtocol(protocol): { protocol: protocol }, + }, + '#withAddresses':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended \\n "', args=[d.arg(name='addresses', type=d.T.array)]), + withAddresses(addresses): { spec+: { addresses: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withAddressesMixin':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='addresses', type=d.T.array)]), + withAddressesMixin(addresses): { spec+: { addresses+: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withGatewayClassName':: d.fn(help='"GatewayClassName used for this Gateway. This is the name of a GatewayClass resource."', args=[d.arg(name='gatewayClassName', type=d.T.string)]), + withGatewayClassName(gatewayClassName): { spec+: { gatewayClassName: gatewayClassName } }, + '#withListeners':: d.fn(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \\n Within the HTTP Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \\n 1. Port: 80, Protocol: HTTP 2. Port: 443, Protocol: HTTPS \\n Within the TLS Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \\n 1. Port: 443, Protocol: TLS \\n Port and protocol combinations not listed above are considered Extended. \\n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \\\"compatible\\\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \\n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \\n 1. Either each Listener within the group specifies the \\\"HTTP\\\" Protocol or each Listener within the group specifies either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol. \\n 2. Each Listener within the group specifies a Hostname that is unique within the group. \\n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \\n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \\n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \\\"Conflicted\\\" condition in the Listener status. \\n Support: Core\"", args=[d.arg(name='listeners', type=d.T.array)]), + withListeners(listeners): { spec+: { listeners: if std.isArray(v=listeners) then listeners else [listeners] } }, + '#withListenersMixin':: d.fn(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \\n Within the HTTP Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \\n 1. Port: 80, Protocol: HTTP 2. Port: 443, Protocol: HTTPS \\n Within the TLS Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \\n 1. Port: 443, Protocol: TLS \\n Port and protocol combinations not listed above are considered Extended. \\n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \\\"compatible\\\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \\n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \\n 1. Either each Listener within the group specifies the \\\"HTTP\\\" Protocol or each Listener within the group specifies either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol. \\n 2. Each Listener within the group specifies a Hostname that is unique within the group. \\n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \\n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \\n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \\\"Conflicted\\\" condition in the Listener status. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='listeners', type=d.T.array)]), + withListenersMixin(listeners): { spec+: { listeners+: if std.isArray(v=listeners) then listeners else [listeners] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.8-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet b/0.8-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet new file mode 100644 index 0000000..a819833 --- /dev/null +++ b/0.8-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet @@ -0,0 +1,72 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gatewayClass', url='', help='"GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \\n It is recommended that this resource be used as a template for Gateways. This means that a Gateway is based on the state of the GatewayClass at the time it was created and changes to the GatewayClass or associated parameters are not propagated down to existing Gateways. This recommendation is intended to limit the blast radius of changes to GatewayClass or associated parameters. If implementations choose to propagate GatewayClass changes to existing Gateways, that MUST be clearly documented by the implementation. \\n Whenever one or more Gateways are using a GatewayClass, implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the associated GatewayClass. This ensures that a GatewayClass associated with a Gateway is not deleted while in use. \\n GatewayClass is a Cluster level resource."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GatewayClass', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'GatewayClass', + } + self.metadata.withName(name=name) + self.metadata.withAnnotations(annotations={ + 'tanka.dev/namespaced': 'false', + }), + '#spec':: d.obj(help='"Spec defines the desired state of GatewayClass."'), + spec: { + '#parametersRef':: d.obj(help="\"ParametersRef is a reference to a resource that contains the configuration parameters corresponding to the GatewayClass. This is optional if the controller does not require any additional configuration. \\n ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, or an implementation-specific custom resource. The resource can be cluster-scoped or namespace-scoped. \\n If the referent cannot be found, the GatewayClass's \\\"InvalidParameters\\\" status condition will be true. \\n Support: Implementation-specific\""), + parametersRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { spec+: { parametersRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is kind of the referent."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { spec+: { parametersRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { parametersRef+: { name: name } } }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. This field is required when referring to a Namespace-scoped resource and MUST be unset when referring to a Cluster-scoped resource."', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { parametersRef+: { namespace: namespace } } }, + }, + '#withControllerName':: d.fn(help='"ControllerName is the name of the controller that is managing Gateways of this class. The value of this field MUST be a domain prefixed path. \\n Example: \\"example.net/gateway-controller\\". \\n This field is not mutable and cannot be empty. \\n Support: Core"', args=[d.arg(name='controllerName', type=d.T.string)]), + withControllerName(controllerName): { spec+: { controllerName: controllerName } }, + '#withDescription':: d.fn(help='"Description helps describe a GatewayClass with more details."', args=[d.arg(name='description', type=d.T.string)]), + withDescription(description): { spec+: { description: description } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.8-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet b/0.8-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet new file mode 100644 index 0000000..f13860f --- /dev/null +++ b/0.8-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet @@ -0,0 +1,398 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='httpRoute', url='', help='"HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of HTTPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'HTTPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of HTTPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n Support for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of HTTP matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n This filter can be used multiple times within the same rule. \\n Support: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \\n Support: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \\n Support: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location` header in the response. \\n If no port is specified, the redirect port MUST be derived using the following rules: \\n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \\\"http\\\" to port 80 and \\\"https\\\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \\n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \\n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \\n Support: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \\n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding. \\n Support: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during forwarding. \\n Support: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations must support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n This filter can be used multiple times within the same rule. \\n Support: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \\n Support: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \\n Support: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location` header in the response. \\n If no port is specified, the redirect port MUST be derived using the following rules: \\n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \\\"http\\\" to port 80 and \\\"https\\\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \\n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \\n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \\n Support: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \\n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding. \\n Support: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during forwarding. \\n Support: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations must support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."'), + matches: { + '#headers':: d.obj(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent. \\n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \\"Set-Cookie\\"."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the header. \\n Support: Core (Exact) \\n Support: Implementation-specific (RegularExpression) \\n Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#path':: d.obj(help='"Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the \\"/\\" path is provided."'), + path: { + '#withType':: d.fn(help='"Type specifies how to match against the path Value. \\n Support: Core (Exact, PathPrefix) \\n Support: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { path+: { type: type } }, + '#withValue':: d.fn(help='"Value of the HTTP path to match against."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { path+: { value: value } }, + }, + '#queryParams':: d.obj(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"'), + queryParams: { + '#withName':: d.fn(help='"Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). \\n If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. \\n If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is *recommended* that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. \\n Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the query parameter. \\n Support: Extended (Exact) \\n Support: Implementation-specific (RegularExpression) \\n Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP query param to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withHeaders':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + '#withMethod':: d.fn(help='"Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \\n Support: Extended"', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method: method }, + '#withQueryParams':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParams(queryParams): { queryParams: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + '#withQueryParamsMixin':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParamsMixin(queryParams): { queryParams+: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \\n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \\n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \\n Support: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \\n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \\n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n This API may be extended in the future to support additional kinds of parent resources. \\n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.8-experimental/_gen/gateway/v1beta1/main.libsonnet b/0.8-experimental/_gen/gateway/v1beta1/main.libsonnet new file mode 100644 index 0000000..e6189e7 --- /dev/null +++ b/0.8-experimental/_gen/gateway/v1beta1/main.libsonnet @@ -0,0 +1,8 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1beta1', url='', help=''), + gateway: (import 'gateway.libsonnet'), + gatewayClass: (import 'gatewayClass.libsonnet'), + httpRoute: (import 'httpRoute.libsonnet'), + referenceGrant: (import 'referenceGrant.libsonnet'), +} diff --git a/0.8-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet b/0.8-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet new file mode 100644 index 0000000..b075afe --- /dev/null +++ b/0.8-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet @@ -0,0 +1,81 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='referenceGrant', url='', help='"ReferenceGrant identifies kinds of resources in other namespaces that are trusted to reference the specified kinds of resources in the same namespace as the policy. \\n Each ReferenceGrant can be used to represent a unique trust relationship. Additional Reference Grants can be used to add to the set of trusted sources of inbound references for the namespace they are defined within. \\n All cross-namespace references in Gateway API (with the exception of cross-namespace Gateway-route attachment) require a ReferenceGrant. \\n ReferenceGrant is a form of runtime verification allowing users to assert which cross-namespace object references are permitted. Implementations that support ReferenceGrant MUST NOT permit cross-namespace references which have no grant, and MUST respond to the removal of a grant by revoking the access that the grant allowed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of ReferenceGrant', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'ReferenceGrant', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of ReferenceGrant."'), + spec: { + '#from':: d.obj(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"'), + from: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \\"Core\\" support level for this field. \\n When used to permit a SecretObjectReference: \\n * Gateway \\n When used to permit a BackendObjectReference: \\n * GRPCRoute * HTTPRoute * TCPRoute * TLSRoute * UDPRoute"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#to':: d.obj(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"'), + to: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \\"Core\\" support level for this field: \\n * Secret when used to permit a SecretObjectReference * Service when used to permit a BackendObjectReference"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. When unspecified, this policy refers to all resources of the specified Group and Kind in the local namespace."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withFrom':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"', args=[d.arg(name='from', type=d.T.array)]), + withFrom(from): { spec+: { from: if std.isArray(v=from) then from else [from] } }, + '#withFromMixin':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='from', type=d.T.array)]), + withFromMixin(from): { spec+: { from+: if std.isArray(v=from) then from else [from] } }, + '#withTo':: d.fn(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"', args=[d.arg(name='to', type=d.T.array)]), + withTo(to): { spec+: { to: if std.isArray(v=to) then to else [to] } }, + '#withToMixin':: d.fn(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='to', type=d.T.array)]), + withToMixin(to): { spec+: { to+: if std.isArray(v=to) then to else [to] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/0.8-experimental/gen.libsonnet b/0.8-experimental/gen.libsonnet new file mode 100644 index 0000000..91d2e12 --- /dev/null +++ b/0.8-experimental/gen.libsonnet @@ -0,0 +1,5 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway-api', url='github.com/jsonnet-libs/gateway-api-libsonnet/0.8-experimental/main.libsonnet', help=''), + gateway:: (import '_gen/gateway/main.libsonnet'), +} diff --git a/0.8-experimental/main.libsonnet b/0.8-experimental/main.libsonnet new file mode 100644 index 0000000..f5597a5 --- /dev/null +++ b/0.8-experimental/main.libsonnet @@ -0,0 +1 @@ +(import 'gen.libsonnet') diff --git a/1.0-experimental/_gen/gateway/main.libsonnet b/1.0-experimental/_gen/gateway/main.libsonnet new file mode 100644 index 0000000..923565c --- /dev/null +++ b/1.0-experimental/_gen/gateway/main.libsonnet @@ -0,0 +1,7 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help=''), + v1: (import 'v1/main.libsonnet'), + v1alpha2: (import 'v1alpha2/main.libsonnet'), + v1beta1: (import 'v1beta1/main.libsonnet'), +} diff --git a/1.0-experimental/_gen/gateway/v1/gateway.libsonnet b/1.0-experimental/_gen/gateway/v1/gateway.libsonnet new file mode 100644 index 0000000..dbcfcf7 --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1/gateway.libsonnet @@ -0,0 +1,159 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help='"Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of Gateway', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'Gateway', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of Gateway."'), + spec: { + '#addresses':: d.obj(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended \\n "'), + addresses: { + '#withType':: d.fn(help='"Type of the address."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value of the address. The validity of the values will depend on the type and support by the controller. \\n Examples: `1.2.3.4`, `128::1`, `my-ip-address`."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#infrastructure':: d.obj(help='"Infrastructure defines infrastructure level attributes about this Gateway instance. \\n Support: Core \\n "'), + infrastructure: { + '#withAnnotations':: d.fn(help='"Annotations that SHOULD be applied to any resources created in response to this Gateway. \\n For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources. For other implementations, this refers to any relevant (implementation specific) \\"annotations\\" concepts. \\n An implementation may chose to add additional implementation-specific annotations as they see fit. \\n Support: Extended"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { spec+: { infrastructure+: { annotations: annotations } } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations that SHOULD be applied to any resources created in response to this Gateway. \\n For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources. For other implementations, this refers to any relevant (implementation specific) \\"annotations\\" concepts. \\n An implementation may chose to add additional implementation-specific annotations as they see fit. \\n Support: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { spec+: { infrastructure+: { annotations+: annotations } } }, + '#withLabels':: d.fn(help='"Labels that SHOULD be applied to any resources created in response to this Gateway. \\n For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources. For other implementations, this refers to any relevant (implementation specific) \\"labels\\" concepts. \\n An implementation may chose to add additional implementation-specific labels as they see fit. \\n Support: Extended"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { spec+: { infrastructure+: { labels: labels } } }, + '#withLabelsMixin':: d.fn(help='"Labels that SHOULD be applied to any resources created in response to this Gateway. \\n For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources. For other implementations, this refers to any relevant (implementation specific) \\"labels\\" concepts. \\n An implementation may chose to add additional implementation-specific labels as they see fit. \\n Support: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { spec+: { infrastructure+: { labels+: labels } } }, + }, + '#listeners':: d.obj(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses \\\"set of Listeners\\\" rather than \\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration from multiple Gateways onto a single data plane, and these rules _also_ apply in that case). \\n Practically, this means that each listener in a set MUST have a unique combination of Port, Protocol, and, if supported by the protocol, Hostname. \\n Some combinations of port, protocol, and TLS settings are considered Core support and MUST be supported by implementations based on their targeted conformance profile: \\n HTTP Profile \\n 1. HTTPRoute, Port: 80, Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided \\n TLS Profile \\n 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough \\n \\\"Distinct\\\" Listeners have the following property: \\n The implementation can match inbound requests to a single distinct Listener. When multiple Listeners share values for fields (for example, two Listeners with the same Port value), the implementation can match requests to only one of the Listeners using other Listener fields. \\n For example, the following Listener scenarios are distinct: \\n 1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\" Protocol that all have unique Hostname values. 2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol that all have unique Hostname values. 3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener with the same Protocol has the same Port value. \\n Some fields in the Listener struct have possible values that affect whether the Listener is distinct. Hostname is particularly relevant for HTTP or HTTPS protocols. \\n When using the Hostname value to select between same-Port, same-Protocol Listeners, the Hostname value must be different on each Listener for the Listener to be distinct. \\n When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from the most specific to least specific Hostname values to choose the correct Listener and its associated set of Routes. \\n Exact matches must be processed before wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\\\"foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`. \\n Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. For example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence. \\n The wildcard character will match any number of characters _and dots_ to the left, however, so `\\\"*.example.com\\\"` will match both `\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`. \\n If a set of Listeners contains Listeners that are not distinct, then those Listeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\" condition in the Listener Status to \\\"True\\\". \\n Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they only accept the partial Listener set that contains no Conflicted Listeners. To put this another way, implementations may accept a partial Listener set only if they throw out *all* the conflicting Listeners. No picking one of the conflicting listeners as the winner. This also means that the Gateway must have at least one non-conflicting Listener in this case, otherwise it violates the requirement that at least one Listener must be present. \\n The implementation MUST set a \\\"ListenersNotValid\\\" condition on the Gateway Status when the Gateway contains Conflicted Listeners whether or not they accept the Gateway. That Condition SHOULD clearly indicate in the Message which Listeners are conflicted, and which are Accepted. Additionally, the Listener status for those listeners SHOULD indicate which Listeners are conflicted and not Accepted. \\n A Gateway's Listeners are considered \\\"compatible\\\" if: \\n 1. They are distinct. 2. The implementation can serve them in compliance with the Addresses requirement that all Listeners are available on all assigned addresses. \\n Compatible combinations in Extended support are expected to vary across implementations. A combination that is compatible for one implementation may not be compatible for another. \\n For example, an implementation that cannot serve both TCP and UDP listeners on the same address, or cannot mix HTTPS and generic TLS listens on the same port would not consider those cases compatible, even though they are distinct. \\n Note that requests SHOULD match at most one Listener. For example, if Listeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a request to \\\"foo.example.com\\\" SHOULD only be routed using routes attached to the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener). This concept is known as \\\"Listener Isolation\\\". Implementations that do not support Listener Isolation MUST clearly document this. \\n Implementations MAY merge separate Gateways onto a single set of Addresses if all Listeners across all Gateways are compatible. \\n Support: Core\""), + listeners: { + '#allowedRoutes':: d.obj(help='"AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present. \\n Although a client request may match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria: \\n * The most specific match as defined by the Route type. * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \\"2020-09-08 01:02:03\\" is given precedence over a Route with a creation timestamp of \\"2020-09-08 01:02:04\\". * If everything else is equivalent, the Route appearing first in alphabetical order (namespace/name) should be given precedence. For example, foo/bar is given precedence over foo/baz. \\n All valid rules within a Route attached to this Listener should be implemented. Invalid Route rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from valid to invalid, support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported. \\n Support: Core"'), + allowedRoutes: { + '#kinds':: d.obj(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\""), + kinds: { + '#withGroup':: d.fn(help='"Group is the group of the Route."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the Route."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + }, + '#namespaces':: d.obj(help='"Namespaces indicates namespaces from which Routes may be attached to this Listener. This is restricted to the namespace of this Gateway by default. \\n Support: Core"'), + namespaces: { + '#selector':: d.obj(help='"Selector must be specified when From is set to \\"Selector\\". In that case, only Routes in Namespaces matching this Selector will be selected by this Gateway. This field is ignored for other values of \\"From\\". \\n Support: Core"'), + selector: { + '#matchExpressions':: d.obj(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."'), + matchExpressions: { + '#withKey':: d.fn(help='"key is the label key that the selector applies to."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withOperator':: d.fn(help="\"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\"", args=[d.arg(name='operator', type=d.T.string)]), + withOperator(operator): { operator: operator }, + '#withValues':: d.fn(help='"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."', args=[d.arg(name='values', type=d.T.array)]), + withValues(values): { values: if std.isArray(v=values) then values else [values] }, + '#withValuesMixin':: d.fn(help='"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='values', type=d.T.array)]), + withValuesMixin(values): { values+: if std.isArray(v=values) then values else [values] }, + }, + '#withMatchExpressions':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressions(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchExpressionsMixin':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressionsMixin(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions+: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchLabels':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \\"key\\", the operator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabels(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels: matchLabels } } } }, + '#withMatchLabelsMixin':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \\"key\\", the operator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabelsMixin(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels+: matchLabels } } } }, + }, + '#withFrom':: d.fn(help='"From indicates where Routes will be selected for this Gateway. Possible values are: \\n * All: Routes in all namespaces may be used by this Gateway. * Selector: Routes in namespaces selected by the selector may be used by this Gateway. * Same: Only Routes in the same namespace may be used by this Gateway. \\n Support: Core"', args=[d.arg(name='from', type=d.T.string)]), + withFrom(from): { allowedRoutes+: { namespaces+: { from: from } } }, + }, + '#withKinds':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\"", args=[d.arg(name='kinds', type=d.T.array)]), + withKinds(kinds): { allowedRoutes+: { kinds: if std.isArray(v=kinds) then kinds else [kinds] } }, + '#withKindsMixin':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='kinds', type=d.T.array)]), + withKindsMixin(kinds): { allowedRoutes+: { kinds+: if std.isArray(v=kinds) then kinds else [kinds] } }, + }, + '#tls':: d.obj(help='"TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \\"HTTPS\\" or \\"TLS\\". It is invalid to set this field if the Protocol field is \\"HTTP\\", \\"TCP\\", or \\"UDP\\". \\n The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener. \\n The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. \\n Support: Core"'), + tls: { + '#certificateRefs':: d.obj(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"'), + certificateRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"Secret\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the referenced object. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#withCertificateRefs':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefs(certificateRefs): { tls+: { certificateRefs: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withCertificateRefsMixin':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefsMixin(certificateRefs): { tls+: { certificateRefs+: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withMode':: d.fn(help="\"Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: \\n - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificateRefs to be set and contain at least one element. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRefs field is ignored in this mode. \\n Support: Core\"", args=[d.arg(name='mode', type=d.T.string)]), + withMode(mode): { tls+: { mode: mode } }, + '#withOptions':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \\n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \\n Support: Implementation-specific"', args=[d.arg(name='options', type=d.T.object)]), + withOptions(options): { tls+: { options: options } }, + '#withOptionsMixin':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \\n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \\n Support: Implementation-specific"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='options', type=d.T.object)]), + withOptionsMixin(options): { tls+: { options+: options } }, + }, + '#withHostname':: d.fn(help="\"Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. This field is ignored for protocols that don't require hostname based matching. \\n Implementations MUST apply Hostname matching appropriately for each of the following protocols: \\n * TLS: The Listener Hostname MUST match the SNI. * HTTP: The Listener Hostname MUST match the Host header of the request. * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP protocol layers as described above. If an implementation does not ensure that both the SNI and Host header match the Listener hostname, it MUST clearly document that. \\n For HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` array. When both listener and route specify hostnames, there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n Support: Core\"", args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { hostname: hostname }, + '#withName':: d.fn(help='"Name is the name of the Listener. This name MUST be unique within a Gateway. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withPort':: d.fn(help='"Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. \\n Support: Core"', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withProtocol':: d.fn(help='"Protocol specifies the network protocol this listener expects to receive. \\n Support: Core"', args=[d.arg(name='protocol', type=d.T.string)]), + withProtocol(protocol): { protocol: protocol }, + }, + '#withAddresses':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended \\n "', args=[d.arg(name='addresses', type=d.T.array)]), + withAddresses(addresses): { spec+: { addresses: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withAddressesMixin':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='addresses', type=d.T.array)]), + withAddressesMixin(addresses): { spec+: { addresses+: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withGatewayClassName':: d.fn(help='"GatewayClassName used for this Gateway. This is the name of a GatewayClass resource."', args=[d.arg(name='gatewayClassName', type=d.T.string)]), + withGatewayClassName(gatewayClassName): { spec+: { gatewayClassName: gatewayClassName } }, + '#withListeners':: d.fn(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses \\\"set of Listeners\\\" rather than \\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration from multiple Gateways onto a single data plane, and these rules _also_ apply in that case). \\n Practically, this means that each listener in a set MUST have a unique combination of Port, Protocol, and, if supported by the protocol, Hostname. \\n Some combinations of port, protocol, and TLS settings are considered Core support and MUST be supported by implementations based on their targeted conformance profile: \\n HTTP Profile \\n 1. HTTPRoute, Port: 80, Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided \\n TLS Profile \\n 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough \\n \\\"Distinct\\\" Listeners have the following property: \\n The implementation can match inbound requests to a single distinct Listener. When multiple Listeners share values for fields (for example, two Listeners with the same Port value), the implementation can match requests to only one of the Listeners using other Listener fields. \\n For example, the following Listener scenarios are distinct: \\n 1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\" Protocol that all have unique Hostname values. 2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol that all have unique Hostname values. 3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener with the same Protocol has the same Port value. \\n Some fields in the Listener struct have possible values that affect whether the Listener is distinct. Hostname is particularly relevant for HTTP or HTTPS protocols. \\n When using the Hostname value to select between same-Port, same-Protocol Listeners, the Hostname value must be different on each Listener for the Listener to be distinct. \\n When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from the most specific to least specific Hostname values to choose the correct Listener and its associated set of Routes. \\n Exact matches must be processed before wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\\\"foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`. \\n Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. For example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence. \\n The wildcard character will match any number of characters _and dots_ to the left, however, so `\\\"*.example.com\\\"` will match both `\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`. \\n If a set of Listeners contains Listeners that are not distinct, then those Listeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\" condition in the Listener Status to \\\"True\\\". \\n Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they only accept the partial Listener set that contains no Conflicted Listeners. To put this another way, implementations may accept a partial Listener set only if they throw out *all* the conflicting Listeners. No picking one of the conflicting listeners as the winner. This also means that the Gateway must have at least one non-conflicting Listener in this case, otherwise it violates the requirement that at least one Listener must be present. \\n The implementation MUST set a \\\"ListenersNotValid\\\" condition on the Gateway Status when the Gateway contains Conflicted Listeners whether or not they accept the Gateway. That Condition SHOULD clearly indicate in the Message which Listeners are conflicted, and which are Accepted. Additionally, the Listener status for those listeners SHOULD indicate which Listeners are conflicted and not Accepted. \\n A Gateway's Listeners are considered \\\"compatible\\\" if: \\n 1. They are distinct. 2. The implementation can serve them in compliance with the Addresses requirement that all Listeners are available on all assigned addresses. \\n Compatible combinations in Extended support are expected to vary across implementations. A combination that is compatible for one implementation may not be compatible for another. \\n For example, an implementation that cannot serve both TCP and UDP listeners on the same address, or cannot mix HTTPS and generic TLS listens on the same port would not consider those cases compatible, even though they are distinct. \\n Note that requests SHOULD match at most one Listener. For example, if Listeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a request to \\\"foo.example.com\\\" SHOULD only be routed using routes attached to the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener). This concept is known as \\\"Listener Isolation\\\". Implementations that do not support Listener Isolation MUST clearly document this. \\n Implementations MAY merge separate Gateways onto a single set of Addresses if all Listeners across all Gateways are compatible. \\n Support: Core\"", args=[d.arg(name='listeners', type=d.T.array)]), + withListeners(listeners): { spec+: { listeners: if std.isArray(v=listeners) then listeners else [listeners] } }, + '#withListenersMixin':: d.fn(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses \\\"set of Listeners\\\" rather than \\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration from multiple Gateways onto a single data plane, and these rules _also_ apply in that case). \\n Practically, this means that each listener in a set MUST have a unique combination of Port, Protocol, and, if supported by the protocol, Hostname. \\n Some combinations of port, protocol, and TLS settings are considered Core support and MUST be supported by implementations based on their targeted conformance profile: \\n HTTP Profile \\n 1. HTTPRoute, Port: 80, Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided \\n TLS Profile \\n 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough \\n \\\"Distinct\\\" Listeners have the following property: \\n The implementation can match inbound requests to a single distinct Listener. When multiple Listeners share values for fields (for example, two Listeners with the same Port value), the implementation can match requests to only one of the Listeners using other Listener fields. \\n For example, the following Listener scenarios are distinct: \\n 1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\" Protocol that all have unique Hostname values. 2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol that all have unique Hostname values. 3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener with the same Protocol has the same Port value. \\n Some fields in the Listener struct have possible values that affect whether the Listener is distinct. Hostname is particularly relevant for HTTP or HTTPS protocols. \\n When using the Hostname value to select between same-Port, same-Protocol Listeners, the Hostname value must be different on each Listener for the Listener to be distinct. \\n When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from the most specific to least specific Hostname values to choose the correct Listener and its associated set of Routes. \\n Exact matches must be processed before wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\\\"foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`. \\n Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. For example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence. \\n The wildcard character will match any number of characters _and dots_ to the left, however, so `\\\"*.example.com\\\"` will match both `\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`. \\n If a set of Listeners contains Listeners that are not distinct, then those Listeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\" condition in the Listener Status to \\\"True\\\". \\n Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they only accept the partial Listener set that contains no Conflicted Listeners. To put this another way, implementations may accept a partial Listener set only if they throw out *all* the conflicting Listeners. No picking one of the conflicting listeners as the winner. This also means that the Gateway must have at least one non-conflicting Listener in this case, otherwise it violates the requirement that at least one Listener must be present. \\n The implementation MUST set a \\\"ListenersNotValid\\\" condition on the Gateway Status when the Gateway contains Conflicted Listeners whether or not they accept the Gateway. That Condition SHOULD clearly indicate in the Message which Listeners are conflicted, and which are Accepted. Additionally, the Listener status for those listeners SHOULD indicate which Listeners are conflicted and not Accepted. \\n A Gateway's Listeners are considered \\\"compatible\\\" if: \\n 1. They are distinct. 2. The implementation can serve them in compliance with the Addresses requirement that all Listeners are available on all assigned addresses. \\n Compatible combinations in Extended support are expected to vary across implementations. A combination that is compatible for one implementation may not be compatible for another. \\n For example, an implementation that cannot serve both TCP and UDP listeners on the same address, or cannot mix HTTPS and generic TLS listens on the same port would not consider those cases compatible, even though they are distinct. \\n Note that requests SHOULD match at most one Listener. For example, if Listeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a request to \\\"foo.example.com\\\" SHOULD only be routed using routes attached to the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener). This concept is known as \\\"Listener Isolation\\\". Implementations that do not support Listener Isolation MUST clearly document this. \\n Implementations MAY merge separate Gateways onto a single set of Addresses if all Listeners across all Gateways are compatible. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='listeners', type=d.T.array)]), + withListenersMixin(listeners): { spec+: { listeners+: if std.isArray(v=listeners) then listeners else [listeners] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.0-experimental/_gen/gateway/v1/gatewayClass.libsonnet b/1.0-experimental/_gen/gateway/v1/gatewayClass.libsonnet new file mode 100644 index 0000000..9235a17 --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1/gatewayClass.libsonnet @@ -0,0 +1,72 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gatewayClass', url='', help='"GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \\n It is recommended that this resource be used as a template for Gateways. This means that a Gateway is based on the state of the GatewayClass at the time it was created and changes to the GatewayClass or associated parameters are not propagated down to existing Gateways. This recommendation is intended to limit the blast radius of changes to GatewayClass or associated parameters. If implementations choose to propagate GatewayClass changes to existing Gateways, that MUST be clearly documented by the implementation. \\n Whenever one or more Gateways are using a GatewayClass, implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the associated GatewayClass. This ensures that a GatewayClass associated with a Gateway is not deleted while in use. \\n GatewayClass is a Cluster level resource."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GatewayClass', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'GatewayClass', + } + self.metadata.withName(name=name) + self.metadata.withAnnotations(annotations={ + 'tanka.dev/namespaced': 'false', + }), + '#spec':: d.obj(help='"Spec defines the desired state of GatewayClass."'), + spec: { + '#parametersRef':: d.obj(help="\"ParametersRef is a reference to a resource that contains the configuration parameters corresponding to the GatewayClass. This is optional if the controller does not require any additional configuration. \\n ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, or an implementation-specific custom resource. The resource can be cluster-scoped or namespace-scoped. \\n If the referent cannot be found, the GatewayClass's \\\"InvalidParameters\\\" status condition will be true. \\n Support: Implementation-specific\""), + parametersRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { spec+: { parametersRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is kind of the referent."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { spec+: { parametersRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { parametersRef+: { name: name } } }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. This field is required when referring to a Namespace-scoped resource and MUST be unset when referring to a Cluster-scoped resource."', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { parametersRef+: { namespace: namespace } } }, + }, + '#withControllerName':: d.fn(help='"ControllerName is the name of the controller that is managing Gateways of this class. The value of this field MUST be a domain prefixed path. \\n Example: \\"example.net/gateway-controller\\". \\n This field is not mutable and cannot be empty. \\n Support: Core"', args=[d.arg(name='controllerName', type=d.T.string)]), + withControllerName(controllerName): { spec+: { controllerName: controllerName } }, + '#withDescription':: d.fn(help='"Description helps describe a GatewayClass with more details."', args=[d.arg(name='description', type=d.T.string)]), + withDescription(description): { spec+: { description: description } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.0-experimental/_gen/gateway/v1/httpRoute.libsonnet b/1.0-experimental/_gen/gateway/v1/httpRoute.libsonnet new file mode 100644 index 0000000..a9ebcb1 --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1/httpRoute.libsonnet @@ -0,0 +1,405 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='httpRoute', url='', help='"HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of HTTPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'HTTPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of HTTPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n Support for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of HTTP matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n This filter can be used multiple times within the same rule. \\n Support: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \\n Support: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \\n Support: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location` header in the response. \\n If no port is specified, the redirect port MUST be derived using the following rules: \\n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \\\"http\\\" to port 80 and \\\"https\\\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \\n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \\n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \\n Support: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \\n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding. \\n Support: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during forwarding. \\n Support: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations must support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n This filter can be used multiple times within the same rule. \\n Support: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \\n Support: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \\n Support: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location` header in the response. \\n If no port is specified, the redirect port MUST be derived using the following rules: \\n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \\\"http\\\" to port 80 and \\\"https\\\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \\n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \\n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \\n Support: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \\n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding. \\n Support: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during forwarding. \\n Support: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations must support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."'), + matches: { + '#headers':: d.obj(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent. \\n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \\"Set-Cookie\\"."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the header. \\n Support: Core (Exact) \\n Support: Implementation-specific (RegularExpression) \\n Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#path':: d.obj(help='"Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the \\"/\\" path is provided."'), + path: { + '#withType':: d.fn(help='"Type specifies how to match against the path Value. \\n Support: Core (Exact, PathPrefix) \\n Support: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { path+: { type: type } }, + '#withValue':: d.fn(help='"Value of the HTTP path to match against."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { path+: { value: value } }, + }, + '#queryParams':: d.obj(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"'), + queryParams: { + '#withName':: d.fn(help='"Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). \\n If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. \\n If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is *recommended* that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. \\n Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the query parameter. \\n Support: Extended (Exact) \\n Support: Implementation-specific (RegularExpression) \\n Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP query param to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withHeaders':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + '#withMethod':: d.fn(help='"Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \\n Support: Extended"', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method: method }, + '#withQueryParams':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParams(queryParams): { queryParams: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + '#withQueryParamsMixin':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParamsMixin(queryParams): { queryParams+: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + }, + '#timeouts':: d.obj(help='"Timeouts defines the timeouts that can be configured for an HTTP request. \\n Support: Extended \\n "'), + timeouts: { + '#withBackendRequest':: d.fn(help='"BackendRequest specifies a timeout for an individual request from the gateway to a backend. This covers the time from when the request first starts being sent from the gateway to when the full response has been received from the backend. \\n An entire client HTTP transaction with a gateway, covered by the Request timeout, may result in more than one call from the gateway to the destination backend, for example, if automatic retries are supported. \\n Because the Request timeout encompasses the BackendRequest timeout, the value of BackendRequest must be <= the value of Request timeout. \\n Support: Extended"', args=[d.arg(name='backendRequest', type=d.T.string)]), + withBackendRequest(backendRequest): { timeouts+: { backendRequest: backendRequest } }, + '#withRequest':: d.fn(help='"Request specifies the maximum duration for a gateway to respond to an HTTP request. If the gateway has not been able to respond before this deadline is met, the gateway MUST return a timeout error. \\n For example, setting the `rules.timeouts.request` field to the value `10s` in an `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds to complete. \\n This timeout is intended to cover as close to the whole request-response transaction as possible although an implementation MAY choose to start the timeout after the entire request stream has been received instead of immediately after the transaction is initiated by the client. \\n When this field is unspecified, request timeout behavior is implementation-specific. \\n Support: Extended"', args=[d.arg(name='request', type=d.T.string)]), + withRequest(request): { timeouts+: { request: request } }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \\n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \\n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \\n Support: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \\n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \\n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.0-experimental/_gen/gateway/v1/main.libsonnet b/1.0-experimental/_gen/gateway/v1/main.libsonnet new file mode 100644 index 0000000..649b904 --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1/main.libsonnet @@ -0,0 +1,7 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1', url='', help=''), + gateway: (import 'gateway.libsonnet'), + gatewayClass: (import 'gatewayClass.libsonnet'), + httpRoute: (import 'httpRoute.libsonnet'), +} diff --git a/1.0-experimental/_gen/gateway/v1alpha2/backendTLSPolicy.libsonnet b/1.0-experimental/_gen/gateway/v1alpha2/backendTLSPolicy.libsonnet new file mode 100644 index 0000000..61a21e8 --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1alpha2/backendTLSPolicy.libsonnet @@ -0,0 +1,88 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='backendTLSPolicy', url='', help='"BackendTLSPolicy provides a way to configure how a Gateway connects to a Backend via TLS."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of BackendTLSPolicy', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'BackendTLSPolicy', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of BackendTLSPolicy."'), + spec: { + '#targetRef':: d.obj(help='"TargetRef identifies an API object to apply the policy to. Only Services have Extended support. Implementations MAY support additional objects, with Implementation Specific support. Note that this config applies to the entire referenced resource by default, but this default may change in the future to provide a more granular application of the policy. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + targetRef: { + '#withGroup':: d.fn(help='"Group is the group of the target resource."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { spec+: { targetRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is kind of the target resource."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { spec+: { targetRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the target resource."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { targetRef+: { name: name } } }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, the local namespace is inferred. Even when policy targets a resource in a different namespace, it MUST only apply to traffic originating from the same namespace as the policy."', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { targetRef+: { namespace: namespace } } }, + '#withSectionName':: d.fn(help="\"SectionName is the name of a section within the target resource. When unspecified, this targetRef targets the entire resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name * Service: Port Name \\n If a SectionName is specified, but does not exist on the targeted object, the Policy must fail to attach, and the policy implementation should record a `ResolvedRefs` or similar Condition in the Policy's status.\"", args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { spec+: { targetRef+: { sectionName: sectionName } } }, + }, + '#tls':: d.obj(help='"TLS contains backend TLS policy configuration."'), + tls: { + '#caCertRefs':: d.obj(help='"CACertRefs contains one or more references to Kubernetes objects that contain a PEM-encoded TLS CA certificate bundle, which is used to validate a TLS handshake between the Gateway and backend Pod. \\n If CACertRefs is empty or unspecified, then WellKnownCACerts must be specified. Only one of CACertRefs or WellKnownCACerts may be specified, not both. If CACertRefs is empty or unspecified, the configuration for WellKnownCACerts MUST be honored instead. \\n References to a resource in a different namespace are invalid for the moment, although we will revisit this in the future. \\n A single CACertRef to a Kubernetes ConfigMap kind has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a backend, but this behavior is implementation-specific. \\n Support: Core - An optional single reference to a Kubernetes ConfigMap, with the CA certificate in a key named `ca.crt`. \\n Support: Implementation-specific (More than one reference, or other kinds of resources)."'), + caCertRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withCaCertRefs':: d.fn(help='"CACertRefs contains one or more references to Kubernetes objects that contain a PEM-encoded TLS CA certificate bundle, which is used to validate a TLS handshake between the Gateway and backend Pod. \\n If CACertRefs is empty or unspecified, then WellKnownCACerts must be specified. Only one of CACertRefs or WellKnownCACerts may be specified, not both. If CACertRefs is empty or unspecified, the configuration for WellKnownCACerts MUST be honored instead. \\n References to a resource in a different namespace are invalid for the moment, although we will revisit this in the future. \\n A single CACertRef to a Kubernetes ConfigMap kind has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a backend, but this behavior is implementation-specific. \\n Support: Core - An optional single reference to a Kubernetes ConfigMap, with the CA certificate in a key named `ca.crt`. \\n Support: Implementation-specific (More than one reference, or other kinds of resources)."', args=[d.arg(name='caCertRefs', type=d.T.array)]), + withCaCertRefs(caCertRefs): { spec+: { tls+: { caCertRefs: if std.isArray(v=caCertRefs) then caCertRefs else [caCertRefs] } } }, + '#withCaCertRefsMixin':: d.fn(help='"CACertRefs contains one or more references to Kubernetes objects that contain a PEM-encoded TLS CA certificate bundle, which is used to validate a TLS handshake between the Gateway and backend Pod. \\n If CACertRefs is empty or unspecified, then WellKnownCACerts must be specified. Only one of CACertRefs or WellKnownCACerts may be specified, not both. If CACertRefs is empty or unspecified, the configuration for WellKnownCACerts MUST be honored instead. \\n References to a resource in a different namespace are invalid for the moment, although we will revisit this in the future. \\n A single CACertRef to a Kubernetes ConfigMap kind has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a backend, but this behavior is implementation-specific. \\n Support: Core - An optional single reference to a Kubernetes ConfigMap, with the CA certificate in a key named `ca.crt`. \\n Support: Implementation-specific (More than one reference, or other kinds of resources)."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='caCertRefs', type=d.T.array)]), + withCaCertRefsMixin(caCertRefs): { spec+: { tls+: { caCertRefs+: if std.isArray(v=caCertRefs) then caCertRefs else [caCertRefs] } } }, + '#withHostname':: d.fn(help='"Hostname is used for two purposes in the connection between Gateways and backends: \\n 1. Hostname MUST be used as the SNI to connect to the backend (RFC 6066). 2. Hostname MUST be used for authentication and MUST match the certificate served by the matching backend. \\n Support: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { spec+: { tls+: { hostname: hostname } } }, + '#withWellKnownCACerts':: d.fn(help='"WellKnownCACerts specifies whether system CA certificates may be used in the TLS handshake between the gateway and backend pod. \\n If WellKnownCACerts is unspecified or empty (\\"\\"), then CACertRefs must be specified with at least one entry for a valid configuration. Only one of CACertRefs or WellKnownCACerts may be specified, not both. \\n Support: Core for \\"System\\', args=[d.arg(name='wellKnownCACerts', type=d.T.string)]), + withWellKnownCACerts(wellKnownCACerts): { spec+: { tls+: { wellKnownCACerts: wellKnownCACerts } } }, + }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.0-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet b/1.0-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet new file mode 100644 index 0000000..e1da4aa --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet @@ -0,0 +1,317 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='grpcRoute', url='', help='"GRPCRoute provides a way to route gRPC requests. This includes the capability to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. Filters can be used to specify additional processing steps. Backends specify where matching requests will be routed. \\n GRPCRoute falls under extended support within the Gateway API. Within the following specification, the word \\"MUST\\" indicates that an implementation supporting GRPCRoute must conform to the indicated requirement, but an implementation not supporting this route type need not follow the requirement unless explicitly indicated. \\n Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via ALPN. If the implementation does not support this, then it MUST set the \\"Accepted\\" condition to \\"False\\" for the affected listener with a reason of \\"UnsupportedProtocol\\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1. \\n Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST support HTTP/2 over cleartext TCP (h2c, https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial upgrade from HTTP/1.1, i.e. with prior knowledge (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation does not support this, then it MUST set the \\"Accepted\\" condition to \\"False\\" for the affected listener with a reason of \\"UnsupportedProtocol\\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1, i.e. without prior knowledge."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GRPCRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'GRPCRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of GRPCRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n Support for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of GRPC matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \\n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \\n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n Support: Implementation-specific \\n This filter can be used multiple times within the same rule."'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations supporting GRPCRoute MUST support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n "', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n Support: Implementation-specific \\n This filter can be used multiple times within the same rule."'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations supporting GRPCRoute MUST support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n "', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \\n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \\n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \\n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \\n If no matches are specified, the implementation MUST match every gRPC request. \\n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria."'), + matches: { + '#headers':: d.obj(help='"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the gRPC Header to be matched. \\n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help='"Type specifies how to match against the value of the header."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of the gRPC Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#method':: d.obj(help='"Method specifies a gRPC request service/method matcher. If this field is not specified, all services and methods will match."'), + method: { + '#withMethod':: d.fn(help='"Value of the method to match against. If left empty or omitted, will match all services. \\n At least one of Service and Method MUST be a non-empty string."', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method+: { method: method } }, + '#withService':: d.fn(help='"Value of the service to match against. If left empty or omitted, will match any service. \\n At least one of Service and Method MUST be a non-empty string."', args=[d.arg(name='service', type=d.T.string)]), + withService(service): { method+: { service: service } }, + '#withType':: d.fn(help='"Type specifies how to match against the service and/or method. Support: Core (Exact with service and method specified) \\n Support: Implementation-specific (Exact with method specified but no service specified) \\n Support: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { method+: { type: type } }, + }, + '#withHeaders':: d.fn(help='"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \\n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \\n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \\n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \\n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \\n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \\n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \\n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \\n If no matches are specified, the implementation MUST match every gRPC request. \\n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \\n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \\n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \\n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \\n If no matches are specified, the implementation MUST match every gRPC request. \\n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. \\n If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the GRPCRoute specified `test.example.com` and `test.example.net`, `test.example.net` MUST NOT be considered for a match. \\n If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\\"{namespace}/{name}\\\". \\n The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. \\n Support: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. \\n If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the GRPCRoute specified `test.example.com` and `test.example.net`, `test.example.net` MUST NOT be considered for a match. \\n If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\\"{namespace}/{name}\\\". \\n The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of GRPC matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of GRPC matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.0-experimental/_gen/gateway/v1alpha2/main.libsonnet b/1.0-experimental/_gen/gateway/v1alpha2/main.libsonnet new file mode 100644 index 0000000..db28d56 --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1alpha2/main.libsonnet @@ -0,0 +1,10 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1alpha2', url='', help=''), + backendTLSPolicy: (import 'backendTLSPolicy.libsonnet'), + grpcRoute: (import 'grpcRoute.libsonnet'), + referenceGrant: (import 'referenceGrant.libsonnet'), + tcpRoute: (import 'tcpRoute.libsonnet'), + tlsRoute: (import 'tlsRoute.libsonnet'), + udpRoute: (import 'udpRoute.libsonnet'), +} diff --git a/1.0-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet b/1.0-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet new file mode 100644 index 0000000..72403a4 --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet @@ -0,0 +1,81 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='referenceGrant', url='', help='"ReferenceGrant identifies kinds of resources in other namespaces that are trusted to reference the specified kinds of resources in the same namespace as the policy. \\n Each ReferenceGrant can be used to represent a unique trust relationship. Additional Reference Grants can be used to add to the set of trusted sources of inbound references for the namespace they are defined within. \\n A ReferenceGrant is required for all cross-namespace references in Gateway API (with the exception of cross-namespace Route-Gateway attachment, which is governed by the AllowedRoutes configuration on the Gateway, and cross-namespace Service ParentRefs on a \\"consumer\\" mesh Route, which defines routing rules applicable only to workloads in the Route namespace). ReferenceGrants allowing a reference from a Route to a Service are only applicable to BackendRefs. \\n ReferenceGrant is a form of runtime verification allowing users to assert which cross-namespace object references are permitted. Implementations that support ReferenceGrant MUST NOT permit cross-namespace references which have no grant, and MUST respond to the removal of a grant by revoking the access that the grant allowed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of ReferenceGrant', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'ReferenceGrant', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of ReferenceGrant."'), + spec: { + '#from':: d.obj(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"'), + from: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \\"Core\\" support level for this field. \\n When used to permit a SecretObjectReference: \\n * Gateway \\n When used to permit a BackendObjectReference: \\n * GRPCRoute * HTTPRoute * TCPRoute * TLSRoute * UDPRoute"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#to':: d.obj(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"'), + to: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \\"Core\\" support level for this field: \\n * Secret when used to permit a SecretObjectReference * Service when used to permit a BackendObjectReference"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. When unspecified, this policy refers to all resources of the specified Group and Kind in the local namespace."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withFrom':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"', args=[d.arg(name='from', type=d.T.array)]), + withFrom(from): { spec+: { from: if std.isArray(v=from) then from else [from] } }, + '#withFromMixin':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='from', type=d.T.array)]), + withFromMixin(from): { spec+: { from+: if std.isArray(v=from) then from else [from] } }, + '#withTo':: d.fn(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"', args=[d.arg(name='to', type=d.T.array)]), + withTo(to): { spec+: { to: if std.isArray(v=to) then to else [to] } }, + '#withToMixin':: d.fn(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='to', type=d.T.array)]), + withToMixin(to): { spec+: { to+: if std.isArray(v=to) then to else [to] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.0-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet b/1.0-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet new file mode 100644 index 0000000..3c475a0 --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet @@ -0,0 +1,100 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='tcpRoute', url='', help='"TCPRoute provides a way to route TCP requests. When combined with a Gateway listener, it can be used to forward connections on the port specified by the listener to a set of backends specified by the TCPRoute."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of TCPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'TCPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of TCPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n Support for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of TCP matchers and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"'), + backendRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of TCP matchers and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of TCP matchers and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.0-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet b/1.0-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet new file mode 100644 index 0000000..47147c7 --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet @@ -0,0 +1,104 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='tlsRoute', url='', help='"The TLSRoute resource is similar to TCPRoute, but can be configured to match against TLS-specific metadata. This allows more flexibility in matching streams for a given TLS listener. \\n If you need to forward traffic to a single target for a TLS listener, you could choose to use a TCPRoute with a TLS listener."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of TLSRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'TLSRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of TLSRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n Support for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of TLS matchers and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"'), + backendRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed in SNI names per RFC 6066. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and TLSRoute, there must be at least one intersecting hostname for the TLSRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \\n If both the Listener and TLSRoute have specified hostnames, any TLSRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the TLSRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and TLSRoute have specified hostnames, and none match with the criteria above, then the TLSRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n Support: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed in SNI names per RFC 6066. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and TLSRoute, there must be at least one intersecting hostname for the TLSRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \\n If both the Listener and TLSRoute have specified hostnames, any TLSRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the TLSRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and TLSRoute have specified hostnames, and none match with the criteria above, then the TLSRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of TLS matchers and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of TLS matchers and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.0-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet b/1.0-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet new file mode 100644 index 0000000..b8c1040 --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet @@ -0,0 +1,100 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='udpRoute', url='', help='"UDPRoute provides a way to route UDP traffic. When combined with a Gateway listener, it can be used to forward traffic on the port specified by the listener to a set of backends specified by the UDPRoute."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of UDPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'UDPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of UDPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n Support for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of UDP matchers and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"'), + backendRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of UDP matchers and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of UDP matchers and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.0-experimental/_gen/gateway/v1beta1/gateway.libsonnet b/1.0-experimental/_gen/gateway/v1beta1/gateway.libsonnet new file mode 100644 index 0000000..f3598fd --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1beta1/gateway.libsonnet @@ -0,0 +1,159 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help='"Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of Gateway', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'Gateway', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of Gateway."'), + spec: { + '#addresses':: d.obj(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended \\n "'), + addresses: { + '#withType':: d.fn(help='"Type of the address."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value of the address. The validity of the values will depend on the type and support by the controller. \\n Examples: `1.2.3.4`, `128::1`, `my-ip-address`."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#infrastructure':: d.obj(help='"Infrastructure defines infrastructure level attributes about this Gateway instance. \\n Support: Core \\n "'), + infrastructure: { + '#withAnnotations':: d.fn(help='"Annotations that SHOULD be applied to any resources created in response to this Gateway. \\n For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources. For other implementations, this refers to any relevant (implementation specific) \\"annotations\\" concepts. \\n An implementation may chose to add additional implementation-specific annotations as they see fit. \\n Support: Extended"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { spec+: { infrastructure+: { annotations: annotations } } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations that SHOULD be applied to any resources created in response to this Gateway. \\n For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources. For other implementations, this refers to any relevant (implementation specific) \\"annotations\\" concepts. \\n An implementation may chose to add additional implementation-specific annotations as they see fit. \\n Support: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { spec+: { infrastructure+: { annotations+: annotations } } }, + '#withLabels':: d.fn(help='"Labels that SHOULD be applied to any resources created in response to this Gateway. \\n For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources. For other implementations, this refers to any relevant (implementation specific) \\"labels\\" concepts. \\n An implementation may chose to add additional implementation-specific labels as they see fit. \\n Support: Extended"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { spec+: { infrastructure+: { labels: labels } } }, + '#withLabelsMixin':: d.fn(help='"Labels that SHOULD be applied to any resources created in response to this Gateway. \\n For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources. For other implementations, this refers to any relevant (implementation specific) \\"labels\\" concepts. \\n An implementation may chose to add additional implementation-specific labels as they see fit. \\n Support: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { spec+: { infrastructure+: { labels+: labels } } }, + }, + '#listeners':: d.obj(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses \\\"set of Listeners\\\" rather than \\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration from multiple Gateways onto a single data plane, and these rules _also_ apply in that case). \\n Practically, this means that each listener in a set MUST have a unique combination of Port, Protocol, and, if supported by the protocol, Hostname. \\n Some combinations of port, protocol, and TLS settings are considered Core support and MUST be supported by implementations based on their targeted conformance profile: \\n HTTP Profile \\n 1. HTTPRoute, Port: 80, Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided \\n TLS Profile \\n 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough \\n \\\"Distinct\\\" Listeners have the following property: \\n The implementation can match inbound requests to a single distinct Listener. When multiple Listeners share values for fields (for example, two Listeners with the same Port value), the implementation can match requests to only one of the Listeners using other Listener fields. \\n For example, the following Listener scenarios are distinct: \\n 1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\" Protocol that all have unique Hostname values. 2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol that all have unique Hostname values. 3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener with the same Protocol has the same Port value. \\n Some fields in the Listener struct have possible values that affect whether the Listener is distinct. Hostname is particularly relevant for HTTP or HTTPS protocols. \\n When using the Hostname value to select between same-Port, same-Protocol Listeners, the Hostname value must be different on each Listener for the Listener to be distinct. \\n When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from the most specific to least specific Hostname values to choose the correct Listener and its associated set of Routes. \\n Exact matches must be processed before wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\\\"foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`. \\n Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. For example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence. \\n The wildcard character will match any number of characters _and dots_ to the left, however, so `\\\"*.example.com\\\"` will match both `\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`. \\n If a set of Listeners contains Listeners that are not distinct, then those Listeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\" condition in the Listener Status to \\\"True\\\". \\n Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they only accept the partial Listener set that contains no Conflicted Listeners. To put this another way, implementations may accept a partial Listener set only if they throw out *all* the conflicting Listeners. No picking one of the conflicting listeners as the winner. This also means that the Gateway must have at least one non-conflicting Listener in this case, otherwise it violates the requirement that at least one Listener must be present. \\n The implementation MUST set a \\\"ListenersNotValid\\\" condition on the Gateway Status when the Gateway contains Conflicted Listeners whether or not they accept the Gateway. That Condition SHOULD clearly indicate in the Message which Listeners are conflicted, and which are Accepted. Additionally, the Listener status for those listeners SHOULD indicate which Listeners are conflicted and not Accepted. \\n A Gateway's Listeners are considered \\\"compatible\\\" if: \\n 1. They are distinct. 2. The implementation can serve them in compliance with the Addresses requirement that all Listeners are available on all assigned addresses. \\n Compatible combinations in Extended support are expected to vary across implementations. A combination that is compatible for one implementation may not be compatible for another. \\n For example, an implementation that cannot serve both TCP and UDP listeners on the same address, or cannot mix HTTPS and generic TLS listens on the same port would not consider those cases compatible, even though they are distinct. \\n Note that requests SHOULD match at most one Listener. For example, if Listeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a request to \\\"foo.example.com\\\" SHOULD only be routed using routes attached to the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener). This concept is known as \\\"Listener Isolation\\\". Implementations that do not support Listener Isolation MUST clearly document this. \\n Implementations MAY merge separate Gateways onto a single set of Addresses if all Listeners across all Gateways are compatible. \\n Support: Core\""), + listeners: { + '#allowedRoutes':: d.obj(help='"AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present. \\n Although a client request may match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria: \\n * The most specific match as defined by the Route type. * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \\"2020-09-08 01:02:03\\" is given precedence over a Route with a creation timestamp of \\"2020-09-08 01:02:04\\". * If everything else is equivalent, the Route appearing first in alphabetical order (namespace/name) should be given precedence. For example, foo/bar is given precedence over foo/baz. \\n All valid rules within a Route attached to this Listener should be implemented. Invalid Route rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from valid to invalid, support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported. \\n Support: Core"'), + allowedRoutes: { + '#kinds':: d.obj(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\""), + kinds: { + '#withGroup':: d.fn(help='"Group is the group of the Route."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the Route."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + }, + '#namespaces':: d.obj(help='"Namespaces indicates namespaces from which Routes may be attached to this Listener. This is restricted to the namespace of this Gateway by default. \\n Support: Core"'), + namespaces: { + '#selector':: d.obj(help='"Selector must be specified when From is set to \\"Selector\\". In that case, only Routes in Namespaces matching this Selector will be selected by this Gateway. This field is ignored for other values of \\"From\\". \\n Support: Core"'), + selector: { + '#matchExpressions':: d.obj(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."'), + matchExpressions: { + '#withKey':: d.fn(help='"key is the label key that the selector applies to."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withOperator':: d.fn(help="\"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\"", args=[d.arg(name='operator', type=d.T.string)]), + withOperator(operator): { operator: operator }, + '#withValues':: d.fn(help='"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."', args=[d.arg(name='values', type=d.T.array)]), + withValues(values): { values: if std.isArray(v=values) then values else [values] }, + '#withValuesMixin':: d.fn(help='"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='values', type=d.T.array)]), + withValuesMixin(values): { values+: if std.isArray(v=values) then values else [values] }, + }, + '#withMatchExpressions':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressions(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchExpressionsMixin':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressionsMixin(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions+: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchLabels':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \\"key\\", the operator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabels(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels: matchLabels } } } }, + '#withMatchLabelsMixin':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \\"key\\", the operator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabelsMixin(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels+: matchLabels } } } }, + }, + '#withFrom':: d.fn(help='"From indicates where Routes will be selected for this Gateway. Possible values are: \\n * All: Routes in all namespaces may be used by this Gateway. * Selector: Routes in namespaces selected by the selector may be used by this Gateway. * Same: Only Routes in the same namespace may be used by this Gateway. \\n Support: Core"', args=[d.arg(name='from', type=d.T.string)]), + withFrom(from): { allowedRoutes+: { namespaces+: { from: from } } }, + }, + '#withKinds':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\"", args=[d.arg(name='kinds', type=d.T.array)]), + withKinds(kinds): { allowedRoutes+: { kinds: if std.isArray(v=kinds) then kinds else [kinds] } }, + '#withKindsMixin':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \\n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the \\\"InvalidRouteKinds\\\" reason. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='kinds', type=d.T.array)]), + withKindsMixin(kinds): { allowedRoutes+: { kinds+: if std.isArray(v=kinds) then kinds else [kinds] } }, + }, + '#tls':: d.obj(help='"TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \\"HTTPS\\" or \\"TLS\\". It is invalid to set this field if the Protocol field is \\"HTTP\\", \\"TCP\\", or \\"UDP\\". \\n The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener. \\n The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. \\n Support: Core"'), + tls: { + '#certificateRefs':: d.obj(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"'), + certificateRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"Secret\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the referenced object. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#withCertificateRefs':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefs(certificateRefs): { tls+: { certificateRefs: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withCertificateRefsMixin':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \\n A single CertificateRef to a Kubernetes Secret has \\"Core\\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \\n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \\"ResolvedRefs\\" condition MUST be set to False for this listener with the \\"RefNotPermitted\\" reason. \\n This field is required to have at least one element when the mode is set to \\"Terminate\\" (default) and is optional otherwise. \\n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \\n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \\n Support: Implementation-specific (More than one reference or other resource types)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefsMixin(certificateRefs): { tls+: { certificateRefs+: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withMode':: d.fn(help="\"Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: \\n - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificateRefs to be set and contain at least one element. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRefs field is ignored in this mode. \\n Support: Core\"", args=[d.arg(name='mode', type=d.T.string)]), + withMode(mode): { tls+: { mode: mode } }, + '#withOptions':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \\n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \\n Support: Implementation-specific"', args=[d.arg(name='options', type=d.T.object)]), + withOptions(options): { tls+: { options: options } }, + '#withOptionsMixin':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \\n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \\n Support: Implementation-specific"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='options', type=d.T.object)]), + withOptionsMixin(options): { tls+: { options+: options } }, + }, + '#withHostname':: d.fn(help="\"Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. This field is ignored for protocols that don't require hostname based matching. \\n Implementations MUST apply Hostname matching appropriately for each of the following protocols: \\n * TLS: The Listener Hostname MUST match the SNI. * HTTP: The Listener Hostname MUST match the Host header of the request. * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP protocol layers as described above. If an implementation does not ensure that both the SNI and Host header match the Listener hostname, it MUST clearly document that. \\n For HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` array. When both listener and route specify hostnames, there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n Support: Core\"", args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { hostname: hostname }, + '#withName':: d.fn(help='"Name is the name of the Listener. This name MUST be unique within a Gateway. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withPort':: d.fn(help='"Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. \\n Support: Core"', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withProtocol':: d.fn(help='"Protocol specifies the network protocol this listener expects to receive. \\n Support: Core"', args=[d.arg(name='protocol', type=d.T.string)]), + withProtocol(protocol): { protocol: protocol }, + }, + '#withAddresses':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended \\n "', args=[d.arg(name='addresses', type=d.T.array)]), + withAddresses(addresses): { spec+: { addresses: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withAddressesMixin':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \\n The Addresses field represents a request for the address(es) on the \\"outside of the Gateway\\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \\n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \\n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \\n Support: Extended \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='addresses', type=d.T.array)]), + withAddressesMixin(addresses): { spec+: { addresses+: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withGatewayClassName':: d.fn(help='"GatewayClassName used for this Gateway. This is the name of a GatewayClass resource."', args=[d.arg(name='gatewayClassName', type=d.T.string)]), + withGatewayClassName(gatewayClassName): { spec+: { gatewayClassName: gatewayClassName } }, + '#withListeners':: d.fn(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses \\\"set of Listeners\\\" rather than \\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration from multiple Gateways onto a single data plane, and these rules _also_ apply in that case). \\n Practically, this means that each listener in a set MUST have a unique combination of Port, Protocol, and, if supported by the protocol, Hostname. \\n Some combinations of port, protocol, and TLS settings are considered Core support and MUST be supported by implementations based on their targeted conformance profile: \\n HTTP Profile \\n 1. HTTPRoute, Port: 80, Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided \\n TLS Profile \\n 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough \\n \\\"Distinct\\\" Listeners have the following property: \\n The implementation can match inbound requests to a single distinct Listener. When multiple Listeners share values for fields (for example, two Listeners with the same Port value), the implementation can match requests to only one of the Listeners using other Listener fields. \\n For example, the following Listener scenarios are distinct: \\n 1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\" Protocol that all have unique Hostname values. 2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol that all have unique Hostname values. 3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener with the same Protocol has the same Port value. \\n Some fields in the Listener struct have possible values that affect whether the Listener is distinct. Hostname is particularly relevant for HTTP or HTTPS protocols. \\n When using the Hostname value to select between same-Port, same-Protocol Listeners, the Hostname value must be different on each Listener for the Listener to be distinct. \\n When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from the most specific to least specific Hostname values to choose the correct Listener and its associated set of Routes. \\n Exact matches must be processed before wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\\\"foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`. \\n Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. For example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence. \\n The wildcard character will match any number of characters _and dots_ to the left, however, so `\\\"*.example.com\\\"` will match both `\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`. \\n If a set of Listeners contains Listeners that are not distinct, then those Listeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\" condition in the Listener Status to \\\"True\\\". \\n Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they only accept the partial Listener set that contains no Conflicted Listeners. To put this another way, implementations may accept a partial Listener set only if they throw out *all* the conflicting Listeners. No picking one of the conflicting listeners as the winner. This also means that the Gateway must have at least one non-conflicting Listener in this case, otherwise it violates the requirement that at least one Listener must be present. \\n The implementation MUST set a \\\"ListenersNotValid\\\" condition on the Gateway Status when the Gateway contains Conflicted Listeners whether or not they accept the Gateway. That Condition SHOULD clearly indicate in the Message which Listeners are conflicted, and which are Accepted. Additionally, the Listener status for those listeners SHOULD indicate which Listeners are conflicted and not Accepted. \\n A Gateway's Listeners are considered \\\"compatible\\\" if: \\n 1. They are distinct. 2. The implementation can serve them in compliance with the Addresses requirement that all Listeners are available on all assigned addresses. \\n Compatible combinations in Extended support are expected to vary across implementations. A combination that is compatible for one implementation may not be compatible for another. \\n For example, an implementation that cannot serve both TCP and UDP listeners on the same address, or cannot mix HTTPS and generic TLS listens on the same port would not consider those cases compatible, even though they are distinct. \\n Note that requests SHOULD match at most one Listener. For example, if Listeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a request to \\\"foo.example.com\\\" SHOULD only be routed using routes attached to the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener). This concept is known as \\\"Listener Isolation\\\". Implementations that do not support Listener Isolation MUST clearly document this. \\n Implementations MAY merge separate Gateways onto a single set of Addresses if all Listeners across all Gateways are compatible. \\n Support: Core\"", args=[d.arg(name='listeners', type=d.T.array)]), + withListeners(listeners): { spec+: { listeners: if std.isArray(v=listeners) then listeners else [listeners] } }, + '#withListenersMixin':: d.fn(help="\"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \\n Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses \\\"set of Listeners\\\" rather than \\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration from multiple Gateways onto a single data plane, and these rules _also_ apply in that case). \\n Practically, this means that each listener in a set MUST have a unique combination of Port, Protocol, and, if supported by the protocol, Hostname. \\n Some combinations of port, protocol, and TLS settings are considered Core support and MUST be supported by implementations based on their targeted conformance profile: \\n HTTP Profile \\n 1. HTTPRoute, Port: 80, Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided \\n TLS Profile \\n 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough \\n \\\"Distinct\\\" Listeners have the following property: \\n The implementation can match inbound requests to a single distinct Listener. When multiple Listeners share values for fields (for example, two Listeners with the same Port value), the implementation can match requests to only one of the Listeners using other Listener fields. \\n For example, the following Listener scenarios are distinct: \\n 1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\" Protocol that all have unique Hostname values. 2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or \\\"TLS\\\" Protocol that all have unique Hostname values. 3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener with the same Protocol has the same Port value. \\n Some fields in the Listener struct have possible values that affect whether the Listener is distinct. Hostname is particularly relevant for HTTP or HTTPS protocols. \\n When using the Hostname value to select between same-Port, same-Protocol Listeners, the Hostname value must be different on each Listener for the Listener to be distinct. \\n When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from the most specific to least specific Hostname values to choose the correct Listener and its associated set of Routes. \\n Exact matches must be processed before wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\\\"foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`. \\n Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. For example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence. \\n The wildcard character will match any number of characters _and dots_ to the left, however, so `\\\"*.example.com\\\"` will match both `\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`. \\n If a set of Listeners contains Listeners that are not distinct, then those Listeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\" condition in the Listener Status to \\\"True\\\". \\n Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they only accept the partial Listener set that contains no Conflicted Listeners. To put this another way, implementations may accept a partial Listener set only if they throw out *all* the conflicting Listeners. No picking one of the conflicting listeners as the winner. This also means that the Gateway must have at least one non-conflicting Listener in this case, otherwise it violates the requirement that at least one Listener must be present. \\n The implementation MUST set a \\\"ListenersNotValid\\\" condition on the Gateway Status when the Gateway contains Conflicted Listeners whether or not they accept the Gateway. That Condition SHOULD clearly indicate in the Message which Listeners are conflicted, and which are Accepted. Additionally, the Listener status for those listeners SHOULD indicate which Listeners are conflicted and not Accepted. \\n A Gateway's Listeners are considered \\\"compatible\\\" if: \\n 1. They are distinct. 2. The implementation can serve them in compliance with the Addresses requirement that all Listeners are available on all assigned addresses. \\n Compatible combinations in Extended support are expected to vary across implementations. A combination that is compatible for one implementation may not be compatible for another. \\n For example, an implementation that cannot serve both TCP and UDP listeners on the same address, or cannot mix HTTPS and generic TLS listens on the same port would not consider those cases compatible, even though they are distinct. \\n Note that requests SHOULD match at most one Listener. For example, if Listeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a request to \\\"foo.example.com\\\" SHOULD only be routed using routes attached to the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener). This concept is known as \\\"Listener Isolation\\\". Implementations that do not support Listener Isolation MUST clearly document this. \\n Implementations MAY merge separate Gateways onto a single set of Addresses if all Listeners across all Gateways are compatible. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='listeners', type=d.T.array)]), + withListenersMixin(listeners): { spec+: { listeners+: if std.isArray(v=listeners) then listeners else [listeners] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.0-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet b/1.0-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet new file mode 100644 index 0000000..a819833 --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet @@ -0,0 +1,72 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gatewayClass', url='', help='"GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \\n It is recommended that this resource be used as a template for Gateways. This means that a Gateway is based on the state of the GatewayClass at the time it was created and changes to the GatewayClass or associated parameters are not propagated down to existing Gateways. This recommendation is intended to limit the blast radius of changes to GatewayClass or associated parameters. If implementations choose to propagate GatewayClass changes to existing Gateways, that MUST be clearly documented by the implementation. \\n Whenever one or more Gateways are using a GatewayClass, implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the associated GatewayClass. This ensures that a GatewayClass associated with a Gateway is not deleted while in use. \\n GatewayClass is a Cluster level resource."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GatewayClass', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'GatewayClass', + } + self.metadata.withName(name=name) + self.metadata.withAnnotations(annotations={ + 'tanka.dev/namespaced': 'false', + }), + '#spec':: d.obj(help='"Spec defines the desired state of GatewayClass."'), + spec: { + '#parametersRef':: d.obj(help="\"ParametersRef is a reference to a resource that contains the configuration parameters corresponding to the GatewayClass. This is optional if the controller does not require any additional configuration. \\n ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, or an implementation-specific custom resource. The resource can be cluster-scoped or namespace-scoped. \\n If the referent cannot be found, the GatewayClass's \\\"InvalidParameters\\\" status condition will be true. \\n Support: Implementation-specific\""), + parametersRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { spec+: { parametersRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is kind of the referent."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { spec+: { parametersRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { parametersRef+: { name: name } } }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. This field is required when referring to a Namespace-scoped resource and MUST be unset when referring to a Cluster-scoped resource."', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { parametersRef+: { namespace: namespace } } }, + }, + '#withControllerName':: d.fn(help='"ControllerName is the name of the controller that is managing Gateways of this class. The value of this field MUST be a domain prefixed path. \\n Example: \\"example.net/gateway-controller\\". \\n This field is not mutable and cannot be empty. \\n Support: Core"', args=[d.arg(name='controllerName', type=d.T.string)]), + withControllerName(controllerName): { spec+: { controllerName: controllerName } }, + '#withDescription':: d.fn(help='"Description helps describe a GatewayClass with more details."', args=[d.arg(name='description', type=d.T.string)]), + withDescription(description): { spec+: { description: description } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.0-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet b/1.0-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet new file mode 100644 index 0000000..97bc9aa --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet @@ -0,0 +1,405 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='httpRoute', url='', help='"HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of HTTPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'HTTPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of HTTPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When unspecified, \\"gateway.networking.k8s.io\\" is inferred. To set the core API group (such as for a \\"Service\\" kind referent), Group must be explicitly set to \\"\\" (empty string). \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \\n Support for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. \\n Support: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \\n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \\n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \\n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \\n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \\n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Extended \\n \"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \\n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \\n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \\n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \\n Support: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of HTTP matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n This filter can be used multiple times within the same rule. \\n Support: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \\n Support: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \\n Support: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location` header in the response. \\n If no port is specified, the redirect port MUST be derived using the following rules: \\n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \\\"http\\\" to port 80 and \\\"https\\\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \\n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \\n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \\n Support: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \\n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding. \\n Support: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during forwarding. \\n Support: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations must support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \\n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \\n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \\n Support for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the \\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group \\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and extended filters. \\n This filter can be used multiple times within the same rule. \\n Support: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request headers. \\n Support: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \\n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \\n Support: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent. \\n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \\n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \\n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \\"ResolvedRefs\\" condition on the Route is set to `status: False`, with the \\"RefNotPermitted\\" reason and not configure this backend in the underlying implementation. \\n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \\n Support: Extended for Kubernetes Service \\n Support: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\". When unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example \\"Service\\". \\n Defaults to \\"Service\\" when not specified. \\n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \\n Support: Core (Services with a type other than ExternalName) \\n Support: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \\n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \\n Support: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \\n Support: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \\n Support: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location` header in the response. \\n If no port is specified, the redirect port MUST be derived using the following rules: \\n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \\\"http\\\" to port 80 and \\\"https\\\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \\n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \\n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \\n Support: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \\n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \\n Support: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \\n Support: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: add: - name: \\"my-header\\" value: \\"bar,baz\\" \\n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \\n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \\n Config: remove: [\\"my-header1\\", \\"my-header3\\"] \\n Output: GET /foo HTTP/1.1 my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value) before the action. \\n Input: GET /foo HTTP/1.1 my-header: foo \\n Config: set: - name: \\"my-header\\" value: \\"bar\\" \\n Output: GET /foo HTTP/1.1 my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding. \\n Support: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite. \\n Support: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch of \\"/xyz\\" would be modified to \\"/xyz/bar\\". \\n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \\n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \\n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be added in a future release of the API. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during forwarding. \\n Support: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \\n - Core: Filter types and their corresponding configuration defined by \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All implementations must support core filters. \\n - Extended: Filter types and their corresponding configuration defined by \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers are encouraged to support extended filters. \\n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \\"ExtensionRef\\" for custom filters. \\n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \\n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \\n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \\n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."'), + matches: { + '#headers':: d.obj(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \\n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered equivalent. \\n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \\"Set-Cookie\\"."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the header. \\n Support: Core (Exact) \\n Support: Implementation-specific (RegularExpression) \\n Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#path':: d.obj(help='"Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the \\"/\\" path is provided."'), + path: { + '#withType':: d.fn(help='"Type specifies how to match against the path Value. \\n Support: Core (Exact, PathPrefix) \\n Support: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { path+: { type: type } }, + '#withValue':: d.fn(help='"Value of the HTTP path to match against."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { path+: { value: value } }, + }, + '#queryParams':: d.obj(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"'), + queryParams: { + '#withName':: d.fn(help='"Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). \\n If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. \\n If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is *recommended* that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. \\n Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the query parameter. \\n Support: Extended (Exact) \\n Support: Implementation-specific (RegularExpression) \\n Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP query param to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withHeaders':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + '#withMethod':: d.fn(help='"Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \\n Support: Extended"', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method: method }, + '#withQueryParams':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParams(queryParams): { queryParams: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + '#withQueryParamsMixin':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \\n Support: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParamsMixin(queryParams): { queryParams+: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + }, + '#timeouts':: d.obj(help='"Timeouts defines the timeouts that can be configured for an HTTP request. \\n Support: Extended \\n "'), + timeouts: { + '#withBackendRequest':: d.fn(help='"BackendRequest specifies a timeout for an individual request from the gateway to a backend. This covers the time from when the request first starts being sent from the gateway to when the full response has been received from the backend. \\n An entire client HTTP transaction with a gateway, covered by the Request timeout, may result in more than one call from the gateway to the destination backend, for example, if automatic retries are supported. \\n Because the Request timeout encompasses the BackendRequest timeout, the value of BackendRequest must be <= the value of Request timeout. \\n Support: Extended"', args=[d.arg(name='backendRequest', type=d.T.string)]), + withBackendRequest(backendRequest): { timeouts+: { backendRequest: backendRequest } }, + '#withRequest':: d.fn(help='"Request specifies the maximum duration for a gateway to respond to an HTTP request. If the gateway has not been able to respond before this deadline is met, the gateway MUST return a timeout error. \\n For example, setting the `rules.timeouts.request` field to the value `10s` in an `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds to complete. \\n This timeout is intended to cover as close to the whole request-response transaction as possible although an implementation MAY choose to start the timeout after the entire request stream has been received instead of immediately after the transaction is initiated by the client. \\n When this field is unspecified, request timeout behavior is implementation-specific. \\n Support: Extended"', args=[d.arg(name='request', type=d.T.string)]), + withRequest(request): { timeouts+: { request: request } }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be sent. \\n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \\n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \\n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \\n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \\n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \\n Support: Core for Kubernetes Service \\n Support: Extended for Kubernetes ServiceImport \\n Support: Implementation-specific for any other resource \\n Support for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match this rule. \\n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \\n Conformance-levels at this level are defined based on the type of filter: \\n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \\n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \\n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \\n For example, take the following matches configuration: \\n ``` matches: - path: value: \\"/foo\\" headers: - name: \\"version\\" value: \\"v2\\" - path: value: \\"/v2/foo\\" ``` \\n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \\n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \\n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \\n If no matches are specified, the default is a prefix path match on \\"/\\", which has the effect of matching every HTTP request. \\n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \\n * \\"Exact\\" path match. * \\"Prefix\\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \\n Note: The precedence of RegularExpression path matches are implementation-specific. \\n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \\n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \\"{namespace}/{name}\\". \\n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \\n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \\n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \\n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \\n Support: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \\n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \\n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \\n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \\n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \\n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \\n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \\n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \\n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \\n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \\n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \\n Support: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \\"producer\\" route, or the mesh implementation must support and allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \\"producer\\" route for a Service in a different namespace from the Route. \\n There are two kinds of parent resources with \\"Core\\" support: \\n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \\n ParentRefs must be _distinct_. This means either that: \\n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \\n Some examples: \\n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \\n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \\n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \\n ParentRefs from a Route to a Service in the same namespace are \\"producer\\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \\n ParentRefs from a Route to a Service in a different namespace are \\"consumer\\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \\n "\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.0-experimental/_gen/gateway/v1beta1/main.libsonnet b/1.0-experimental/_gen/gateway/v1beta1/main.libsonnet new file mode 100644 index 0000000..e6189e7 --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1beta1/main.libsonnet @@ -0,0 +1,8 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1beta1', url='', help=''), + gateway: (import 'gateway.libsonnet'), + gatewayClass: (import 'gatewayClass.libsonnet'), + httpRoute: (import 'httpRoute.libsonnet'), + referenceGrant: (import 'referenceGrant.libsonnet'), +} diff --git a/1.0-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet b/1.0-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet new file mode 100644 index 0000000..b075afe --- /dev/null +++ b/1.0-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet @@ -0,0 +1,81 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='referenceGrant', url='', help='"ReferenceGrant identifies kinds of resources in other namespaces that are trusted to reference the specified kinds of resources in the same namespace as the policy. \\n Each ReferenceGrant can be used to represent a unique trust relationship. Additional Reference Grants can be used to add to the set of trusted sources of inbound references for the namespace they are defined within. \\n All cross-namespace references in Gateway API (with the exception of cross-namespace Gateway-route attachment) require a ReferenceGrant. \\n ReferenceGrant is a form of runtime verification allowing users to assert which cross-namespace object references are permitted. Implementations that support ReferenceGrant MUST NOT permit cross-namespace references which have no grant, and MUST respond to the removal of a grant by revoking the access that the grant allowed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of ReferenceGrant', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'ReferenceGrant', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of ReferenceGrant."'), + spec: { + '#from':: d.obj(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"'), + from: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \\"Core\\" support level for this field. \\n When used to permit a SecretObjectReference: \\n * Gateway \\n When used to permit a BackendObjectReference: \\n * GRPCRoute * HTTPRoute * TCPRoute * TLSRoute * UDPRoute"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. \\n Support: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#to':: d.obj(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"'), + to: { + '#withGroup':: d.fn(help='"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \\n Support: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \\"Core\\" support level for this field: \\n * Secret when used to permit a SecretObjectReference * Service when used to permit a BackendObjectReference"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. When unspecified, this policy refers to all resources of the specified Group and Kind in the local namespace."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withFrom':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"', args=[d.arg(name='from', type=d.T.array)]), + withFrom(from): { spec+: { from: if std.isArray(v=from) then from else [from] } }, + '#withFromMixin':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the resources described in \\"To\\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='from', type=d.T.array)]), + withFromMixin(from): { spec+: { from+: if std.isArray(v=from) then from else [from] } }, + '#withTo':: d.fn(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"', args=[d.arg(name='to', type=d.T.array)]), + withTo(to): { spec+: { to: if std.isArray(v=to) then to else [to] } }, + '#withToMixin':: d.fn(help='"To describes the resources that may be referenced by the resources described in \\"From\\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \\n Support: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='to', type=d.T.array)]), + withToMixin(to): { spec+: { to+: if std.isArray(v=to) then to else [to] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.0-experimental/gen.libsonnet b/1.0-experimental/gen.libsonnet new file mode 100644 index 0000000..0bdf49b --- /dev/null +++ b/1.0-experimental/gen.libsonnet @@ -0,0 +1,5 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway-api', url='github.com/jsonnet-libs/gateway-api-libsonnet/1.0-experimental/main.libsonnet', help=''), + gateway:: (import '_gen/gateway/main.libsonnet'), +} diff --git a/1.0-experimental/main.libsonnet b/1.0-experimental/main.libsonnet new file mode 100644 index 0000000..f5597a5 --- /dev/null +++ b/1.0-experimental/main.libsonnet @@ -0,0 +1 @@ +(import 'gen.libsonnet') diff --git a/1.1-experimental/_gen/gateway/main.libsonnet b/1.1-experimental/_gen/gateway/main.libsonnet new file mode 100644 index 0000000..4b6408a --- /dev/null +++ b/1.1-experimental/_gen/gateway/main.libsonnet @@ -0,0 +1,8 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help=''), + v1: (import 'v1/main.libsonnet'), + v1alpha2: (import 'v1alpha2/main.libsonnet'), + v1alpha3: (import 'v1alpha3/main.libsonnet'), + v1beta1: (import 'v1beta1/main.libsonnet'), +} diff --git a/1.1-experimental/_gen/gateway/v1/gateway.libsonnet b/1.1-experimental/_gen/gateway/v1/gateway.libsonnet new file mode 100644 index 0000000..d932cba --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1/gateway.libsonnet @@ -0,0 +1,186 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help='"Gateway represents an instance of a service-traffic handling infrastructure\\nby binding Listeners to a set of IP addresses."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of Gateway', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'Gateway', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of Gateway."'), + spec: { + '#addresses':: d.obj(help='"Addresses requested for this Gateway. This is optional and behavior can\\ndepend on the implementation. If a value is set in the spec and the\\nrequested address is invalid or unavailable, the implementation MUST\\nindicate this in the associated entry in GatewayStatus.Addresses.\\n\\n\\nThe Addresses field represents a request for the address(es) on the\\n\\"outside of the Gateway\\", that traffic bound for this Gateway will use.\\nThis could be the IP address or hostname of an external load balancer or\\nother networking infrastructure, or some other address that traffic will\\nbe sent to.\\n\\n\\nIf no Addresses are specified, the implementation MAY schedule the\\nGateway in an implementation-specific manner, assigning an appropriate\\nset of Addresses.\\n\\n\\nThe implementation MUST bind all Listeners to every GatewayAddress that\\nit assigns to the Gateway and add a corresponding entry in\\nGatewayStatus.Addresses.\\n\\n\\nSupport: Extended\\n\\n\\n"'), + addresses: { + '#withType':: d.fn(help='"Type of the address."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value of the address. The validity of the values will depend\\non the type and support by the controller.\\n\\n\\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#infrastructure':: d.obj(help='"Infrastructure defines infrastructure level attributes about this Gateway instance.\\n\\n\\nSupport: Core\\n\\n\\n"'), + infrastructure: { + '#parametersRef':: d.obj(help="\"ParametersRef is a reference to a resource that contains the configuration\\nparameters corresponding to the Gateway. This is optional if the\\ncontroller does not require any additional configuration.\\n\\n\\nThis follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis\\n\\n\\nThe Gateway's GatewayClass may provide its own `parametersRef`. When both are specified,\\nthe merging behavior is implementation specific.\\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\\n\\n\\nSupport: Implementation-specific\""), + parametersRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { spec+: { infrastructure+: { parametersRef+: { group: group } } } }, + '#withKind':: d.fn(help='"Kind is kind of the referent."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { spec+: { infrastructure+: { parametersRef+: { kind: kind } } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { infrastructure+: { parametersRef+: { name: name } } } }, + }, + '#withAnnotations':: d.fn(help='"Annotations that SHOULD be applied to any resources created in response to this Gateway.\\n\\n\\nFor implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.\\nFor other implementations, this refers to any relevant (implementation specific) \\"annotations\\" concepts.\\n\\n\\nAn implementation may chose to add additional implementation-specific annotations as they see fit.\\n\\n\\nSupport: Extended"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { spec+: { infrastructure+: { annotations: annotations } } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations that SHOULD be applied to any resources created in response to this Gateway.\\n\\n\\nFor implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.\\nFor other implementations, this refers to any relevant (implementation specific) \\"annotations\\" concepts.\\n\\n\\nAn implementation may chose to add additional implementation-specific annotations as they see fit.\\n\\n\\nSupport: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { spec+: { infrastructure+: { annotations+: annotations } } }, + '#withLabels':: d.fn(help='"Labels that SHOULD be applied to any resources created in response to this Gateway.\\n\\n\\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\\nFor other implementations, this refers to any relevant (implementation specific) \\"labels\\" concepts.\\n\\n\\nAn implementation may chose to add additional implementation-specific labels as they see fit.\\n\\n\\nSupport: Extended"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { spec+: { infrastructure+: { labels: labels } } }, + '#withLabelsMixin':: d.fn(help='"Labels that SHOULD be applied to any resources created in response to this Gateway.\\n\\n\\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\\nFor other implementations, this refers to any relevant (implementation specific) \\"labels\\" concepts.\\n\\n\\nAn implementation may chose to add additional implementation-specific labels as they see fit.\\n\\n\\nSupport: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { spec+: { infrastructure+: { labels+: labels } } }, + }, + '#listeners':: d.obj(help="\"Listeners associated with this Gateway. Listeners define\\nlogical endpoints that are bound on this Gateway's addresses.\\nAt least one Listener MUST be specified.\\n\\n\\nEach Listener in a set of Listeners (for example, in a single Gateway)\\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\\nexactly one listener. (This section uses \\\"set of Listeners\\\" rather than\\n\\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration\\nfrom multiple Gateways onto a single data plane, and these rules _also_\\napply in that case).\\n\\n\\nPractically, this means that each listener in a set MUST have a unique\\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\\n\\n\\nSome combinations of port, protocol, and TLS settings are considered\\nCore support and MUST be supported by implementations based on their\\ntargeted conformance profile:\\n\\n\\nHTTP Profile\\n\\n\\n1. HTTPRoute, Port: 80, Protocol: HTTP\\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\\n\\n\\nTLS Profile\\n\\n\\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\\n\\n\\n\\\"Distinct\\\" Listeners have the following property:\\n\\n\\nThe implementation can match inbound requests to a single distinct\\nListener. When multiple Listeners share values for fields (for\\nexample, two Listeners with the same Port value), the implementation\\ncan match requests to only one of the Listeners using other\\nListener fields.\\n\\n\\nFor example, the following Listener scenarios are distinct:\\n\\n\\n1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\"\\n Protocol that all have unique Hostname values.\\n2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or\\n \\\"TLS\\\" Protocol that all have unique Hostname values.\\n3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener\\n with the same Protocol has the same Port value.\\n\\n\\nSome fields in the Listener struct have possible values that affect\\nwhether the Listener is distinct. Hostname is particularly relevant\\nfor HTTP or HTTPS protocols.\\n\\n\\nWhen using the Hostname value to select between same-Port, same-Protocol\\nListeners, the Hostname value must be different on each Listener for the\\nListener to be distinct.\\n\\n\\nWhen the Listeners are distinct based on Hostname, inbound request\\nhostnames MUST match from the most specific to least specific Hostname\\nvalues to choose the correct Listener and its associated set of Routes.\\n\\n\\nExact matches must be processed before wildcard matches, and wildcard\\nmatches must be processed before fallback (empty Hostname value)\\nmatches. For example, `\\\"foo.example.com\\\"` takes precedence over\\n`\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`.\\n\\n\\nAdditionally, if there are multiple wildcard entries, more specific\\nwildcard entries must be processed before less specific wildcard entries.\\nFor example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`.\\nThe precise definition here is that the higher the number of dots in the\\nhostname to the right of the wildcard character, the higher the precedence.\\n\\n\\nThe wildcard character will match any number of characters _and dots_ to\\nthe left, however, so `\\\"*.example.com\\\"` will match both\\n`\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`.\\n\\n\\nIf a set of Listeners contains Listeners that are not distinct, then those\\nListeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\"\\ncondition in the Listener Status to \\\"True\\\".\\n\\n\\nImplementations MAY choose to accept a Gateway with some Conflicted\\nListeners only if they only accept the partial Listener set that contains\\nno Conflicted Listeners. To put this another way, implementations may\\naccept a partial Listener set only if they throw out *all* the conflicting\\nListeners. No picking one of the conflicting listeners as the winner.\\nThis also means that the Gateway must have at least one non-conflicting\\nListener in this case, otherwise it violates the requirement that at\\nleast one Listener must be present.\\n\\n\\nThe implementation MUST set a \\\"ListenersNotValid\\\" condition on the\\nGateway Status when the Gateway contains Conflicted Listeners whether or\\nnot they accept the Gateway. That Condition SHOULD clearly\\nindicate in the Message which Listeners are conflicted, and which are\\nAccepted. Additionally, the Listener status for those listeners SHOULD\\nindicate which Listeners are conflicted and not Accepted.\\n\\n\\nA Gateway's Listeners are considered \\\"compatible\\\" if:\\n\\n\\n1. They are distinct.\\n2. The implementation can serve them in compliance with the Addresses\\n requirement that all Listeners are available on all assigned\\n addresses.\\n\\n\\nCompatible combinations in Extended support are expected to vary across\\nimplementations. A combination that is compatible for one implementation\\nmay not be compatible for another.\\n\\n\\nFor example, an implementation that cannot serve both TCP and UDP listeners\\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\\nwould not consider those cases compatible, even though they are distinct.\\n\\n\\nNote that requests SHOULD match at most one Listener. For example, if\\nListeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a\\nrequest to \\\"foo.example.com\\\" SHOULD only be routed using routes attached\\nto the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener).\\nThis concept is known as \\\"Listener Isolation\\\". Implementations that do\\nnot support Listener Isolation MUST clearly document this.\\n\\n\\nImplementations MAY merge separate Gateways onto a single set of\\nAddresses if all Listeners across all Gateways are compatible.\\n\\n\\nSupport: Core\""), + listeners: { + '#allowedRoutes':: d.obj(help='"AllowedRoutes defines the types of routes that MAY be attached to a\\nListener and the trusted namespaces where those Route resources MAY be\\npresent.\\n\\n\\nAlthough a client request may match multiple route rules, only one rule\\nmay ultimately receive the request. Matching precedence MUST be\\ndetermined in order of the following criteria:\\n\\n\\n* The most specific match as defined by the Route type.\\n* The oldest Route based on creation timestamp. For example, a Route with\\n a creation timestamp of \\"2020-09-08 01:02:03\\" is given precedence over\\n a Route with a creation timestamp of \\"2020-09-08 01:02:04\\".\\n* If everything else is equivalent, the Route appearing first in\\n alphabetical order (namespace/name) should be given precedence. For\\n example, foo/bar is given precedence over foo/baz.\\n\\n\\nAll valid rules within a Route attached to this Listener should be\\nimplemented. Invalid Route rules can be ignored (sometimes that will mean\\nthe full Route). If a Route rule transitions from valid to invalid,\\nsupport for that Route rule should be dropped to ensure consistency. For\\nexample, even if a filter specified by a Route rule is invalid, the rest\\nof the rules within that Route should still be supported.\\n\\n\\nSupport: Core"'), + allowedRoutes: { + '#kinds':: d.obj(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind\\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\\nselected are determined using the Listener protocol.\\n\\n\\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\\nwith the application protocol specified in the Listener's Protocol field.\\nIf an implementation does not support or recognize this resource type, it\\nMUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the\\n\\\"InvalidRouteKinds\\\" reason.\\n\\n\\nSupport: Core\""), + kinds: { + '#withGroup':: d.fn(help='"Group is the group of the Route."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the Route."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + }, + '#namespaces':: d.obj(help='"Namespaces indicates namespaces from which Routes may be attached to this\\nListener. This is restricted to the namespace of this Gateway by default.\\n\\n\\nSupport: Core"'), + namespaces: { + '#selector':: d.obj(help='"Selector must be specified when From is set to \\"Selector\\". In that case,\\nonly Routes in Namespaces matching this Selector will be selected by this\\nGateway. This field is ignored for other values of \\"From\\".\\n\\n\\nSupport: Core"'), + selector: { + '#matchExpressions':: d.obj(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."'), + matchExpressions: { + '#withKey':: d.fn(help='"key is the label key that the selector applies to."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withOperator':: d.fn(help="\"operator represents a key's relationship to a set of values.\\nValid operators are In, NotIn, Exists and DoesNotExist.\"", args=[d.arg(name='operator', type=d.T.string)]), + withOperator(operator): { operator: operator }, + '#withValues':: d.fn(help='"values is an array of string values. If the operator is In or NotIn,\\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\\nthe values array must be empty. This array is replaced during a strategic\\nmerge patch."', args=[d.arg(name='values', type=d.T.array)]), + withValues(values): { values: if std.isArray(v=values) then values else [values] }, + '#withValuesMixin':: d.fn(help='"values is an array of string values. If the operator is In or NotIn,\\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\\nthe values array must be empty. This array is replaced during a strategic\\nmerge patch."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='values', type=d.T.array)]), + withValuesMixin(values): { values+: if std.isArray(v=values) then values else [values] }, + }, + '#withMatchExpressions':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressions(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchExpressionsMixin':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressionsMixin(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions+: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchLabels':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\\nmap is equivalent to an element of matchExpressions, whose key field is \\"key\\", the\\noperator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabels(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels: matchLabels } } } }, + '#withMatchLabelsMixin':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\\nmap is equivalent to an element of matchExpressions, whose key field is \\"key\\", the\\noperator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabelsMixin(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels+: matchLabels } } } }, + }, + '#withFrom':: d.fn(help='"From indicates where Routes will be selected for this Gateway. Possible\\nvalues are:\\n\\n\\n* All: Routes in all namespaces may be used by this Gateway.\\n* Selector: Routes in namespaces selected by the selector may be used by\\n this Gateway.\\n* Same: Only Routes in the same namespace may be used by this Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='from', type=d.T.string)]), + withFrom(from): { allowedRoutes+: { namespaces+: { from: from } } }, + }, + '#withKinds':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind\\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\\nselected are determined using the Listener protocol.\\n\\n\\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\\nwith the application protocol specified in the Listener's Protocol field.\\nIf an implementation does not support or recognize this resource type, it\\nMUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the\\n\\\"InvalidRouteKinds\\\" reason.\\n\\n\\nSupport: Core\"", args=[d.arg(name='kinds', type=d.T.array)]), + withKinds(kinds): { allowedRoutes+: { kinds: if std.isArray(v=kinds) then kinds else [kinds] } }, + '#withKindsMixin':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind\\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\\nselected are determined using the Listener protocol.\\n\\n\\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\\nwith the application protocol specified in the Listener's Protocol field.\\nIf an implementation does not support or recognize this resource type, it\\nMUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the\\n\\\"InvalidRouteKinds\\\" reason.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='kinds', type=d.T.array)]), + withKindsMixin(kinds): { allowedRoutes+: { kinds+: if std.isArray(v=kinds) then kinds else [kinds] } }, + }, + '#tls':: d.obj(help='"TLS is the TLS configuration for the Listener. This field is required if\\nthe Protocol field is \\"HTTPS\\" or \\"TLS\\". It is invalid to set this field\\nif the Protocol field is \\"HTTP\\", \\"TCP\\", or \\"UDP\\".\\n\\n\\nThe association of SNIs to Certificate defined in GatewayTLSConfig is\\ndefined based on the Hostname field for this listener.\\n\\n\\nThe GatewayClass MUST use the longest matching SNI out of all\\navailable certificates for any TLS handshake.\\n\\n\\nSupport: Core"'), + tls: { + '#certificateRefs':: d.obj(help='"CertificateRefs contains a series of references to Kubernetes objects that\\ncontains TLS certificates and private keys. These certificates are used to\\nestablish a TLS handshake for requests that match the hostname of the\\nassociated listener.\\n\\n\\nA single CertificateRef to a Kubernetes Secret has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nReferences to a resource in different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason.\\n\\n\\nThis field is required to have at least one element when the mode is set\\nto \\"Terminate\\" (default) and is optional otherwise.\\n\\n\\nCertificateRefs can reference to standard Kubernetes resources, i.e.\\nSecret, or implementation-specific custom resources.\\n\\n\\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\\n\\n\\nSupport: Implementation-specific (More than one reference or other resource types)"'), + certificateRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"Secret\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the referenced object. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#frontendValidation':: d.obj(help='"FrontendValidation holds configuration information for validating the frontend (client).\\nSetting this field will require clients to send a client certificate\\nrequired for validation during the TLS handshake. In browsers this may result in a dialog appearing\\nthat requests a user to specify the client certificate.\\nThe maximum depth of a certificate chain accepted in verification is Implementation specific.\\n\\n\\nSupport: Extended\\n\\n\\n"'), + frontendValidation: { + '#caCertificateRefs':: d.obj(help='"CACertificateRefs contains one or more references to\\nKubernetes objects that contain TLS certificates of\\nthe Certificate Authorities that can be used\\nas a trust anchor to validate the certificates presented by the client.\\n\\n\\nA single CA certificate reference to a Kubernetes ConfigMap\\nhas \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple CA certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nSupport: Core - A single reference to a Kubernetes ConfigMap\\nwith the CA certificate in a key named `ca.crt`.\\n\\n\\nSupport: Implementation-specific (More than one reference, or other kinds\\nof resources).\\n\\n\\nReferences to a resource in a different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason."'), + caCertificateRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"ConfigMap\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the referenced object. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#withCaCertificateRefs':: d.fn(help='"CACertificateRefs contains one or more references to\\nKubernetes objects that contain TLS certificates of\\nthe Certificate Authorities that can be used\\nas a trust anchor to validate the certificates presented by the client.\\n\\n\\nA single CA certificate reference to a Kubernetes ConfigMap\\nhas \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple CA certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nSupport: Core - A single reference to a Kubernetes ConfigMap\\nwith the CA certificate in a key named `ca.crt`.\\n\\n\\nSupport: Implementation-specific (More than one reference, or other kinds\\nof resources).\\n\\n\\nReferences to a resource in a different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason."', args=[d.arg(name='caCertificateRefs', type=d.T.array)]), + withCaCertificateRefs(caCertificateRefs): { tls+: { frontendValidation+: { caCertificateRefs: if std.isArray(v=caCertificateRefs) then caCertificateRefs else [caCertificateRefs] } } }, + '#withCaCertificateRefsMixin':: d.fn(help='"CACertificateRefs contains one or more references to\\nKubernetes objects that contain TLS certificates of\\nthe Certificate Authorities that can be used\\nas a trust anchor to validate the certificates presented by the client.\\n\\n\\nA single CA certificate reference to a Kubernetes ConfigMap\\nhas \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple CA certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nSupport: Core - A single reference to a Kubernetes ConfigMap\\nwith the CA certificate in a key named `ca.crt`.\\n\\n\\nSupport: Implementation-specific (More than one reference, or other kinds\\nof resources).\\n\\n\\nReferences to a resource in a different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='caCertificateRefs', type=d.T.array)]), + withCaCertificateRefsMixin(caCertificateRefs): { tls+: { frontendValidation+: { caCertificateRefs+: if std.isArray(v=caCertificateRefs) then caCertificateRefs else [caCertificateRefs] } } }, + }, + '#withCertificateRefs':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that\\ncontains TLS certificates and private keys. These certificates are used to\\nestablish a TLS handshake for requests that match the hostname of the\\nassociated listener.\\n\\n\\nA single CertificateRef to a Kubernetes Secret has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nReferences to a resource in different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason.\\n\\n\\nThis field is required to have at least one element when the mode is set\\nto \\"Terminate\\" (default) and is optional otherwise.\\n\\n\\nCertificateRefs can reference to standard Kubernetes resources, i.e.\\nSecret, or implementation-specific custom resources.\\n\\n\\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\\n\\n\\nSupport: Implementation-specific (More than one reference or other resource types)"', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefs(certificateRefs): { tls+: { certificateRefs: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withCertificateRefsMixin':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that\\ncontains TLS certificates and private keys. These certificates are used to\\nestablish a TLS handshake for requests that match the hostname of the\\nassociated listener.\\n\\n\\nA single CertificateRef to a Kubernetes Secret has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nReferences to a resource in different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason.\\n\\n\\nThis field is required to have at least one element when the mode is set\\nto \\"Terminate\\" (default) and is optional otherwise.\\n\\n\\nCertificateRefs can reference to standard Kubernetes resources, i.e.\\nSecret, or implementation-specific custom resources.\\n\\n\\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\\n\\n\\nSupport: Implementation-specific (More than one reference or other resource types)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefsMixin(certificateRefs): { tls+: { certificateRefs+: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withMode':: d.fn(help="\"Mode defines the TLS behavior for the TLS session initiated by the client.\\nThere are two possible modes:\\n\\n\\n- Terminate: The TLS session between the downstream client and the\\n Gateway is terminated at the Gateway. This mode requires certificates\\n to be specified in some way, such as populating the certificateRefs\\n field.\\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\\n implies that the Gateway can't decipher the TLS stream except for\\n the ClientHello message of the TLS protocol. The certificateRefs field\\n is ignored in this mode.\\n\\n\\nSupport: Core\"", args=[d.arg(name='mode', type=d.T.string)]), + withMode(mode): { tls+: { mode: mode } }, + '#withOptions':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS\\nconfiguration for each implementation. For example, configuring the\\nminimum TLS version or supported cipher suites.\\n\\n\\nA set of common keys MAY be defined by the API in the future. To avoid\\nany ambiguity, implementation-specific definitions MUST use\\ndomain-prefixed names, such as `example.com/my-custom-option`.\\nUn-prefixed names are reserved for key names defined by Gateway API.\\n\\n\\nSupport: Implementation-specific"', args=[d.arg(name='options', type=d.T.object)]), + withOptions(options): { tls+: { options: options } }, + '#withOptionsMixin':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS\\nconfiguration for each implementation. For example, configuring the\\nminimum TLS version or supported cipher suites.\\n\\n\\nA set of common keys MAY be defined by the API in the future. To avoid\\nany ambiguity, implementation-specific definitions MUST use\\ndomain-prefixed names, such as `example.com/my-custom-option`.\\nUn-prefixed names are reserved for key names defined by Gateway API.\\n\\n\\nSupport: Implementation-specific"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='options', type=d.T.object)]), + withOptionsMixin(options): { tls+: { options+: options } }, + }, + '#withHostname':: d.fn(help="\"Hostname specifies the virtual hostname to match for protocol types that\\ndefine this concept. When unspecified, all hostnames are matched. This\\nfield is ignored for protocols that don't require hostname based\\nmatching.\\n\\n\\nImplementations MUST apply Hostname matching appropriately for each of\\nthe following protocols:\\n\\n\\n* TLS: The Listener Hostname MUST match the SNI.\\n* HTTP: The Listener Hostname MUST match the Host header of the request.\\n* HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP\\n protocol layers as described above. If an implementation does not\\n ensure that both the SNI and Host header match the Listener hostname,\\n it MUST clearly document that.\\n\\n\\nFor HTTPRoute and TLSRoute resources, there is an interaction with the\\n`spec.hostnames` array. When both listener and route specify hostnames,\\nthere MUST be an intersection between the values for a Route to be\\naccepted. For more information, refer to the Route specific Hostnames\\ndocumentation.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nSupport: Core\"", args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { hostname: hostname }, + '#withName':: d.fn(help='"Name is the name of the Listener. This name MUST be unique within a\\nGateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withPort':: d.fn(help='"Port is the network port. Multiple listeners may use the\\nsame port, subject to the Listener compatibility rules.\\n\\n\\nSupport: Core"', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withProtocol':: d.fn(help='"Protocol specifies the network protocol this listener expects to receive.\\n\\n\\nSupport: Core"', args=[d.arg(name='protocol', type=d.T.string)]), + withProtocol(protocol): { protocol: protocol }, + }, + '#withAddresses':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can\\ndepend on the implementation. If a value is set in the spec and the\\nrequested address is invalid or unavailable, the implementation MUST\\nindicate this in the associated entry in GatewayStatus.Addresses.\\n\\n\\nThe Addresses field represents a request for the address(es) on the\\n\\"outside of the Gateway\\", that traffic bound for this Gateway will use.\\nThis could be the IP address or hostname of an external load balancer or\\nother networking infrastructure, or some other address that traffic will\\nbe sent to.\\n\\n\\nIf no Addresses are specified, the implementation MAY schedule the\\nGateway in an implementation-specific manner, assigning an appropriate\\nset of Addresses.\\n\\n\\nThe implementation MUST bind all Listeners to every GatewayAddress that\\nit assigns to the Gateway and add a corresponding entry in\\nGatewayStatus.Addresses.\\n\\n\\nSupport: Extended\\n\\n\\n"', args=[d.arg(name='addresses', type=d.T.array)]), + withAddresses(addresses): { spec+: { addresses: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withAddressesMixin':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can\\ndepend on the implementation. If a value is set in the spec and the\\nrequested address is invalid or unavailable, the implementation MUST\\nindicate this in the associated entry in GatewayStatus.Addresses.\\n\\n\\nThe Addresses field represents a request for the address(es) on the\\n\\"outside of the Gateway\\", that traffic bound for this Gateway will use.\\nThis could be the IP address or hostname of an external load balancer or\\nother networking infrastructure, or some other address that traffic will\\nbe sent to.\\n\\n\\nIf no Addresses are specified, the implementation MAY schedule the\\nGateway in an implementation-specific manner, assigning an appropriate\\nset of Addresses.\\n\\n\\nThe implementation MUST bind all Listeners to every GatewayAddress that\\nit assigns to the Gateway and add a corresponding entry in\\nGatewayStatus.Addresses.\\n\\n\\nSupport: Extended\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='addresses', type=d.T.array)]), + withAddressesMixin(addresses): { spec+: { addresses+: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withGatewayClassName':: d.fn(help='"GatewayClassName used for this Gateway. This is the name of a\\nGatewayClass resource."', args=[d.arg(name='gatewayClassName', type=d.T.string)]), + withGatewayClassName(gatewayClassName): { spec+: { gatewayClassName: gatewayClassName } }, + '#withListeners':: d.fn(help="\"Listeners associated with this Gateway. Listeners define\\nlogical endpoints that are bound on this Gateway's addresses.\\nAt least one Listener MUST be specified.\\n\\n\\nEach Listener in a set of Listeners (for example, in a single Gateway)\\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\\nexactly one listener. (This section uses \\\"set of Listeners\\\" rather than\\n\\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration\\nfrom multiple Gateways onto a single data plane, and these rules _also_\\napply in that case).\\n\\n\\nPractically, this means that each listener in a set MUST have a unique\\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\\n\\n\\nSome combinations of port, protocol, and TLS settings are considered\\nCore support and MUST be supported by implementations based on their\\ntargeted conformance profile:\\n\\n\\nHTTP Profile\\n\\n\\n1. HTTPRoute, Port: 80, Protocol: HTTP\\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\\n\\n\\nTLS Profile\\n\\n\\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\\n\\n\\n\\\"Distinct\\\" Listeners have the following property:\\n\\n\\nThe implementation can match inbound requests to a single distinct\\nListener. When multiple Listeners share values for fields (for\\nexample, two Listeners with the same Port value), the implementation\\ncan match requests to only one of the Listeners using other\\nListener fields.\\n\\n\\nFor example, the following Listener scenarios are distinct:\\n\\n\\n1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\"\\n Protocol that all have unique Hostname values.\\n2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or\\n \\\"TLS\\\" Protocol that all have unique Hostname values.\\n3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener\\n with the same Protocol has the same Port value.\\n\\n\\nSome fields in the Listener struct have possible values that affect\\nwhether the Listener is distinct. Hostname is particularly relevant\\nfor HTTP or HTTPS protocols.\\n\\n\\nWhen using the Hostname value to select between same-Port, same-Protocol\\nListeners, the Hostname value must be different on each Listener for the\\nListener to be distinct.\\n\\n\\nWhen the Listeners are distinct based on Hostname, inbound request\\nhostnames MUST match from the most specific to least specific Hostname\\nvalues to choose the correct Listener and its associated set of Routes.\\n\\n\\nExact matches must be processed before wildcard matches, and wildcard\\nmatches must be processed before fallback (empty Hostname value)\\nmatches. For example, `\\\"foo.example.com\\\"` takes precedence over\\n`\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`.\\n\\n\\nAdditionally, if there are multiple wildcard entries, more specific\\nwildcard entries must be processed before less specific wildcard entries.\\nFor example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`.\\nThe precise definition here is that the higher the number of dots in the\\nhostname to the right of the wildcard character, the higher the precedence.\\n\\n\\nThe wildcard character will match any number of characters _and dots_ to\\nthe left, however, so `\\\"*.example.com\\\"` will match both\\n`\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`.\\n\\n\\nIf a set of Listeners contains Listeners that are not distinct, then those\\nListeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\"\\ncondition in the Listener Status to \\\"True\\\".\\n\\n\\nImplementations MAY choose to accept a Gateway with some Conflicted\\nListeners only if they only accept the partial Listener set that contains\\nno Conflicted Listeners. To put this another way, implementations may\\naccept a partial Listener set only if they throw out *all* the conflicting\\nListeners. No picking one of the conflicting listeners as the winner.\\nThis also means that the Gateway must have at least one non-conflicting\\nListener in this case, otherwise it violates the requirement that at\\nleast one Listener must be present.\\n\\n\\nThe implementation MUST set a \\\"ListenersNotValid\\\" condition on the\\nGateway Status when the Gateway contains Conflicted Listeners whether or\\nnot they accept the Gateway. That Condition SHOULD clearly\\nindicate in the Message which Listeners are conflicted, and which are\\nAccepted. Additionally, the Listener status for those listeners SHOULD\\nindicate which Listeners are conflicted and not Accepted.\\n\\n\\nA Gateway's Listeners are considered \\\"compatible\\\" if:\\n\\n\\n1. They are distinct.\\n2. The implementation can serve them in compliance with the Addresses\\n requirement that all Listeners are available on all assigned\\n addresses.\\n\\n\\nCompatible combinations in Extended support are expected to vary across\\nimplementations. A combination that is compatible for one implementation\\nmay not be compatible for another.\\n\\n\\nFor example, an implementation that cannot serve both TCP and UDP listeners\\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\\nwould not consider those cases compatible, even though they are distinct.\\n\\n\\nNote that requests SHOULD match at most one Listener. For example, if\\nListeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a\\nrequest to \\\"foo.example.com\\\" SHOULD only be routed using routes attached\\nto the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener).\\nThis concept is known as \\\"Listener Isolation\\\". Implementations that do\\nnot support Listener Isolation MUST clearly document this.\\n\\n\\nImplementations MAY merge separate Gateways onto a single set of\\nAddresses if all Listeners across all Gateways are compatible.\\n\\n\\nSupport: Core\"", args=[d.arg(name='listeners', type=d.T.array)]), + withListeners(listeners): { spec+: { listeners: if std.isArray(v=listeners) then listeners else [listeners] } }, + '#withListenersMixin':: d.fn(help="\"Listeners associated with this Gateway. Listeners define\\nlogical endpoints that are bound on this Gateway's addresses.\\nAt least one Listener MUST be specified.\\n\\n\\nEach Listener in a set of Listeners (for example, in a single Gateway)\\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\\nexactly one listener. (This section uses \\\"set of Listeners\\\" rather than\\n\\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration\\nfrom multiple Gateways onto a single data plane, and these rules _also_\\napply in that case).\\n\\n\\nPractically, this means that each listener in a set MUST have a unique\\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\\n\\n\\nSome combinations of port, protocol, and TLS settings are considered\\nCore support and MUST be supported by implementations based on their\\ntargeted conformance profile:\\n\\n\\nHTTP Profile\\n\\n\\n1. HTTPRoute, Port: 80, Protocol: HTTP\\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\\n\\n\\nTLS Profile\\n\\n\\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\\n\\n\\n\\\"Distinct\\\" Listeners have the following property:\\n\\n\\nThe implementation can match inbound requests to a single distinct\\nListener. When multiple Listeners share values for fields (for\\nexample, two Listeners with the same Port value), the implementation\\ncan match requests to only one of the Listeners using other\\nListener fields.\\n\\n\\nFor example, the following Listener scenarios are distinct:\\n\\n\\n1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\"\\n Protocol that all have unique Hostname values.\\n2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or\\n \\\"TLS\\\" Protocol that all have unique Hostname values.\\n3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener\\n with the same Protocol has the same Port value.\\n\\n\\nSome fields in the Listener struct have possible values that affect\\nwhether the Listener is distinct. Hostname is particularly relevant\\nfor HTTP or HTTPS protocols.\\n\\n\\nWhen using the Hostname value to select between same-Port, same-Protocol\\nListeners, the Hostname value must be different on each Listener for the\\nListener to be distinct.\\n\\n\\nWhen the Listeners are distinct based on Hostname, inbound request\\nhostnames MUST match from the most specific to least specific Hostname\\nvalues to choose the correct Listener and its associated set of Routes.\\n\\n\\nExact matches must be processed before wildcard matches, and wildcard\\nmatches must be processed before fallback (empty Hostname value)\\nmatches. For example, `\\\"foo.example.com\\\"` takes precedence over\\n`\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`.\\n\\n\\nAdditionally, if there are multiple wildcard entries, more specific\\nwildcard entries must be processed before less specific wildcard entries.\\nFor example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`.\\nThe precise definition here is that the higher the number of dots in the\\nhostname to the right of the wildcard character, the higher the precedence.\\n\\n\\nThe wildcard character will match any number of characters _and dots_ to\\nthe left, however, so `\\\"*.example.com\\\"` will match both\\n`\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`.\\n\\n\\nIf a set of Listeners contains Listeners that are not distinct, then those\\nListeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\"\\ncondition in the Listener Status to \\\"True\\\".\\n\\n\\nImplementations MAY choose to accept a Gateway with some Conflicted\\nListeners only if they only accept the partial Listener set that contains\\nno Conflicted Listeners. To put this another way, implementations may\\naccept a partial Listener set only if they throw out *all* the conflicting\\nListeners. No picking one of the conflicting listeners as the winner.\\nThis also means that the Gateway must have at least one non-conflicting\\nListener in this case, otherwise it violates the requirement that at\\nleast one Listener must be present.\\n\\n\\nThe implementation MUST set a \\\"ListenersNotValid\\\" condition on the\\nGateway Status when the Gateway contains Conflicted Listeners whether or\\nnot they accept the Gateway. That Condition SHOULD clearly\\nindicate in the Message which Listeners are conflicted, and which are\\nAccepted. Additionally, the Listener status for those listeners SHOULD\\nindicate which Listeners are conflicted and not Accepted.\\n\\n\\nA Gateway's Listeners are considered \\\"compatible\\\" if:\\n\\n\\n1. They are distinct.\\n2. The implementation can serve them in compliance with the Addresses\\n requirement that all Listeners are available on all assigned\\n addresses.\\n\\n\\nCompatible combinations in Extended support are expected to vary across\\nimplementations. A combination that is compatible for one implementation\\nmay not be compatible for another.\\n\\n\\nFor example, an implementation that cannot serve both TCP and UDP listeners\\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\\nwould not consider those cases compatible, even though they are distinct.\\n\\n\\nNote that requests SHOULD match at most one Listener. For example, if\\nListeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a\\nrequest to \\\"foo.example.com\\\" SHOULD only be routed using routes attached\\nto the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener).\\nThis concept is known as \\\"Listener Isolation\\\". Implementations that do\\nnot support Listener Isolation MUST clearly document this.\\n\\n\\nImplementations MAY merge separate Gateways onto a single set of\\nAddresses if all Listeners across all Gateways are compatible.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='listeners', type=d.T.array)]), + withListenersMixin(listeners): { spec+: { listeners+: if std.isArray(v=listeners) then listeners else [listeners] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/_gen/gateway/v1/gatewayClass.libsonnet b/1.1-experimental/_gen/gateway/v1/gatewayClass.libsonnet new file mode 100644 index 0000000..6fc0b30 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1/gatewayClass.libsonnet @@ -0,0 +1,72 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gatewayClass', url='', help='"GatewayClass describes a class of Gateways available to the user for creating\\nGateway resources.\\n\\n\\nIt is recommended that this resource be used as a template for Gateways. This\\nmeans that a Gateway is based on the state of the GatewayClass at the time it\\nwas created and changes to the GatewayClass or associated parameters are not\\npropagated down to existing Gateways. This recommendation is intended to\\nlimit the blast radius of changes to GatewayClass or associated parameters.\\nIf implementations choose to propagate GatewayClass changes to existing\\nGateways, that MUST be clearly documented by the implementation.\\n\\n\\nWhenever one or more Gateways are using a GatewayClass, implementations SHOULD\\nadd the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the\\nassociated GatewayClass. This ensures that a GatewayClass associated with a\\nGateway is not deleted while in use.\\n\\n\\nGatewayClass is a Cluster level resource."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GatewayClass', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'GatewayClass', + } + self.metadata.withName(name=name) + self.metadata.withAnnotations(annotations={ + 'tanka.dev/namespaced': 'false', + }), + '#spec':: d.obj(help='"Spec defines the desired state of GatewayClass."'), + spec: { + '#parametersRef':: d.obj(help="\"ParametersRef is a reference to a resource that contains the configuration\\nparameters corresponding to the GatewayClass. This is optional if the\\ncontroller does not require any additional configuration.\\n\\n\\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\\nor an implementation-specific custom resource. The resource can be\\ncluster-scoped or namespace-scoped.\\n\\n\\nIf the referent cannot be found, the GatewayClass's \\\"InvalidParameters\\\"\\nstatus condition will be true.\\n\\n\\nA Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,\\nthe merging behavior is implementation specific.\\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\\n\\n\\nSupport: Implementation-specific\""), + parametersRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { spec+: { parametersRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is kind of the referent."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { spec+: { parametersRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { parametersRef+: { name: name } } }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent.\\nThis field is required when referring to a Namespace-scoped resource and\\nMUST be unset when referring to a Cluster-scoped resource."', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { parametersRef+: { namespace: namespace } } }, + }, + '#withControllerName':: d.fn(help='"ControllerName is the name of the controller that is managing Gateways of\\nthis class. The value of this field MUST be a domain prefixed path.\\n\\n\\nExample: \\"example.net/gateway-controller\\".\\n\\n\\nThis field is not mutable and cannot be empty.\\n\\n\\nSupport: Core"', args=[d.arg(name='controllerName', type=d.T.string)]), + withControllerName(controllerName): { spec+: { controllerName: controllerName } }, + '#withDescription':: d.fn(help='"Description helps describe a GatewayClass with more details."', args=[d.arg(name='description', type=d.T.string)]), + withDescription(description): { spec+: { description: description } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/_gen/gateway/v1/grpcRoute.libsonnet b/1.1-experimental/_gen/gateway/v1/grpcRoute.libsonnet new file mode 100644 index 0000000..19f8be7 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1/grpcRoute.libsonnet @@ -0,0 +1,333 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='grpcRoute', url='', help='"GRPCRoute provides a way to route gRPC requests. This includes the capability\\nto match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.\\nFilters can be used to specify additional processing steps. Backends specify\\nwhere matching requests will be routed.\\n\\n\\nGRPCRoute falls under extended support within the Gateway API. Within the\\nfollowing specification, the word \\"MUST\\" indicates that an implementation\\nsupporting GRPCRoute must conform to the indicated requirement, but an\\nimplementation not supporting this route type need not follow the requirement\\nunless explicitly indicated.\\n\\n\\nImplementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST\\naccept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via\\nALPN. If the implementation does not support this, then it MUST set the\\n\\"Accepted\\" condition to \\"False\\" for the affected listener with a reason of\\n\\"UnsupportedProtocol\\". Implementations MAY also accept HTTP/2 connections\\nwith an upgrade from HTTP/1.\\n\\n\\nImplementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST\\nsupport HTTP/2 over cleartext TCP (h2c,\\nhttps://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial\\nupgrade from HTTP/1.1, i.e. with prior knowledge\\n(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation\\ndoes not support this, then it MUST set the \\"Accepted\\" condition to \\"False\\"\\nfor the affected listener with a reason of \\"UnsupportedProtocol\\".\\nImplementations MAY also accept HTTP/2 connections with an upgrade from\\nHTTP/1, i.e. without prior knowledge."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GRPCRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'GRPCRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of GRPCRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen unspecified, \\"gateway.networking.k8s.io\\" is inferred.\\nTo set the core API group (such as for a \\"Service\\" kind referent),\\nGroup must be explicitly set to \\"\\" (empty string).\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nSupport for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers\\nto the local namespace of the Route.\\n\\n\\nNote that there are specific rules for ParentRefs which cross namespace\\nboundaries. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example:\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable any other kind of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted\\ndifferently based on the type of parent resource.\\n\\n\\nWhen the parent resource is a Gateway, this targets all listeners\\nlistening on the specified port that also support this kind of Route(and\\nselect this Route). It's not recommended to set `Port` unless the\\nnetworking behaviors specified in a Route must apply to a specific port\\nas opposed to a listener(s) whose port(s) may be changed. When both Port\\nand SectionName are specified, the name and port of the selected listener\\nmust match both specified values.\\n\\n\\n\\nWhen the parent resource is a Service, this targets a specific port in the\\nService spec. When both Port (experimental) and SectionName are specified,\\nthe name and port of the selected port must match both specified values.\\n\\n\\n\\nImplementations MAY choose to support other parent resources.\\nImplementations supporting other types of parent resources MUST clearly\\ndocument how/if Port is interpreted.\\n\\n\\nFor the purpose of status, an attachment is considered successful as\\nlong as the parent resource accepts it partially. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\\nfrom the referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route,\\nthe Route MUST be considered detached from the Gateway.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the\\nfollowing resources, SectionName is interpreted as the following:\\n\\n\\n* Gateway: Listener name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n* Service: Port name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n\\n\\nImplementations MAY choose to support attaching Routes to other resources.\\nIf that is the case, they MUST clearly document how SectionName is\\ninterpreted.\\n\\n\\nWhen unspecified (empty string), this will reference the entire resource.\\nFor the purpose of status, an attachment is considered successful if at\\nleast one section in the parent resource accepts it. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\\nthe referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route, the\\nRoute MUST be considered detached from the Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of GRPC matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive an `UNAVAILABLE` status.\\n\\n\\nSee the GRPCBackendRef definition for the rules about what makes a single\\nGRPCBackendRef invalid.\\n\\n\\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive an `UNAVAILABLE` status.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\\nImplementations may choose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level MUST be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in GRPCRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nSupport: Implementation-specific\\n\\n\\nThis filter can be used multiple times within the same rule."'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations supporting GRPCRoute MUST support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` MUST be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\n"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level MUST be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in GRPCRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level MUST be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in GRPCRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced\\nbackend. This is computed as weight/(sum of all weights in this\\nBackendRefs list). For non-zero values, there may be some epsilon from\\nthe exact proportion defined here depending on the precision an\\nimplementation supports. Weight is not a percentage and the sum of\\nweights does not need to equal 100.\\n\\n\\nIf only one backend is specified and it has a weight greater than 0, 100%\\nof the traffic is forwarded to that backend. If weight is set to 0, no\\ntraffic should be forwarded for this entry. If unspecified, weight\\ndefaults to 1.\\n\\n\\nSupport for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nThe effects of ordering of multiple behaviors are currently unspecified.\\nThis can change in the future based on feedback during the alpha stage.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations that support\\n GRPCRoute.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nIf an implementation can not support a combination of filters, it must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nSupport: Implementation-specific\\n\\n\\nThis filter can be used multiple times within the same rule."'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations supporting GRPCRoute MUST support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` MUST be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\n"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming\\ngRPC requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- method:\\n service: foo.bar\\n headers:\\n values:\\n version: 2\\n- method:\\n service: foo.bar.v2\\n```\\n\\n\\nFor a request to match against this rule, it MUST satisfy\\nEITHER of the two conditions:\\n\\n\\n- service of foo.bar AND contains the header `version: 2`\\n- service of foo.bar.v2\\n\\n\\nSee the documentation for GRPCRouteMatch on how to specify multiple\\nmatch conditions to be ANDed together.\\n\\n\\nIf no matches are specified, the implementation MUST match every gRPC request.\\n\\n\\nProxy or Load Balancer routing configuration generated from GRPCRoutes\\nMUST prioritize rules based on the following criteria, continuing on\\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\\nPrecedence MUST be given to the rule with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n* Characters in a matching service.\\n* Characters in a matching method.\\n* Header matches.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within the Route that has been given precedence,\\nmatching precedence MUST be granted to the first matching rule meeting\\nthe above criteria."'), + matches: { + '#headers':: d.obj(help='"Headers specifies gRPC request header matchers. Multiple match values are\\nANDed together, meaning, a request MUST match all the specified headers\\nto select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the gRPC Header to be matched.\\n\\n\\nIf multiple entries specify equivalent header names, only the first\\nentry with an equivalent name MUST be considered for a match. Subsequent\\nentries with an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help='"Type specifies how to match against the value of the header."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of the gRPC Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#method':: d.obj(help='"Method specifies a gRPC request service/method matcher. If this field is\\nnot specified, all services and methods will match."'), + method: { + '#withMethod':: d.fn(help='"Value of the method to match against. If left empty or omitted, will\\nmatch all services.\\n\\n\\nAt least one of Service and Method MUST be a non-empty string."', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method+: { method: method } }, + '#withService':: d.fn(help='"Value of the service to match against. If left empty or omitted, will\\nmatch any service.\\n\\n\\nAt least one of Service and Method MUST be a non-empty string."', args=[d.arg(name='service', type=d.T.string)]), + withService(service): { method+: { service: service } }, + '#withType':: d.fn(help='"Type specifies how to match against the service and/or method.\\nSupport: Core (Exact with service and method specified)\\n\\n\\nSupport: Implementation-specific (Exact with method specified but no service specified)\\n\\n\\nSupport: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { method+: { type: type } }, + }, + '#withHeaders':: d.fn(help='"Headers specifies gRPC request header matchers. Multiple match values are\\nANDed together, meaning, a request MUST match all the specified headers\\nto select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies gRPC request header matchers. Multiple match values are\\nANDed together, meaning, a request MUST match all the specified headers\\nto select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + }, + '#sessionPersistence':: d.obj(help='"SessionPersistence defines and configures session persistence\\nfor the route rule.\\n\\n\\nSupport: Extended\\n\\n\\n"'), + sessionPersistence: { + '#cookieConfig':: d.obj(help='"CookieConfig provides configuration settings that are specific\\nto cookie-based session persistence.\\n\\n\\nSupport: Core"'), + cookieConfig: { + '#withLifetimeType':: d.fn(help="\"LifetimeType specifies whether the cookie has a permanent or\\nsession-based lifetime. A permanent cookie persists until its\\nspecified expiry time, defined by the Expires or Max-Age cookie\\nattributes, while a session cookie is deleted when the current\\nsession ends.\\n\\n\\nWhen set to \\\"Permanent\\\", AbsoluteTimeout indicates the\\ncookie's lifetime via the Expires or Max-Age cookie attributes\\nand is required.\\n\\n\\nWhen set to \\\"Session\\\", AbsoluteTimeout indicates the\\nabsolute lifetime of the cookie tracked by the gateway and\\nis optional.\\n\\n\\nSupport: Core for \\\"Session\\\" type\\n\\n\\nSupport: Extended for \\\"Permanent\\\" type\"", args=[d.arg(name='lifetimeType', type=d.T.string)]), + withLifetimeType(lifetimeType): { sessionPersistence+: { cookieConfig+: { lifetimeType: lifetimeType } } }, + }, + '#withAbsoluteTimeout':: d.fn(help='"AbsoluteTimeout defines the absolute timeout of the persistent\\nsession. Once the AbsoluteTimeout duration has elapsed, the\\nsession becomes invalid.\\n\\n\\nSupport: Extended"', args=[d.arg(name='absoluteTimeout', type=d.T.string)]), + withAbsoluteTimeout(absoluteTimeout): { sessionPersistence+: { absoluteTimeout: absoluteTimeout } }, + '#withIdleTimeout':: d.fn(help='"IdleTimeout defines the idle timeout of the persistent session.\\nOnce the session has been idle for more than the specified\\nIdleTimeout duration, the session becomes invalid.\\n\\n\\nSupport: Extended"', args=[d.arg(name='idleTimeout', type=d.T.string)]), + withIdleTimeout(idleTimeout): { sessionPersistence+: { idleTimeout: idleTimeout } }, + '#withSessionName':: d.fn(help='"SessionName defines the name of the persistent session token\\nwhich may be reflected in the cookie or the header. Users\\nshould avoid reusing session names to prevent unintended\\nconsequences, such as rejection or unpredictable behavior.\\n\\n\\nSupport: Implementation-specific"', args=[d.arg(name='sessionName', type=d.T.string)]), + withSessionName(sessionName): { sessionPersistence+: { sessionName: sessionName } }, + '#withType':: d.fn(help='"Type defines the type of session persistence such as through\\nthe use a header or cookie. Defaults to cookie based session\\npersistence.\\n\\n\\nSupport: Core for \\"Cookie\\" type\\n\\n\\nSupport: Extended for \\"Header\\" type"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { sessionPersistence+: { type: type } }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive an `UNAVAILABLE` status.\\n\\n\\nSee the GRPCBackendRef definition for the rules about what makes a single\\nGRPCBackendRef invalid.\\n\\n\\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive an `UNAVAILABLE` status.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\\nImplementations may choose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive an `UNAVAILABLE` status.\\n\\n\\nSee the GRPCBackendRef definition for the rules about what makes a single\\nGRPCBackendRef invalid.\\n\\n\\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive an `UNAVAILABLE` status.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\\nImplementations may choose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nThe effects of ordering of multiple behaviors are currently unspecified.\\nThis can change in the future based on feedback during the alpha stage.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations that support\\n GRPCRoute.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nIf an implementation can not support a combination of filters, it must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nThe effects of ordering of multiple behaviors are currently unspecified.\\nThis can change in the future based on feedback during the alpha stage.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations that support\\n GRPCRoute.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nIf an implementation can not support a combination of filters, it must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\ngRPC requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- method:\\n service: foo.bar\\n headers:\\n values:\\n version: 2\\n- method:\\n service: foo.bar.v2\\n```\\n\\n\\nFor a request to match against this rule, it MUST satisfy\\nEITHER of the two conditions:\\n\\n\\n- service of foo.bar AND contains the header `version: 2`\\n- service of foo.bar.v2\\n\\n\\nSee the documentation for GRPCRouteMatch on how to specify multiple\\nmatch conditions to be ANDed together.\\n\\n\\nIf no matches are specified, the implementation MUST match every gRPC request.\\n\\n\\nProxy or Load Balancer routing configuration generated from GRPCRoutes\\nMUST prioritize rules based on the following criteria, continuing on\\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\\nPrecedence MUST be given to the rule with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n* Characters in a matching service.\\n* Characters in a matching method.\\n* Header matches.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within the Route that has been given precedence,\\nmatching precedence MUST be granted to the first matching rule meeting\\nthe above criteria."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\ngRPC requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- method:\\n service: foo.bar\\n headers:\\n values:\\n version: 2\\n- method:\\n service: foo.bar.v2\\n```\\n\\n\\nFor a request to match against this rule, it MUST satisfy\\nEITHER of the two conditions:\\n\\n\\n- service of foo.bar AND contains the header `version: 2`\\n- service of foo.bar.v2\\n\\n\\nSee the documentation for GRPCRouteMatch on how to specify multiple\\nmatch conditions to be ANDed together.\\n\\n\\nIf no matches are specified, the implementation MUST match every gRPC request.\\n\\n\\nProxy or Load Balancer routing configuration generated from GRPCRoutes\\nMUST prioritize rules based on the following criteria, continuing on\\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\\nPrecedence MUST be given to the rule with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n* Characters in a matching service.\\n* Characters in a matching method.\\n* Header matches.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within the Route that has been given precedence,\\nmatching precedence MUST be granted to the first matching rule meeting\\nthe above criteria."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames to match against the GRPC\\nHost header to select a GRPCRoute to process the request. This matches\\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label MUST appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and GRPCRoute, there\\nMUST be at least one intersecting hostname for the GRPCRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `test.example.com` and `*.example.com` would both match. On the other\\n hand, `example.com` and `test.example.net` would not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, any\\nGRPCRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nGRPCRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` MUST NOT be considered for a match.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, and none\\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\\nthe implementation. The implementation MUST raise an 'Accepted' Condition\\nwith a status of `False` in the corresponding RouteParentStatus.\\n\\n\\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\\nListener and that listener already has another Route (B) of the other\\ntype attached and the intersection of the hostnames of A and B is\\nnon-empty, then the implementation MUST accept exactly one of these two\\nroutes, determined by the following criteria, in order:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\\"{namespace}/{name}\\\".\\n\\n\\nThe rejected Route MUST raise an 'Accepted' condition with a status of\\n'False' in the corresponding RouteParentStatus.\\n\\n\\nSupport: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames to match against the GRPC\\nHost header to select a GRPCRoute to process the request. This matches\\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label MUST appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and GRPCRoute, there\\nMUST be at least one intersecting hostname for the GRPCRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `test.example.com` and `*.example.com` would both match. On the other\\n hand, `example.com` and `test.example.net` would not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, any\\nGRPCRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nGRPCRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` MUST NOT be considered for a match.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, and none\\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\\nthe implementation. The implementation MUST raise an 'Accepted' Condition\\nwith a status of `False` in the corresponding RouteParentStatus.\\n\\n\\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\\nListener and that listener already has another Route (B) of the other\\ntype attached and the intersection of the hostnames of A and B is\\nnon-empty, then the implementation MUST accept exactly one of these two\\nroutes, determined by the following criteria, in order:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\\"{namespace}/{name}\\\".\\n\\n\\nThe rejected Route MUST raise an 'Accepted' condition with a status of\\n'False' in the corresponding RouteParentStatus.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of GRPC matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of GRPC matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/_gen/gateway/v1/httpRoute.libsonnet b/1.1-experimental/_gen/gateway/v1/httpRoute.libsonnet new file mode 100644 index 0000000..fc6fd24 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1/httpRoute.libsonnet @@ -0,0 +1,421 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='httpRoute', url='', help='"HTTPRoute provides a way to route HTTP requests. This includes the capability\\nto match requests by hostname, path, header, or query param. Filters can be\\nused to specify additional processing steps. Backends specify where matching\\nrequests should be routed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of HTTPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'HTTPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of HTTPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen unspecified, \\"gateway.networking.k8s.io\\" is inferred.\\nTo set the core API group (such as for a \\"Service\\" kind referent),\\nGroup must be explicitly set to \\"\\" (empty string).\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nSupport for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers\\nto the local namespace of the Route.\\n\\n\\nNote that there are specific rules for ParentRefs which cross namespace\\nboundaries. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example:\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable any other kind of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted\\ndifferently based on the type of parent resource.\\n\\n\\nWhen the parent resource is a Gateway, this targets all listeners\\nlistening on the specified port that also support this kind of Route(and\\nselect this Route). It's not recommended to set `Port` unless the\\nnetworking behaviors specified in a Route must apply to a specific port\\nas opposed to a listener(s) whose port(s) may be changed. When both Port\\nand SectionName are specified, the name and port of the selected listener\\nmust match both specified values.\\n\\n\\n\\nWhen the parent resource is a Service, this targets a specific port in the\\nService spec. When both Port (experimental) and SectionName are specified,\\nthe name and port of the selected port must match both specified values.\\n\\n\\n\\nImplementations MAY choose to support other parent resources.\\nImplementations supporting other types of parent resources MUST clearly\\ndocument how/if Port is interpreted.\\n\\n\\nFor the purpose of status, an attachment is considered successful as\\nlong as the parent resource accepts it partially. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\\nfrom the referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route,\\nthe Route MUST be considered detached from the Gateway.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the\\nfollowing resources, SectionName is interpreted as the following:\\n\\n\\n* Gateway: Listener name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n* Service: Port name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n\\n\\nImplementations MAY choose to support attaching Routes to other resources.\\nIf that is the case, they MUST clearly document how SectionName is\\ninterpreted.\\n\\n\\nWhen unspecified (empty string), this will reference the entire resource.\\nFor the purpose of status, an attachment is considered successful if at\\nleast one section in the parent resource accepts it. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\\nthe referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route, the\\nRoute MUST be considered detached from the Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of HTTP matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive a 500 status code.\\n\\n\\nSee the HTTPBackendRef definition for the rules about what makes a single\\nHTTPBackendRef invalid.\\n\\n\\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive a 500 status code.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic must receive a 500. Implementations may\\nchoose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level should be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in HTTPRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nThis filter can be used multiple times within the same rule.\\n\\n\\nSupport: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the\\nrequest with an HTTP redirection.\\n\\n\\nSupport: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request.\\nThe modified path is then used to construct the `Location` header. When\\nempty, the request path is used as-is.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location`\\nheader in the response.\\nWhen empty, the hostname in the `Host` header of the request is used.\\n\\n\\nSupport: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location`\\nheader in the response.\\n\\n\\nIf no port is specified, the redirect port MUST be derived using the\\nfollowing rules:\\n\\n\\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\\n port associated with the redirect scheme. Specifically \\\"http\\\" to port 80\\n and \\\"https\\\" to port 443. If the redirect scheme does not have a\\n well-known port, the listener port of the Gateway SHOULD be used.\\n* If redirect scheme is empty, the redirect port MUST be the Gateway\\n Listener port.\\n\\n\\nImplementations SHOULD NOT add the port number in the 'Location'\\nheader in the following cases:\\n\\n\\n* A Location header that will use HTTP (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 80.\\n* A Location header that will use HTTPS (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 443.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in\\nthe response. When empty, the scheme of the request is used.\\n\\n\\nScheme redirects can affect the port of the redirect, for more information,\\nrefer to the documentation for the port field of this filter.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding.\\n\\n\\nSupport: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during\\nforwarding.\\n\\n\\nSupport: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations must support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by\\n specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` should be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level should be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in HTTPRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level should be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in HTTPRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced\\nbackend. This is computed as weight/(sum of all weights in this\\nBackendRefs list). For non-zero values, there may be some epsilon from\\nthe exact proportion defined here depending on the precision an\\nimplementation supports. Weight is not a percentage and the sum of\\nweights does not need to equal 100.\\n\\n\\nIf only one backend is specified and it has a weight greater than 0, 100%\\nof the traffic is forwarded to that backend. If weight is set to 0, no\\ntraffic should be forwarded for this entry. If unspecified, weight\\ndefaults to 1.\\n\\n\\nSupport for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nWherever possible, implementations SHOULD implement filters in the order\\nthey are specified.\\n\\n\\nImplementations MAY choose to implement this ordering strictly, rejecting\\nany combination or order of filters that can not be supported. If implementations\\nchoose a strict interpretation of filter ordering, they MUST clearly document\\nthat behavior.\\n\\n\\nTo reject an invalid combination or order of filters, implementations SHOULD\\nconsider the Route Rules with this configuration invalid. If all Route Rules\\nin a Route are invalid, the entire Route would be considered invalid. If only\\na portion of Route Rules are invalid, implementations MUST set the\\n\\"PartiallyInvalid\\" condition for the Route.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nAll filters are expected to be compatible with each other except for the\\nURLRewrite and RequestRedirect filters, which may not be combined. If an\\nimplementation can not support other combinations of filters, they must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nThis filter can be used multiple times within the same rule.\\n\\n\\nSupport: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the\\nrequest with an HTTP redirection.\\n\\n\\nSupport: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request.\\nThe modified path is then used to construct the `Location` header. When\\nempty, the request path is used as-is.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location`\\nheader in the response.\\nWhen empty, the hostname in the `Host` header of the request is used.\\n\\n\\nSupport: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location`\\nheader in the response.\\n\\n\\nIf no port is specified, the redirect port MUST be derived using the\\nfollowing rules:\\n\\n\\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\\n port associated with the redirect scheme. Specifically \\\"http\\\" to port 80\\n and \\\"https\\\" to port 443. If the redirect scheme does not have a\\n well-known port, the listener port of the Gateway SHOULD be used.\\n* If redirect scheme is empty, the redirect port MUST be the Gateway\\n Listener port.\\n\\n\\nImplementations SHOULD NOT add the port number in the 'Location'\\nheader in the following cases:\\n\\n\\n* A Location header that will use HTTP (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 80.\\n* A Location header that will use HTTPS (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 443.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in\\nthe response. When empty, the scheme of the request is used.\\n\\n\\nScheme redirects can affect the port of the redirect, for more information,\\nrefer to the documentation for the port field of this filter.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding.\\n\\n\\nSupport: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during\\nforwarding.\\n\\n\\nSupport: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations must support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by\\n specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` should be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming\\nHTTP requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- path:\\n value: \\"/foo\\"\\n headers:\\n - name: \\"version\\"\\n value: \\"v2\\"\\n- path:\\n value: \\"/v2/foo\\"\\n```\\n\\n\\nFor a request to match against this rule, a request must satisfy\\nEITHER of the two conditions:\\n\\n\\n- path prefixed with `/foo` AND contains the header `version: v2`\\n- path prefix of `/v2/foo`\\n\\n\\nSee the documentation for HTTPRouteMatch on how to specify multiple\\nmatch conditions that should be ANDed together.\\n\\n\\nIf no matches are specified, the default is a prefix\\npath match on \\"/\\", which has the effect of matching every\\nHTTP request.\\n\\n\\nProxy or Load Balancer routing configuration generated from HTTPRoutes\\nMUST prioritize matches based on the following criteria, continuing on\\nties. Across all rules specified on applicable Routes, precedence must be\\ngiven to the match having:\\n\\n\\n* \\"Exact\\" path match.\\n* \\"Prefix\\" path match with largest number of characters.\\n* Method match.\\n* Largest number of header matches.\\n* Largest number of query param matches.\\n\\n\\nNote: The precedence of RegularExpression path matches are implementation-specific.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\\nto the FIRST matching rule (in list order) with a match meeting the above\\ncriteria.\\n\\n\\nWhen no rules matching a request have been successfully attached to the\\nparent a request is coming from, a HTTP 404 status code MUST be returned."'), + matches: { + '#headers':: d.obj(help='"Headers specifies HTTP request header matchers. Multiple match values are\\nANDed together, meaning, a request must match all the specified headers\\nto select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, only the first\\nentry with an equivalent name MUST be considered for a match. Subsequent\\nentries with an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent.\\n\\n\\nWhen a header is repeated in an HTTP request, it is\\nimplementation-specific behavior as to how this is represented.\\nGenerally, proxies should follow the guidance from the RFC:\\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\\nprocessing a repeated header, with special handling for \\"Set-Cookie\\"."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the header.\\n\\n\\nSupport: Core (Exact)\\n\\n\\nSupport: Implementation-specific (RegularExpression)\\n\\n\\nSince RegularExpression HeaderMatchType has implementation-specific\\nconformance, implementations can support POSIX, PCRE or any other dialects\\nof regular expressions. Please read the implementation's documentation to\\ndetermine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#path':: d.obj(help='"Path specifies a HTTP request path matcher. If this field is not\\nspecified, a default prefix match on the \\"/\\" path is provided."'), + path: { + '#withType':: d.fn(help='"Type specifies how to match against the path Value.\\n\\n\\nSupport: Core (Exact, PathPrefix)\\n\\n\\nSupport: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { path+: { type: type } }, + '#withValue':: d.fn(help='"Value of the HTTP path to match against."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { path+: { value: value } }, + }, + '#queryParams':: d.obj(help='"QueryParams specifies HTTP query parameter matchers. Multiple match\\nvalues are ANDed together, meaning, a request must match all the\\nspecified query parameters to select the route.\\n\\n\\nSupport: Extended"'), + queryParams: { + '#withName':: d.fn(help='"Name is the name of the HTTP query param to be matched. This must be an\\nexact string match. (See\\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\\n\\n\\nIf multiple entries specify equivalent query param names, only the first\\nentry with an equivalent name MUST be considered for a match. Subsequent\\nentries with an equivalent query param name MUST be ignored.\\n\\n\\nIf a query param is repeated in an HTTP request, the behavior is\\npurposely left undefined, since different data planes have different\\ncapabilities. However, it is *recommended* that implementations should\\nmatch against the first value of the param if the data plane supports it,\\nas this behavior is expected in other load balancing contexts outside of\\nthe Gateway API.\\n\\n\\nUsers SHOULD NOT route traffic based on repeated query params to guard\\nthemselves against potential differences in the implementations."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the query parameter.\\n\\n\\nSupport: Extended (Exact)\\n\\n\\nSupport: Implementation-specific (RegularExpression)\\n\\n\\nSince RegularExpression QueryParamMatchType has Implementation-specific\\nconformance, implementations can support POSIX, PCRE or any other\\ndialects of regular expressions. Please read the implementation's\\ndocumentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP query param to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withHeaders':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are\\nANDed together, meaning, a request must match all the specified headers\\nto select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are\\nANDed together, meaning, a request must match all the specified headers\\nto select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + '#withMethod':: d.fn(help='"Method specifies HTTP method matcher.\\nWhen specified, this route will be matched only if the request has the\\nspecified method.\\n\\n\\nSupport: Extended"', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method: method }, + '#withQueryParams':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match\\nvalues are ANDed together, meaning, a request must match all the\\nspecified query parameters to select the route.\\n\\n\\nSupport: Extended"', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParams(queryParams): { queryParams: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + '#withQueryParamsMixin':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match\\nvalues are ANDed together, meaning, a request must match all the\\nspecified query parameters to select the route.\\n\\n\\nSupport: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParamsMixin(queryParams): { queryParams+: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + }, + '#sessionPersistence':: d.obj(help='"SessionPersistence defines and configures session persistence\\nfor the route rule.\\n\\n\\nSupport: Extended\\n\\n\\n"'), + sessionPersistence: { + '#cookieConfig':: d.obj(help='"CookieConfig provides configuration settings that are specific\\nto cookie-based session persistence.\\n\\n\\nSupport: Core"'), + cookieConfig: { + '#withLifetimeType':: d.fn(help="\"LifetimeType specifies whether the cookie has a permanent or\\nsession-based lifetime. A permanent cookie persists until its\\nspecified expiry time, defined by the Expires or Max-Age cookie\\nattributes, while a session cookie is deleted when the current\\nsession ends.\\n\\n\\nWhen set to \\\"Permanent\\\", AbsoluteTimeout indicates the\\ncookie's lifetime via the Expires or Max-Age cookie attributes\\nand is required.\\n\\n\\nWhen set to \\\"Session\\\", AbsoluteTimeout indicates the\\nabsolute lifetime of the cookie tracked by the gateway and\\nis optional.\\n\\n\\nSupport: Core for \\\"Session\\\" type\\n\\n\\nSupport: Extended for \\\"Permanent\\\" type\"", args=[d.arg(name='lifetimeType', type=d.T.string)]), + withLifetimeType(lifetimeType): { sessionPersistence+: { cookieConfig+: { lifetimeType: lifetimeType } } }, + }, + '#withAbsoluteTimeout':: d.fn(help='"AbsoluteTimeout defines the absolute timeout of the persistent\\nsession. Once the AbsoluteTimeout duration has elapsed, the\\nsession becomes invalid.\\n\\n\\nSupport: Extended"', args=[d.arg(name='absoluteTimeout', type=d.T.string)]), + withAbsoluteTimeout(absoluteTimeout): { sessionPersistence+: { absoluteTimeout: absoluteTimeout } }, + '#withIdleTimeout':: d.fn(help='"IdleTimeout defines the idle timeout of the persistent session.\\nOnce the session has been idle for more than the specified\\nIdleTimeout duration, the session becomes invalid.\\n\\n\\nSupport: Extended"', args=[d.arg(name='idleTimeout', type=d.T.string)]), + withIdleTimeout(idleTimeout): { sessionPersistence+: { idleTimeout: idleTimeout } }, + '#withSessionName':: d.fn(help='"SessionName defines the name of the persistent session token\\nwhich may be reflected in the cookie or the header. Users\\nshould avoid reusing session names to prevent unintended\\nconsequences, such as rejection or unpredictable behavior.\\n\\n\\nSupport: Implementation-specific"', args=[d.arg(name='sessionName', type=d.T.string)]), + withSessionName(sessionName): { sessionPersistence+: { sessionName: sessionName } }, + '#withType':: d.fn(help='"Type defines the type of session persistence such as through\\nthe use a header or cookie. Defaults to cookie based session\\npersistence.\\n\\n\\nSupport: Core for \\"Cookie\\" type\\n\\n\\nSupport: Extended for \\"Header\\" type"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { sessionPersistence+: { type: type } }, + }, + '#timeouts':: d.obj(help='"Timeouts defines the timeouts that can be configured for an HTTP request.\\n\\n\\nSupport: Extended\\n\\n\\n"'), + timeouts: { + '#withBackendRequest':: d.fn(help='"BackendRequest specifies a timeout for an individual request from the gateway\\nto a backend. This covers the time from when the request first starts being\\nsent from the gateway to when the full response has been received from the backend.\\n\\n\\nSetting a timeout to the zero duration (e.g. \\"0s\\") SHOULD disable the timeout\\ncompletely. Implementations that cannot completely disable the timeout MUST\\ninstead interpret the zero duration as the longest possible value to which\\nthe timeout can be set.\\n\\n\\nAn entire client HTTP transaction with a gateway, covered by the Request timeout,\\nmay result in more than one call from the gateway to the destination backend,\\nfor example, if automatic retries are supported.\\n\\n\\nBecause the Request timeout encompasses the BackendRequest timeout, the value of\\nBackendRequest must be <= the value of Request timeout.\\n\\n\\nSupport: Extended"', args=[d.arg(name='backendRequest', type=d.T.string)]), + withBackendRequest(backendRequest): { timeouts+: { backendRequest: backendRequest } }, + '#withRequest':: d.fn(help='"Request specifies the maximum duration for a gateway to respond to an HTTP request.\\nIf the gateway has not been able to respond before this deadline is met, the gateway\\nMUST return a timeout error.\\n\\n\\nFor example, setting the `rules.timeouts.request` field to the value `10s` in an\\n`HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds\\nto complete.\\n\\n\\nSetting a timeout to the zero duration (e.g. \\"0s\\") SHOULD disable the timeout\\ncompletely. Implementations that cannot completely disable the timeout MUST\\ninstead interpret the zero duration as the longest possible value to which\\nthe timeout can be set.\\n\\n\\nThis timeout is intended to cover as close to the whole request-response transaction\\nas possible although an implementation MAY choose to start the timeout after the entire\\nrequest stream has been received instead of immediately after the transaction is\\ninitiated by the client.\\n\\n\\nWhen this field is unspecified, request timeout behavior is implementation-specific.\\n\\n\\nSupport: Extended"', args=[d.arg(name='request', type=d.T.string)]), + withRequest(request): { timeouts+: { request: request } }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive a 500 status code.\\n\\n\\nSee the HTTPBackendRef definition for the rules about what makes a single\\nHTTPBackendRef invalid.\\n\\n\\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive a 500 status code.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic must receive a 500. Implementations may\\nchoose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive a 500 status code.\\n\\n\\nSee the HTTPBackendRef definition for the rules about what makes a single\\nHTTPBackendRef invalid.\\n\\n\\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive a 500 status code.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic must receive a 500. Implementations may\\nchoose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nWherever possible, implementations SHOULD implement filters in the order\\nthey are specified.\\n\\n\\nImplementations MAY choose to implement this ordering strictly, rejecting\\nany combination or order of filters that can not be supported. If implementations\\nchoose a strict interpretation of filter ordering, they MUST clearly document\\nthat behavior.\\n\\n\\nTo reject an invalid combination or order of filters, implementations SHOULD\\nconsider the Route Rules with this configuration invalid. If all Route Rules\\nin a Route are invalid, the entire Route would be considered invalid. If only\\na portion of Route Rules are invalid, implementations MUST set the\\n\\"PartiallyInvalid\\" condition for the Route.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nAll filters are expected to be compatible with each other except for the\\nURLRewrite and RequestRedirect filters, which may not be combined. If an\\nimplementation can not support other combinations of filters, they must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nWherever possible, implementations SHOULD implement filters in the order\\nthey are specified.\\n\\n\\nImplementations MAY choose to implement this ordering strictly, rejecting\\nany combination or order of filters that can not be supported. If implementations\\nchoose a strict interpretation of filter ordering, they MUST clearly document\\nthat behavior.\\n\\n\\nTo reject an invalid combination or order of filters, implementations SHOULD\\nconsider the Route Rules with this configuration invalid. If all Route Rules\\nin a Route are invalid, the entire Route would be considered invalid. If only\\na portion of Route Rules are invalid, implementations MUST set the\\n\\"PartiallyInvalid\\" condition for the Route.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nAll filters are expected to be compatible with each other except for the\\nURLRewrite and RequestRedirect filters, which may not be combined. If an\\nimplementation can not support other combinations of filters, they must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\nHTTP requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- path:\\n value: \\"/foo\\"\\n headers:\\n - name: \\"version\\"\\n value: \\"v2\\"\\n- path:\\n value: \\"/v2/foo\\"\\n```\\n\\n\\nFor a request to match against this rule, a request must satisfy\\nEITHER of the two conditions:\\n\\n\\n- path prefixed with `/foo` AND contains the header `version: v2`\\n- path prefix of `/v2/foo`\\n\\n\\nSee the documentation for HTTPRouteMatch on how to specify multiple\\nmatch conditions that should be ANDed together.\\n\\n\\nIf no matches are specified, the default is a prefix\\npath match on \\"/\\", which has the effect of matching every\\nHTTP request.\\n\\n\\nProxy or Load Balancer routing configuration generated from HTTPRoutes\\nMUST prioritize matches based on the following criteria, continuing on\\nties. Across all rules specified on applicable Routes, precedence must be\\ngiven to the match having:\\n\\n\\n* \\"Exact\\" path match.\\n* \\"Prefix\\" path match with largest number of characters.\\n* Method match.\\n* Largest number of header matches.\\n* Largest number of query param matches.\\n\\n\\nNote: The precedence of RegularExpression path matches are implementation-specific.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\\nto the FIRST matching rule (in list order) with a match meeting the above\\ncriteria.\\n\\n\\nWhen no rules matching a request have been successfully attached to the\\nparent a request is coming from, a HTTP 404 status code MUST be returned."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\nHTTP requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- path:\\n value: \\"/foo\\"\\n headers:\\n - name: \\"version\\"\\n value: \\"v2\\"\\n- path:\\n value: \\"/v2/foo\\"\\n```\\n\\n\\nFor a request to match against this rule, a request must satisfy\\nEITHER of the two conditions:\\n\\n\\n- path prefixed with `/foo` AND contains the header `version: v2`\\n- path prefix of `/v2/foo`\\n\\n\\nSee the documentation for HTTPRouteMatch on how to specify multiple\\nmatch conditions that should be ANDed together.\\n\\n\\nIf no matches are specified, the default is a prefix\\npath match on \\"/\\", which has the effect of matching every\\nHTTP request.\\n\\n\\nProxy or Load Balancer routing configuration generated from HTTPRoutes\\nMUST prioritize matches based on the following criteria, continuing on\\nties. Across all rules specified on applicable Routes, precedence must be\\ngiven to the match having:\\n\\n\\n* \\"Exact\\" path match.\\n* \\"Prefix\\" path match with largest number of characters.\\n* Method match.\\n* Largest number of header matches.\\n* Largest number of query param matches.\\n\\n\\nNote: The precedence of RegularExpression path matches are implementation-specific.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\\nto the FIRST matching rule (in list order) with a match meeting the above\\ncriteria.\\n\\n\\nWhen no rules matching a request have been successfully attached to the\\nparent a request is coming from, a HTTP 404 status code MUST be returned."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host\\nheader to select a HTTPRoute used to process the request. Implementations\\nMUST ignore any port value specified in the HTTP Host header while\\nperforming a match and (absent of any applicable header modification\\nconfiguration) MUST forward this header unmodified to the backend.\\n\\n\\nValid values for Hostnames are determined by RFC 1123 definition of a\\nhostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label must appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and HTTPRoute, there\\nmust be at least one intersecting hostname for the HTTPRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\\n all match. On the other hand, `example.com` and `test.example.net` would\\n not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, any\\nHTTPRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nHTTPRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` must not be considered for a match.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, and none\\nmatch with the criteria above, then the HTTPRoute is not accepted. The\\nimplementation must raise an 'Accepted' Condition with a status of\\n`False` in the corresponding RouteParentStatus.\\n\\n\\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\\noverlapping wildcard matching and exact matching hostnames), precedence must\\nbe given to rules from the HTTPRoute with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n\\n\\nIf ties exist across multiple Routes, the matching precedence rules for\\nHTTPRouteMatches takes over.\\n\\n\\nSupport: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host\\nheader to select a HTTPRoute used to process the request. Implementations\\nMUST ignore any port value specified in the HTTP Host header while\\nperforming a match and (absent of any applicable header modification\\nconfiguration) MUST forward this header unmodified to the backend.\\n\\n\\nValid values for Hostnames are determined by RFC 1123 definition of a\\nhostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label must appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and HTTPRoute, there\\nmust be at least one intersecting hostname for the HTTPRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\\n all match. On the other hand, `example.com` and `test.example.net` would\\n not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, any\\nHTTPRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nHTTPRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` must not be considered for a match.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, and none\\nmatch with the criteria above, then the HTTPRoute is not accepted. The\\nimplementation must raise an 'Accepted' Condition with a status of\\n`False` in the corresponding RouteParentStatus.\\n\\n\\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\\noverlapping wildcard matching and exact matching hostnames), precedence must\\nbe given to rules from the HTTPRoute with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n\\n\\nIf ties exist across multiple Routes, the matching precedence rules for\\nHTTPRouteMatches takes over.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/_gen/gateway/v1/main.libsonnet b/1.1-experimental/_gen/gateway/v1/main.libsonnet new file mode 100644 index 0000000..8c80233 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1/main.libsonnet @@ -0,0 +1,8 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1', url='', help=''), + gateway: (import 'gateway.libsonnet'), + gatewayClass: (import 'gatewayClass.libsonnet'), + grpcRoute: (import 'grpcRoute.libsonnet'), + httpRoute: (import 'httpRoute.libsonnet'), +} diff --git a/1.1-experimental/_gen/gateway/v1alpha2/backendLBPolicy.libsonnet b/1.1-experimental/_gen/gateway/v1alpha2/backendLBPolicy.libsonnet new file mode 100644 index 0000000..1b75a24 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1alpha2/backendLBPolicy.libsonnet @@ -0,0 +1,84 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='backendLBPolicy', url='', help='"BackendLBPolicy provides a way to define load balancing rules\\nfor a backend."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of BackendLBPolicy', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'BackendLBPolicy', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of BackendLBPolicy."'), + spec: { + '#sessionPersistence':: d.obj(help='"SessionPersistence defines and configures session persistence\\nfor the backend.\\n\\n\\nSupport: Extended"'), + sessionPersistence: { + '#cookieConfig':: d.obj(help='"CookieConfig provides configuration settings that are specific\\nto cookie-based session persistence.\\n\\n\\nSupport: Core"'), + cookieConfig: { + '#withLifetimeType':: d.fn(help="\"LifetimeType specifies whether the cookie has a permanent or\\nsession-based lifetime. A permanent cookie persists until its\\nspecified expiry time, defined by the Expires or Max-Age cookie\\nattributes, while a session cookie is deleted when the current\\nsession ends.\\n\\n\\nWhen set to \\\"Permanent\\\", AbsoluteTimeout indicates the\\ncookie's lifetime via the Expires or Max-Age cookie attributes\\nand is required.\\n\\n\\nWhen set to \\\"Session\\\", AbsoluteTimeout indicates the\\nabsolute lifetime of the cookie tracked by the gateway and\\nis optional.\\n\\n\\nSupport: Core for \\\"Session\\\" type\\n\\n\\nSupport: Extended for \\\"Permanent\\\" type\"", args=[d.arg(name='lifetimeType', type=d.T.string)]), + withLifetimeType(lifetimeType): { spec+: { sessionPersistence+: { cookieConfig+: { lifetimeType: lifetimeType } } } }, + }, + '#withAbsoluteTimeout':: d.fn(help='"AbsoluteTimeout defines the absolute timeout of the persistent\\nsession. Once the AbsoluteTimeout duration has elapsed, the\\nsession becomes invalid.\\n\\n\\nSupport: Extended"', args=[d.arg(name='absoluteTimeout', type=d.T.string)]), + withAbsoluteTimeout(absoluteTimeout): { spec+: { sessionPersistence+: { absoluteTimeout: absoluteTimeout } } }, + '#withIdleTimeout':: d.fn(help='"IdleTimeout defines the idle timeout of the persistent session.\\nOnce the session has been idle for more than the specified\\nIdleTimeout duration, the session becomes invalid.\\n\\n\\nSupport: Extended"', args=[d.arg(name='idleTimeout', type=d.T.string)]), + withIdleTimeout(idleTimeout): { spec+: { sessionPersistence+: { idleTimeout: idleTimeout } } }, + '#withSessionName':: d.fn(help='"SessionName defines the name of the persistent session token\\nwhich may be reflected in the cookie or the header. Users\\nshould avoid reusing session names to prevent unintended\\nconsequences, such as rejection or unpredictable behavior.\\n\\n\\nSupport: Implementation-specific"', args=[d.arg(name='sessionName', type=d.T.string)]), + withSessionName(sessionName): { spec+: { sessionPersistence+: { sessionName: sessionName } } }, + '#withType':: d.fn(help='"Type defines the type of session persistence such as through\\nthe use a header or cookie. Defaults to cookie based session\\npersistence.\\n\\n\\nSupport: Core for \\"Cookie\\" type\\n\\n\\nSupport: Extended for \\"Header\\" type"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { spec+: { sessionPersistence+: { type: type } } }, + }, + '#targetRefs':: d.obj(help='"TargetRef identifies an API object to apply policy to.\\nCurrently, Backends (i.e. Service, ServiceImport, or any\\nimplementation-specific backendRef) are the only valid API\\ntarget references."'), + targetRefs: { + '#withGroup':: d.fn(help='"Group is the group of the target resource."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the target resource."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the target resource."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withTargetRefs':: d.fn(help='"TargetRef identifies an API object to apply policy to.\\nCurrently, Backends (i.e. Service, ServiceImport, or any\\nimplementation-specific backendRef) are the only valid API\\ntarget references."', args=[d.arg(name='targetRefs', type=d.T.array)]), + withTargetRefs(targetRefs): { spec+: { targetRefs: if std.isArray(v=targetRefs) then targetRefs else [targetRefs] } }, + '#withTargetRefsMixin':: d.fn(help='"TargetRef identifies an API object to apply policy to.\\nCurrently, Backends (i.e. Service, ServiceImport, or any\\nimplementation-specific backendRef) are the only valid API\\ntarget references."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='targetRefs', type=d.T.array)]), + withTargetRefsMixin(targetRefs): { spec+: { targetRefs+: if std.isArray(v=targetRefs) then targetRefs else [targetRefs] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet b/1.1-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet new file mode 100644 index 0000000..67177b2 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1alpha2/grpcRoute.libsonnet @@ -0,0 +1,333 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='grpcRoute', url='', help='"GRPCRoute provides a way to route gRPC requests. This includes the capability\\nto match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.\\nFilters can be used to specify additional processing steps. Backends specify\\nwhere matching requests will be routed.\\n\\n\\nGRPCRoute falls under extended support within the Gateway API. Within the\\nfollowing specification, the word \\"MUST\\" indicates that an implementation\\nsupporting GRPCRoute must conform to the indicated requirement, but an\\nimplementation not supporting this route type need not follow the requirement\\nunless explicitly indicated.\\n\\n\\nImplementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST\\naccept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via\\nALPN. If the implementation does not support this, then it MUST set the\\n\\"Accepted\\" condition to \\"False\\" for the affected listener with a reason of\\n\\"UnsupportedProtocol\\". Implementations MAY also accept HTTP/2 connections\\nwith an upgrade from HTTP/1.\\n\\n\\nImplementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST\\nsupport HTTP/2 over cleartext TCP (h2c,\\nhttps://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial\\nupgrade from HTTP/1.1, i.e. with prior knowledge\\n(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation\\ndoes not support this, then it MUST set the \\"Accepted\\" condition to \\"False\\"\\nfor the affected listener with a reason of \\"UnsupportedProtocol\\".\\nImplementations MAY also accept HTTP/2 connections with an upgrade from\\nHTTP/1, i.e. without prior knowledge."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GRPCRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'GRPCRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of GRPCRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen unspecified, \\"gateway.networking.k8s.io\\" is inferred.\\nTo set the core API group (such as for a \\"Service\\" kind referent),\\nGroup must be explicitly set to \\"\\" (empty string).\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nSupport for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers\\nto the local namespace of the Route.\\n\\n\\nNote that there are specific rules for ParentRefs which cross namespace\\nboundaries. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example:\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable any other kind of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted\\ndifferently based on the type of parent resource.\\n\\n\\nWhen the parent resource is a Gateway, this targets all listeners\\nlistening on the specified port that also support this kind of Route(and\\nselect this Route). It's not recommended to set `Port` unless the\\nnetworking behaviors specified in a Route must apply to a specific port\\nas opposed to a listener(s) whose port(s) may be changed. When both Port\\nand SectionName are specified, the name and port of the selected listener\\nmust match both specified values.\\n\\n\\n\\nWhen the parent resource is a Service, this targets a specific port in the\\nService spec. When both Port (experimental) and SectionName are specified,\\nthe name and port of the selected port must match both specified values.\\n\\n\\n\\nImplementations MAY choose to support other parent resources.\\nImplementations supporting other types of parent resources MUST clearly\\ndocument how/if Port is interpreted.\\n\\n\\nFor the purpose of status, an attachment is considered successful as\\nlong as the parent resource accepts it partially. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\\nfrom the referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route,\\nthe Route MUST be considered detached from the Gateway.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the\\nfollowing resources, SectionName is interpreted as the following:\\n\\n\\n* Gateway: Listener name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n* Service: Port name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n\\n\\nImplementations MAY choose to support attaching Routes to other resources.\\nIf that is the case, they MUST clearly document how SectionName is\\ninterpreted.\\n\\n\\nWhen unspecified (empty string), this will reference the entire resource.\\nFor the purpose of status, an attachment is considered successful if at\\nleast one section in the parent resource accepts it. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\\nthe referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route, the\\nRoute MUST be considered detached from the Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of GRPC matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive an `UNAVAILABLE` status.\\n\\n\\nSee the GRPCBackendRef definition for the rules about what makes a single\\nGRPCBackendRef invalid.\\n\\n\\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive an `UNAVAILABLE` status.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\\nImplementations may choose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level MUST be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in GRPCRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nSupport: Implementation-specific\\n\\n\\nThis filter can be used multiple times within the same rule."'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations supporting GRPCRoute MUST support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` MUST be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\n"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level MUST be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in GRPCRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level MUST be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in GRPCRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced\\nbackend. This is computed as weight/(sum of all weights in this\\nBackendRefs list). For non-zero values, there may be some epsilon from\\nthe exact proportion defined here depending on the precision an\\nimplementation supports. Weight is not a percentage and the sum of\\nweights does not need to equal 100.\\n\\n\\nIf only one backend is specified and it has a weight greater than 0, 100%\\nof the traffic is forwarded to that backend. If weight is set to 0, no\\ntraffic should be forwarded for this entry. If unspecified, weight\\ndefaults to 1.\\n\\n\\nSupport for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nThe effects of ordering of multiple behaviors are currently unspecified.\\nThis can change in the future based on feedback during the alpha stage.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations that support\\n GRPCRoute.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nIf an implementation can not support a combination of filters, it must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nSupport: Implementation-specific\\n\\n\\nThis filter can be used multiple times within the same rule."'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations supporting GRPCRoute MUST support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` MUST be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\n"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming\\ngRPC requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- method:\\n service: foo.bar\\n headers:\\n values:\\n version: 2\\n- method:\\n service: foo.bar.v2\\n```\\n\\n\\nFor a request to match against this rule, it MUST satisfy\\nEITHER of the two conditions:\\n\\n\\n- service of foo.bar AND contains the header `version: 2`\\n- service of foo.bar.v2\\n\\n\\nSee the documentation for GRPCRouteMatch on how to specify multiple\\nmatch conditions to be ANDed together.\\n\\n\\nIf no matches are specified, the implementation MUST match every gRPC request.\\n\\n\\nProxy or Load Balancer routing configuration generated from GRPCRoutes\\nMUST prioritize rules based on the following criteria, continuing on\\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\\nPrecedence MUST be given to the rule with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n* Characters in a matching service.\\n* Characters in a matching method.\\n* Header matches.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within the Route that has been given precedence,\\nmatching precedence MUST be granted to the first matching rule meeting\\nthe above criteria."'), + matches: { + '#headers':: d.obj(help='"Headers specifies gRPC request header matchers. Multiple match values are\\nANDed together, meaning, a request MUST match all the specified headers\\nto select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the gRPC Header to be matched.\\n\\n\\nIf multiple entries specify equivalent header names, only the first\\nentry with an equivalent name MUST be considered for a match. Subsequent\\nentries with an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help='"Type specifies how to match against the value of the header."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of the gRPC Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#method':: d.obj(help='"Method specifies a gRPC request service/method matcher. If this field is\\nnot specified, all services and methods will match."'), + method: { + '#withMethod':: d.fn(help='"Value of the method to match against. If left empty or omitted, will\\nmatch all services.\\n\\n\\nAt least one of Service and Method MUST be a non-empty string."', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method+: { method: method } }, + '#withService':: d.fn(help='"Value of the service to match against. If left empty or omitted, will\\nmatch any service.\\n\\n\\nAt least one of Service and Method MUST be a non-empty string."', args=[d.arg(name='service', type=d.T.string)]), + withService(service): { method+: { service: service } }, + '#withType':: d.fn(help='"Type specifies how to match against the service and/or method.\\nSupport: Core (Exact with service and method specified)\\n\\n\\nSupport: Implementation-specific (Exact with method specified but no service specified)\\n\\n\\nSupport: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { method+: { type: type } }, + }, + '#withHeaders':: d.fn(help='"Headers specifies gRPC request header matchers. Multiple match values are\\nANDed together, meaning, a request MUST match all the specified headers\\nto select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies gRPC request header matchers. Multiple match values are\\nANDed together, meaning, a request MUST match all the specified headers\\nto select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + }, + '#sessionPersistence':: d.obj(help='"SessionPersistence defines and configures session persistence\\nfor the route rule.\\n\\n\\nSupport: Extended\\n\\n\\n"'), + sessionPersistence: { + '#cookieConfig':: d.obj(help='"CookieConfig provides configuration settings that are specific\\nto cookie-based session persistence.\\n\\n\\nSupport: Core"'), + cookieConfig: { + '#withLifetimeType':: d.fn(help="\"LifetimeType specifies whether the cookie has a permanent or\\nsession-based lifetime. A permanent cookie persists until its\\nspecified expiry time, defined by the Expires or Max-Age cookie\\nattributes, while a session cookie is deleted when the current\\nsession ends.\\n\\n\\nWhen set to \\\"Permanent\\\", AbsoluteTimeout indicates the\\ncookie's lifetime via the Expires or Max-Age cookie attributes\\nand is required.\\n\\n\\nWhen set to \\\"Session\\\", AbsoluteTimeout indicates the\\nabsolute lifetime of the cookie tracked by the gateway and\\nis optional.\\n\\n\\nSupport: Core for \\\"Session\\\" type\\n\\n\\nSupport: Extended for \\\"Permanent\\\" type\"", args=[d.arg(name='lifetimeType', type=d.T.string)]), + withLifetimeType(lifetimeType): { sessionPersistence+: { cookieConfig+: { lifetimeType: lifetimeType } } }, + }, + '#withAbsoluteTimeout':: d.fn(help='"AbsoluteTimeout defines the absolute timeout of the persistent\\nsession. Once the AbsoluteTimeout duration has elapsed, the\\nsession becomes invalid.\\n\\n\\nSupport: Extended"', args=[d.arg(name='absoluteTimeout', type=d.T.string)]), + withAbsoluteTimeout(absoluteTimeout): { sessionPersistence+: { absoluteTimeout: absoluteTimeout } }, + '#withIdleTimeout':: d.fn(help='"IdleTimeout defines the idle timeout of the persistent session.\\nOnce the session has been idle for more than the specified\\nIdleTimeout duration, the session becomes invalid.\\n\\n\\nSupport: Extended"', args=[d.arg(name='idleTimeout', type=d.T.string)]), + withIdleTimeout(idleTimeout): { sessionPersistence+: { idleTimeout: idleTimeout } }, + '#withSessionName':: d.fn(help='"SessionName defines the name of the persistent session token\\nwhich may be reflected in the cookie or the header. Users\\nshould avoid reusing session names to prevent unintended\\nconsequences, such as rejection or unpredictable behavior.\\n\\n\\nSupport: Implementation-specific"', args=[d.arg(name='sessionName', type=d.T.string)]), + withSessionName(sessionName): { sessionPersistence+: { sessionName: sessionName } }, + '#withType':: d.fn(help='"Type defines the type of session persistence such as through\\nthe use a header or cookie. Defaults to cookie based session\\npersistence.\\n\\n\\nSupport: Core for \\"Cookie\\" type\\n\\n\\nSupport: Extended for \\"Header\\" type"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { sessionPersistence+: { type: type } }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive an `UNAVAILABLE` status.\\n\\n\\nSee the GRPCBackendRef definition for the rules about what makes a single\\nGRPCBackendRef invalid.\\n\\n\\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive an `UNAVAILABLE` status.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\\nImplementations may choose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive an `UNAVAILABLE` status.\\n\\n\\nSee the GRPCBackendRef definition for the rules about what makes a single\\nGRPCBackendRef invalid.\\n\\n\\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive an `UNAVAILABLE` status.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\\nImplementations may choose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nThe effects of ordering of multiple behaviors are currently unspecified.\\nThis can change in the future based on feedback during the alpha stage.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations that support\\n GRPCRoute.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nIf an implementation can not support a combination of filters, it must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nThe effects of ordering of multiple behaviors are currently unspecified.\\nThis can change in the future based on feedback during the alpha stage.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations that support\\n GRPCRoute.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nIf an implementation can not support a combination of filters, it must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\ngRPC requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- method:\\n service: foo.bar\\n headers:\\n values:\\n version: 2\\n- method:\\n service: foo.bar.v2\\n```\\n\\n\\nFor a request to match against this rule, it MUST satisfy\\nEITHER of the two conditions:\\n\\n\\n- service of foo.bar AND contains the header `version: 2`\\n- service of foo.bar.v2\\n\\n\\nSee the documentation for GRPCRouteMatch on how to specify multiple\\nmatch conditions to be ANDed together.\\n\\n\\nIf no matches are specified, the implementation MUST match every gRPC request.\\n\\n\\nProxy or Load Balancer routing configuration generated from GRPCRoutes\\nMUST prioritize rules based on the following criteria, continuing on\\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\\nPrecedence MUST be given to the rule with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n* Characters in a matching service.\\n* Characters in a matching method.\\n* Header matches.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within the Route that has been given precedence,\\nmatching precedence MUST be granted to the first matching rule meeting\\nthe above criteria."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\ngRPC requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- method:\\n service: foo.bar\\n headers:\\n values:\\n version: 2\\n- method:\\n service: foo.bar.v2\\n```\\n\\n\\nFor a request to match against this rule, it MUST satisfy\\nEITHER of the two conditions:\\n\\n\\n- service of foo.bar AND contains the header `version: 2`\\n- service of foo.bar.v2\\n\\n\\nSee the documentation for GRPCRouteMatch on how to specify multiple\\nmatch conditions to be ANDed together.\\n\\n\\nIf no matches are specified, the implementation MUST match every gRPC request.\\n\\n\\nProxy or Load Balancer routing configuration generated from GRPCRoutes\\nMUST prioritize rules based on the following criteria, continuing on\\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\\nPrecedence MUST be given to the rule with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n* Characters in a matching service.\\n* Characters in a matching method.\\n* Header matches.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within the Route that has been given precedence,\\nmatching precedence MUST be granted to the first matching rule meeting\\nthe above criteria."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames to match against the GRPC\\nHost header to select a GRPCRoute to process the request. This matches\\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label MUST appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and GRPCRoute, there\\nMUST be at least one intersecting hostname for the GRPCRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `test.example.com` and `*.example.com` would both match. On the other\\n hand, `example.com` and `test.example.net` would not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, any\\nGRPCRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nGRPCRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` MUST NOT be considered for a match.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, and none\\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\\nthe implementation. The implementation MUST raise an 'Accepted' Condition\\nwith a status of `False` in the corresponding RouteParentStatus.\\n\\n\\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\\nListener and that listener already has another Route (B) of the other\\ntype attached and the intersection of the hostnames of A and B is\\nnon-empty, then the implementation MUST accept exactly one of these two\\nroutes, determined by the following criteria, in order:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\\"{namespace}/{name}\\\".\\n\\n\\nThe rejected Route MUST raise an 'Accepted' condition with a status of\\n'False' in the corresponding RouteParentStatus.\\n\\n\\nSupport: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames to match against the GRPC\\nHost header to select a GRPCRoute to process the request. This matches\\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label MUST appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and GRPCRoute, there\\nMUST be at least one intersecting hostname for the GRPCRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `test.example.com` and `*.example.com` would both match. On the other\\n hand, `example.com` and `test.example.net` would not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, any\\nGRPCRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nGRPCRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` MUST NOT be considered for a match.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, and none\\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\\nthe implementation. The implementation MUST raise an 'Accepted' Condition\\nwith a status of `False` in the corresponding RouteParentStatus.\\n\\n\\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\\nListener and that listener already has another Route (B) of the other\\ntype attached and the intersection of the hostnames of A and B is\\nnon-empty, then the implementation MUST accept exactly one of these two\\nroutes, determined by the following criteria, in order:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\\"{namespace}/{name}\\\".\\n\\n\\nThe rejected Route MUST raise an 'Accepted' condition with a status of\\n'False' in the corresponding RouteParentStatus.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of GRPC matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of GRPC matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/_gen/gateway/v1alpha2/main.libsonnet b/1.1-experimental/_gen/gateway/v1alpha2/main.libsonnet new file mode 100644 index 0000000..0e92533 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1alpha2/main.libsonnet @@ -0,0 +1,10 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1alpha2', url='', help=''), + backendLBPolicy: (import 'backendLBPolicy.libsonnet'), + grpcRoute: (import 'grpcRoute.libsonnet'), + referenceGrant: (import 'referenceGrant.libsonnet'), + tcpRoute: (import 'tcpRoute.libsonnet'), + tlsRoute: (import 'tlsRoute.libsonnet'), + udpRoute: (import 'udpRoute.libsonnet'), +} diff --git a/1.1-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet b/1.1-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet new file mode 100644 index 0000000..281d1c8 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1alpha2/referenceGrant.libsonnet @@ -0,0 +1,81 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='referenceGrant', url='', help='"ReferenceGrant identifies kinds of resources in other namespaces that are\\ntrusted to reference the specified kinds of resources in the same namespace\\nas the policy.\\n\\n\\nEach ReferenceGrant can be used to represent a unique trust relationship.\\nAdditional Reference Grants can be used to add to the set of trusted\\nsources of inbound references for the namespace they are defined within.\\n\\n\\nA ReferenceGrant is required for all cross-namespace references in Gateway API\\n(with the exception of cross-namespace Route-Gateway attachment, which is\\ngoverned by the AllowedRoutes configuration on the Gateway, and cross-namespace\\nService ParentRefs on a \\"consumer\\" mesh Route, which defines routing rules\\napplicable only to workloads in the Route namespace). ReferenceGrants allowing\\na reference from a Route to a Service are only applicable to BackendRefs.\\n\\n\\nReferenceGrant is a form of runtime verification allowing users to assert\\nwhich cross-namespace object references are permitted. Implementations that\\nsupport ReferenceGrant MUST NOT permit cross-namespace references which have\\nno grant, and MUST respond to the removal of a grant by revoking the access\\nthat the grant allowed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of ReferenceGrant', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'ReferenceGrant', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of ReferenceGrant."'), + spec: { + '#from':: d.obj(help='"From describes the trusted namespaces and kinds that can reference the\\nresources described in \\"To\\". Each entry in this list MUST be considered\\nto be an additional place that references can be valid from, or to put\\nthis another way, entries MUST be combined using OR.\\n\\n\\nSupport: Core"'), + from: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen empty, the Kubernetes core API group is inferred.\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support\\nadditional resources, the following types are part of the \\"Core\\"\\nsupport level for this field.\\n\\n\\nWhen used to permit a SecretObjectReference:\\n\\n\\n* Gateway\\n\\n\\nWhen used to permit a BackendObjectReference:\\n\\n\\n* GRPCRoute\\n* HTTPRoute\\n* TCPRoute\\n* TLSRoute\\n* UDPRoute"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#to':: d.obj(help='"To describes the resources that may be referenced by the resources\\ndescribed in \\"From\\". Each entry in this list MUST be considered to be an\\nadditional place that references can be valid to, or to put this another\\nway, entries MUST be combined using OR.\\n\\n\\nSupport: Core"'), + to: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen empty, the Kubernetes core API group is inferred.\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support\\nadditional resources, the following types are part of the \\"Core\\"\\nsupport level for this field:\\n\\n\\n* Secret when used to permit a SecretObjectReference\\n* Service when used to permit a BackendObjectReference"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. When unspecified, this policy\\nrefers to all resources of the specified Group and Kind in the local\\nnamespace."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withFrom':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the\\nresources described in \\"To\\". Each entry in this list MUST be considered\\nto be an additional place that references can be valid from, or to put\\nthis another way, entries MUST be combined using OR.\\n\\n\\nSupport: Core"', args=[d.arg(name='from', type=d.T.array)]), + withFrom(from): { spec+: { from: if std.isArray(v=from) then from else [from] } }, + '#withFromMixin':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the\\nresources described in \\"To\\". Each entry in this list MUST be considered\\nto be an additional place that references can be valid from, or to put\\nthis another way, entries MUST be combined using OR.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='from', type=d.T.array)]), + withFromMixin(from): { spec+: { from+: if std.isArray(v=from) then from else [from] } }, + '#withTo':: d.fn(help='"To describes the resources that may be referenced by the resources\\ndescribed in \\"From\\". Each entry in this list MUST be considered to be an\\nadditional place that references can be valid to, or to put this another\\nway, entries MUST be combined using OR.\\n\\n\\nSupport: Core"', args=[d.arg(name='to', type=d.T.array)]), + withTo(to): { spec+: { to: if std.isArray(v=to) then to else [to] } }, + '#withToMixin':: d.fn(help='"To describes the resources that may be referenced by the resources\\ndescribed in \\"From\\". Each entry in this list MUST be considered to be an\\nadditional place that references can be valid to, or to put this another\\nway, entries MUST be combined using OR.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='to', type=d.T.array)]), + withToMixin(to): { spec+: { to+: if std.isArray(v=to) then to else [to] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet b/1.1-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet new file mode 100644 index 0000000..0816bd6 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1alpha2/tcpRoute.libsonnet @@ -0,0 +1,100 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='tcpRoute', url='', help='"TCPRoute provides a way to route TCP requests. When combined with a Gateway\\nlistener, it can be used to forward connections on the port specified by the\\nlistener to a set of backends specified by the TCPRoute."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of TCPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'TCPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of TCPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen unspecified, \\"gateway.networking.k8s.io\\" is inferred.\\nTo set the core API group (such as for a \\"Service\\" kind referent),\\nGroup must be explicitly set to \\"\\" (empty string).\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nSupport for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers\\nto the local namespace of the Route.\\n\\n\\nNote that there are specific rules for ParentRefs which cross namespace\\nboundaries. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example:\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable any other kind of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted\\ndifferently based on the type of parent resource.\\n\\n\\nWhen the parent resource is a Gateway, this targets all listeners\\nlistening on the specified port that also support this kind of Route(and\\nselect this Route). It's not recommended to set `Port` unless the\\nnetworking behaviors specified in a Route must apply to a specific port\\nas opposed to a listener(s) whose port(s) may be changed. When both Port\\nand SectionName are specified, the name and port of the selected listener\\nmust match both specified values.\\n\\n\\n\\nWhen the parent resource is a Service, this targets a specific port in the\\nService spec. When both Port (experimental) and SectionName are specified,\\nthe name and port of the selected port must match both specified values.\\n\\n\\n\\nImplementations MAY choose to support other parent resources.\\nImplementations supporting other types of parent resources MUST clearly\\ndocument how/if Port is interpreted.\\n\\n\\nFor the purpose of status, an attachment is considered successful as\\nlong as the parent resource accepts it partially. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\\nfrom the referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route,\\nthe Route MUST be considered detached from the Gateway.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the\\nfollowing resources, SectionName is interpreted as the following:\\n\\n\\n* Gateway: Listener name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n* Service: Port name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n\\n\\nImplementations MAY choose to support attaching Routes to other resources.\\nIf that is the case, they MUST clearly document how SectionName is\\ninterpreted.\\n\\n\\nWhen unspecified (empty string), this will reference the entire resource.\\nFor the purpose of status, an attachment is considered successful if at\\nleast one section in the parent resource accepts it. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\\nthe referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route, the\\nRoute MUST be considered detached from the Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of TCP matchers and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent. If unspecified or invalid (refers to a non-existent resource or a\\nService with no endpoints), the underlying implementation MUST actively\\nreject connection attempts to this backend. Connection rejections must\\nrespect weight; if an invalid backend is requested to have 80% of\\nconnections, then 80% of connections must be rejected instead.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Extended"'), + backendRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced\\nbackend. This is computed as weight/(sum of all weights in this\\nBackendRefs list). For non-zero values, there may be some epsilon from\\nthe exact proportion defined here depending on the precision an\\nimplementation supports. Weight is not a percentage and the sum of\\nweights does not need to equal 100.\\n\\n\\nIf only one backend is specified and it has a weight greater than 0, 100%\\nof the traffic is forwarded to that backend. If weight is set to 0, no\\ntraffic should be forwarded for this entry. If unspecified, weight\\ndefaults to 1.\\n\\n\\nSupport for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent. If unspecified or invalid (refers to a non-existent resource or a\\nService with no endpoints), the underlying implementation MUST actively\\nreject connection attempts to this backend. Connection rejections must\\nrespect weight; if an invalid backend is requested to have 80% of\\nconnections, then 80% of connections must be rejected instead.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Extended"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent. If unspecified or invalid (refers to a non-existent resource or a\\nService with no endpoints), the underlying implementation MUST actively\\nreject connection attempts to this backend. Connection rejections must\\nrespect weight; if an invalid backend is requested to have 80% of\\nconnections, then 80% of connections must be rejected instead.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of TCP matchers and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of TCP matchers and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet b/1.1-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet new file mode 100644 index 0000000..2626bee --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1alpha2/tlsRoute.libsonnet @@ -0,0 +1,104 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='tlsRoute', url='', help='"The TLSRoute resource is similar to TCPRoute, but can be configured\\nto match against TLS-specific metadata. This allows more flexibility\\nin matching streams for a given TLS listener.\\n\\n\\nIf you need to forward traffic to a single target for a TLS listener, you\\ncould choose to use a TCPRoute with a TLS listener."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of TLSRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'TLSRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of TLSRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen unspecified, \\"gateway.networking.k8s.io\\" is inferred.\\nTo set the core API group (such as for a \\"Service\\" kind referent),\\nGroup must be explicitly set to \\"\\" (empty string).\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nSupport for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers\\nto the local namespace of the Route.\\n\\n\\nNote that there are specific rules for ParentRefs which cross namespace\\nboundaries. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example:\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable any other kind of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted\\ndifferently based on the type of parent resource.\\n\\n\\nWhen the parent resource is a Gateway, this targets all listeners\\nlistening on the specified port that also support this kind of Route(and\\nselect this Route). It's not recommended to set `Port` unless the\\nnetworking behaviors specified in a Route must apply to a specific port\\nas opposed to a listener(s) whose port(s) may be changed. When both Port\\nand SectionName are specified, the name and port of the selected listener\\nmust match both specified values.\\n\\n\\n\\nWhen the parent resource is a Service, this targets a specific port in the\\nService spec. When both Port (experimental) and SectionName are specified,\\nthe name and port of the selected port must match both specified values.\\n\\n\\n\\nImplementations MAY choose to support other parent resources.\\nImplementations supporting other types of parent resources MUST clearly\\ndocument how/if Port is interpreted.\\n\\n\\nFor the purpose of status, an attachment is considered successful as\\nlong as the parent resource accepts it partially. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\\nfrom the referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route,\\nthe Route MUST be considered detached from the Gateway.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the\\nfollowing resources, SectionName is interpreted as the following:\\n\\n\\n* Gateway: Listener name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n* Service: Port name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n\\n\\nImplementations MAY choose to support attaching Routes to other resources.\\nIf that is the case, they MUST clearly document how SectionName is\\ninterpreted.\\n\\n\\nWhen unspecified (empty string), this will reference the entire resource.\\nFor the purpose of status, an attachment is considered successful if at\\nleast one section in the parent resource accepts it. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\\nthe referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route, the\\nRoute MUST be considered detached from the Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of TLS matchers and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent. If unspecified or invalid (refers to a non-existent resource or\\na Service with no endpoints), the rule performs no forwarding; if no\\nfilters are specified that would result in a response being sent, the\\nunderlying implementation must actively reject request attempts to this\\nbackend, by rejecting the connection or returning a 500 status code.\\nRequest rejections must respect weight; if an invalid backend is\\nrequested to have 80% of requests, then 80% of requests must be rejected\\ninstead.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Extended"'), + backendRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced\\nbackend. This is computed as weight/(sum of all weights in this\\nBackendRefs list). For non-zero values, there may be some epsilon from\\nthe exact proportion defined here depending on the precision an\\nimplementation supports. Weight is not a percentage and the sum of\\nweights does not need to equal 100.\\n\\n\\nIf only one backend is specified and it has a weight greater than 0, 100%\\nof the traffic is forwarded to that backend. If weight is set to 0, no\\ntraffic should be forwarded for this entry. If unspecified, weight\\ndefaults to 1.\\n\\n\\nSupport for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent. If unspecified or invalid (refers to a non-existent resource or\\na Service with no endpoints), the rule performs no forwarding; if no\\nfilters are specified that would result in a response being sent, the\\nunderlying implementation must actively reject request attempts to this\\nbackend, by rejecting the connection or returning a 500 status code.\\nRequest rejections must respect weight; if an invalid backend is\\nrequested to have 80% of requests, then 80% of requests must be rejected\\ninstead.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Extended"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent. If unspecified or invalid (refers to a non-existent resource or\\na Service with no endpoints), the rule performs no forwarding; if no\\nfilters are specified that would result in a response being sent, the\\nunderlying implementation must actively reject request attempts to this\\nbackend, by rejecting the connection or returning a 500 status code.\\nRequest rejections must respect weight; if an invalid backend is\\nrequested to have 80% of requests, then 80% of requests must be rejected\\ninstead.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of SNI names that should match against the\\nSNI attribute of TLS ClientHello message in TLS handshake. This matches\\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed in SNI names per RFC 6066.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label must appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and TLSRoute, there\\nmust be at least one intersecting hostname for the TLSRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches TLSRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches TLSRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `test.example.com` and `*.example.com` would both match. On the other\\n hand, `example.com` and `test.example.net` would not match.\\n\\n\\nIf both the Listener and TLSRoute have specified hostnames, any\\nTLSRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nTLSRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` must not be considered for a match.\\n\\n\\nIf both the Listener and TLSRoute have specified hostnames, and none\\nmatch with the criteria above, then the TLSRoute is not accepted. The\\nimplementation must raise an 'Accepted' Condition with a status of\\n`False` in the corresponding RouteParentStatus.\\n\\n\\nSupport: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of SNI names that should match against the\\nSNI attribute of TLS ClientHello message in TLS handshake. This matches\\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed in SNI names per RFC 6066.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label must appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and TLSRoute, there\\nmust be at least one intersecting hostname for the TLSRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches TLSRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches TLSRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `test.example.com` and `*.example.com` would both match. On the other\\n hand, `example.com` and `test.example.net` would not match.\\n\\n\\nIf both the Listener and TLSRoute have specified hostnames, any\\nTLSRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nTLSRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` must not be considered for a match.\\n\\n\\nIf both the Listener and TLSRoute have specified hostnames, and none\\nmatch with the criteria above, then the TLSRoute is not accepted. The\\nimplementation must raise an 'Accepted' Condition with a status of\\n`False` in the corresponding RouteParentStatus.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of TLS matchers and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of TLS matchers and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet b/1.1-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet new file mode 100644 index 0000000..2fcf8ac --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1alpha2/udpRoute.libsonnet @@ -0,0 +1,100 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='udpRoute', url='', help='"UDPRoute provides a way to route UDP traffic. When combined with a Gateway\\nlistener, it can be used to forward traffic on the port specified by the\\nlistener to a set of backends specified by the UDPRoute."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of UDPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'UDPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of UDPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen unspecified, \\"gateway.networking.k8s.io\\" is inferred.\\nTo set the core API group (such as for a \\"Service\\" kind referent),\\nGroup must be explicitly set to \\"\\" (empty string).\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nSupport for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers\\nto the local namespace of the Route.\\n\\n\\nNote that there are specific rules for ParentRefs which cross namespace\\nboundaries. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example:\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable any other kind of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted\\ndifferently based on the type of parent resource.\\n\\n\\nWhen the parent resource is a Gateway, this targets all listeners\\nlistening on the specified port that also support this kind of Route(and\\nselect this Route). It's not recommended to set `Port` unless the\\nnetworking behaviors specified in a Route must apply to a specific port\\nas opposed to a listener(s) whose port(s) may be changed. When both Port\\nand SectionName are specified, the name and port of the selected listener\\nmust match both specified values.\\n\\n\\n\\nWhen the parent resource is a Service, this targets a specific port in the\\nService spec. When both Port (experimental) and SectionName are specified,\\nthe name and port of the selected port must match both specified values.\\n\\n\\n\\nImplementations MAY choose to support other parent resources.\\nImplementations supporting other types of parent resources MUST clearly\\ndocument how/if Port is interpreted.\\n\\n\\nFor the purpose of status, an attachment is considered successful as\\nlong as the parent resource accepts it partially. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\\nfrom the referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route,\\nthe Route MUST be considered detached from the Gateway.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the\\nfollowing resources, SectionName is interpreted as the following:\\n\\n\\n* Gateway: Listener name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n* Service: Port name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n\\n\\nImplementations MAY choose to support attaching Routes to other resources.\\nIf that is the case, they MUST clearly document how SectionName is\\ninterpreted.\\n\\n\\nWhen unspecified (empty string), this will reference the entire resource.\\nFor the purpose of status, an attachment is considered successful if at\\nleast one section in the parent resource accepts it. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\\nthe referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route, the\\nRoute MUST be considered detached from the Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of UDP matchers and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent. If unspecified or invalid (refers to a non-existent resource or a\\nService with no endpoints), the underlying implementation MUST actively\\nreject connection attempts to this backend. Packet drops must\\nrespect weight; if an invalid backend is requested to have 80% of\\nthe packets, then 80% of packets must be dropped instead.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Extended"'), + backendRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced\\nbackend. This is computed as weight/(sum of all weights in this\\nBackendRefs list). For non-zero values, there may be some epsilon from\\nthe exact proportion defined here depending on the precision an\\nimplementation supports. Weight is not a percentage and the sum of\\nweights does not need to equal 100.\\n\\n\\nIf only one backend is specified and it has a weight greater than 0, 100%\\nof the traffic is forwarded to that backend. If weight is set to 0, no\\ntraffic should be forwarded for this entry. If unspecified, weight\\ndefaults to 1.\\n\\n\\nSupport for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent. If unspecified or invalid (refers to a non-existent resource or a\\nService with no endpoints), the underlying implementation MUST actively\\nreject connection attempts to this backend. Packet drops must\\nrespect weight; if an invalid backend is requested to have 80% of\\nthe packets, then 80% of packets must be dropped instead.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Extended"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent. If unspecified or invalid (refers to a non-existent resource or a\\nService with no endpoints), the underlying implementation MUST actively\\nreject connection attempts to this backend. Packet drops must\\nrespect weight; if an invalid backend is requested to have 80% of\\nthe packets, then 80% of packets must be dropped instead.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of UDP matchers and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of UDP matchers and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/_gen/gateway/v1alpha3/backendTLSPolicy.libsonnet b/1.1-experimental/_gen/gateway/v1alpha3/backendTLSPolicy.libsonnet new file mode 100644 index 0000000..c7e39e3 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1alpha3/backendTLSPolicy.libsonnet @@ -0,0 +1,90 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='backendTLSPolicy', url='', help='"BackendTLSPolicy provides a way to configure how a Gateway\\nconnects to a Backend via TLS."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of BackendTLSPolicy', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha3', + kind: 'BackendTLSPolicy', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of BackendTLSPolicy."'), + spec: { + '#targetRefs':: d.obj(help='"TargetRefs identifies an API object to apply the policy to.\\nOnly Services have Extended support. Implementations MAY support\\nadditional objects, with Implementation Specific support.\\nNote that this config applies to the entire referenced resource\\nby default, but this default may change in the future to provide\\na more granular application of the policy.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + targetRefs: { + '#withGroup':: d.fn(help='"Group is the group of the target resource."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the target resource."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the target resource."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withSectionName':: d.fn(help="\"SectionName is the name of a section within the target resource. When\\nunspecified, this targetRef targets the entire resource. In the following\\nresources, SectionName is interpreted as the following:\\n\\n\\n* Gateway: Listener name\\n* HTTPRoute: HTTPRouteRule name\\n* Service: Port name\\n\\n\\nIf a SectionName is specified, but does not exist on the targeted object,\\nthe Policy must fail to attach, and the policy implementation should record\\na `ResolvedRefs` or similar Condition in the Policy's status.\"", args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#validation':: d.obj(help='"Validation contains backend TLS validation configuration."'), + validation: { + '#caCertificateRefs':: d.obj(help='"CACertificateRefs contains one or more references to Kubernetes objects that\\ncontain a PEM-encoded TLS CA certificate bundle, which is used to\\nvalidate a TLS handshake between the Gateway and backend Pod.\\n\\n\\nIf CACertificateRefs is empty or unspecified, then WellKnownCACertificates must be\\nspecified. Only one of CACertificateRefs or WellKnownCACertificates may be specified,\\nnot both. If CACertifcateRefs is empty or unspecified, the configuration for\\nWellKnownCACertificates MUST be honored instead if supported by the implementation.\\n\\n\\nReferences to a resource in a different namespace are invalid for the\\nmoment, although we will revisit this in the future.\\n\\n\\nA single CACertificateRef to a Kubernetes ConfigMap kind has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na backend, but this behavior is implementation-specific.\\n\\n\\nSupport: Core - An optional single reference to a Kubernetes ConfigMap,\\nwith the CA certificate in a key named `ca.crt`.\\n\\n\\nSupport: Implementation-specific (More than one reference, or other kinds\\nof resources)."'), + caCertificateRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withCaCertificateRefs':: d.fn(help='"CACertificateRefs contains one or more references to Kubernetes objects that\\ncontain a PEM-encoded TLS CA certificate bundle, which is used to\\nvalidate a TLS handshake between the Gateway and backend Pod.\\n\\n\\nIf CACertificateRefs is empty or unspecified, then WellKnownCACertificates must be\\nspecified. Only one of CACertificateRefs or WellKnownCACertificates may be specified,\\nnot both. If CACertifcateRefs is empty or unspecified, the configuration for\\nWellKnownCACertificates MUST be honored instead if supported by the implementation.\\n\\n\\nReferences to a resource in a different namespace are invalid for the\\nmoment, although we will revisit this in the future.\\n\\n\\nA single CACertificateRef to a Kubernetes ConfigMap kind has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na backend, but this behavior is implementation-specific.\\n\\n\\nSupport: Core - An optional single reference to a Kubernetes ConfigMap,\\nwith the CA certificate in a key named `ca.crt`.\\n\\n\\nSupport: Implementation-specific (More than one reference, or other kinds\\nof resources)."', args=[d.arg(name='caCertificateRefs', type=d.T.array)]), + withCaCertificateRefs(caCertificateRefs): { spec+: { validation+: { caCertificateRefs: if std.isArray(v=caCertificateRefs) then caCertificateRefs else [caCertificateRefs] } } }, + '#withCaCertificateRefsMixin':: d.fn(help='"CACertificateRefs contains one or more references to Kubernetes objects that\\ncontain a PEM-encoded TLS CA certificate bundle, which is used to\\nvalidate a TLS handshake between the Gateway and backend Pod.\\n\\n\\nIf CACertificateRefs is empty or unspecified, then WellKnownCACertificates must be\\nspecified. Only one of CACertificateRefs or WellKnownCACertificates may be specified,\\nnot both. If CACertifcateRefs is empty or unspecified, the configuration for\\nWellKnownCACertificates MUST be honored instead if supported by the implementation.\\n\\n\\nReferences to a resource in a different namespace are invalid for the\\nmoment, although we will revisit this in the future.\\n\\n\\nA single CACertificateRef to a Kubernetes ConfigMap kind has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na backend, but this behavior is implementation-specific.\\n\\n\\nSupport: Core - An optional single reference to a Kubernetes ConfigMap,\\nwith the CA certificate in a key named `ca.crt`.\\n\\n\\nSupport: Implementation-specific (More than one reference, or other kinds\\nof resources)."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='caCertificateRefs', type=d.T.array)]), + withCaCertificateRefsMixin(caCertificateRefs): { spec+: { validation+: { caCertificateRefs+: if std.isArray(v=caCertificateRefs) then caCertificateRefs else [caCertificateRefs] } } }, + '#withHostname':: d.fn(help='"Hostname is used for two purposes in the connection between Gateways and\\nbackends:\\n\\n\\n1. Hostname MUST be used as the SNI to connect to the backend (RFC 6066).\\n2. Hostname MUST be used for authentication and MUST match the certificate\\n served by the matching backend.\\n\\n\\nSupport: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { spec+: { validation+: { hostname: hostname } } }, + '#withWellKnownCACertificates':: d.fn(help='"WellKnownCACertificates specifies whether system CA certificates may be used in\\nthe TLS handshake between the gateway and backend pod.\\n\\n\\nIf WellKnownCACertificates is unspecified or empty (\\"\\"), then CACertificateRefs\\nmust be specified with at least one entry for a valid configuration. Only one of\\nCACertificateRefs or WellKnownCACertificates may be specified, not both. If an\\nimplementation does not support the WellKnownCACertificates field or the value\\nsupplied is not supported, the Status Conditions on the Policy MUST be\\nupdated to include an Accepted: False Condition with Reason: Invalid.\\n\\n\\nSupport: Implementation-specific"', args=[d.arg(name='wellKnownCACertificates', type=d.T.string)]), + withWellKnownCACertificates(wellKnownCACertificates): { spec+: { validation+: { wellKnownCACertificates: wellKnownCACertificates } } }, + }, + '#withTargetRefs':: d.fn(help='"TargetRefs identifies an API object to apply the policy to.\\nOnly Services have Extended support. Implementations MAY support\\nadditional objects, with Implementation Specific support.\\nNote that this config applies to the entire referenced resource\\nby default, but this default may change in the future to provide\\na more granular application of the policy.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"', args=[d.arg(name='targetRefs', type=d.T.array)]), + withTargetRefs(targetRefs): { spec+: { targetRefs: if std.isArray(v=targetRefs) then targetRefs else [targetRefs] } }, + '#withTargetRefsMixin':: d.fn(help='"TargetRefs identifies an API object to apply the policy to.\\nOnly Services have Extended support. Implementations MAY support\\nadditional objects, with Implementation Specific support.\\nNote that this config applies to the entire referenced resource\\nby default, but this default may change in the future to provide\\na more granular application of the policy.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='targetRefs', type=d.T.array)]), + withTargetRefsMixin(targetRefs): { spec+: { targetRefs+: if std.isArray(v=targetRefs) then targetRefs else [targetRefs] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/_gen/gateway/v1alpha3/main.libsonnet b/1.1-experimental/_gen/gateway/v1alpha3/main.libsonnet new file mode 100644 index 0000000..7bda308 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1alpha3/main.libsonnet @@ -0,0 +1,5 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1alpha3', url='', help=''), + backendTLSPolicy: (import 'backendTLSPolicy.libsonnet'), +} diff --git a/1.1-experimental/_gen/gateway/v1beta1/gateway.libsonnet b/1.1-experimental/_gen/gateway/v1beta1/gateway.libsonnet new file mode 100644 index 0000000..a768855 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1beta1/gateway.libsonnet @@ -0,0 +1,186 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help='"Gateway represents an instance of a service-traffic handling infrastructure\\nby binding Listeners to a set of IP addresses."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of Gateway', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'Gateway', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of Gateway."'), + spec: { + '#addresses':: d.obj(help='"Addresses requested for this Gateway. This is optional and behavior can\\ndepend on the implementation. If a value is set in the spec and the\\nrequested address is invalid or unavailable, the implementation MUST\\nindicate this in the associated entry in GatewayStatus.Addresses.\\n\\n\\nThe Addresses field represents a request for the address(es) on the\\n\\"outside of the Gateway\\", that traffic bound for this Gateway will use.\\nThis could be the IP address or hostname of an external load balancer or\\nother networking infrastructure, or some other address that traffic will\\nbe sent to.\\n\\n\\nIf no Addresses are specified, the implementation MAY schedule the\\nGateway in an implementation-specific manner, assigning an appropriate\\nset of Addresses.\\n\\n\\nThe implementation MUST bind all Listeners to every GatewayAddress that\\nit assigns to the Gateway and add a corresponding entry in\\nGatewayStatus.Addresses.\\n\\n\\nSupport: Extended\\n\\n\\n"'), + addresses: { + '#withType':: d.fn(help='"Type of the address."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value of the address. The validity of the values will depend\\non the type and support by the controller.\\n\\n\\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#infrastructure':: d.obj(help='"Infrastructure defines infrastructure level attributes about this Gateway instance.\\n\\n\\nSupport: Core\\n\\n\\n"'), + infrastructure: { + '#parametersRef':: d.obj(help="\"ParametersRef is a reference to a resource that contains the configuration\\nparameters corresponding to the Gateway. This is optional if the\\ncontroller does not require any additional configuration.\\n\\n\\nThis follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis\\n\\n\\nThe Gateway's GatewayClass may provide its own `parametersRef`. When both are specified,\\nthe merging behavior is implementation specific.\\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\\n\\n\\nSupport: Implementation-specific\""), + parametersRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { spec+: { infrastructure+: { parametersRef+: { group: group } } } }, + '#withKind':: d.fn(help='"Kind is kind of the referent."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { spec+: { infrastructure+: { parametersRef+: { kind: kind } } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { infrastructure+: { parametersRef+: { name: name } } } }, + }, + '#withAnnotations':: d.fn(help='"Annotations that SHOULD be applied to any resources created in response to this Gateway.\\n\\n\\nFor implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.\\nFor other implementations, this refers to any relevant (implementation specific) \\"annotations\\" concepts.\\n\\n\\nAn implementation may chose to add additional implementation-specific annotations as they see fit.\\n\\n\\nSupport: Extended"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { spec+: { infrastructure+: { annotations: annotations } } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations that SHOULD be applied to any resources created in response to this Gateway.\\n\\n\\nFor implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.\\nFor other implementations, this refers to any relevant (implementation specific) \\"annotations\\" concepts.\\n\\n\\nAn implementation may chose to add additional implementation-specific annotations as they see fit.\\n\\n\\nSupport: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { spec+: { infrastructure+: { annotations+: annotations } } }, + '#withLabels':: d.fn(help='"Labels that SHOULD be applied to any resources created in response to this Gateway.\\n\\n\\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\\nFor other implementations, this refers to any relevant (implementation specific) \\"labels\\" concepts.\\n\\n\\nAn implementation may chose to add additional implementation-specific labels as they see fit.\\n\\n\\nSupport: Extended"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { spec+: { infrastructure+: { labels: labels } } }, + '#withLabelsMixin':: d.fn(help='"Labels that SHOULD be applied to any resources created in response to this Gateway.\\n\\n\\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\\nFor other implementations, this refers to any relevant (implementation specific) \\"labels\\" concepts.\\n\\n\\nAn implementation may chose to add additional implementation-specific labels as they see fit.\\n\\n\\nSupport: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { spec+: { infrastructure+: { labels+: labels } } }, + }, + '#listeners':: d.obj(help="\"Listeners associated with this Gateway. Listeners define\\nlogical endpoints that are bound on this Gateway's addresses.\\nAt least one Listener MUST be specified.\\n\\n\\nEach Listener in a set of Listeners (for example, in a single Gateway)\\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\\nexactly one listener. (This section uses \\\"set of Listeners\\\" rather than\\n\\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration\\nfrom multiple Gateways onto a single data plane, and these rules _also_\\napply in that case).\\n\\n\\nPractically, this means that each listener in a set MUST have a unique\\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\\n\\n\\nSome combinations of port, protocol, and TLS settings are considered\\nCore support and MUST be supported by implementations based on their\\ntargeted conformance profile:\\n\\n\\nHTTP Profile\\n\\n\\n1. HTTPRoute, Port: 80, Protocol: HTTP\\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\\n\\n\\nTLS Profile\\n\\n\\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\\n\\n\\n\\\"Distinct\\\" Listeners have the following property:\\n\\n\\nThe implementation can match inbound requests to a single distinct\\nListener. When multiple Listeners share values for fields (for\\nexample, two Listeners with the same Port value), the implementation\\ncan match requests to only one of the Listeners using other\\nListener fields.\\n\\n\\nFor example, the following Listener scenarios are distinct:\\n\\n\\n1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\"\\n Protocol that all have unique Hostname values.\\n2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or\\n \\\"TLS\\\" Protocol that all have unique Hostname values.\\n3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener\\n with the same Protocol has the same Port value.\\n\\n\\nSome fields in the Listener struct have possible values that affect\\nwhether the Listener is distinct. Hostname is particularly relevant\\nfor HTTP or HTTPS protocols.\\n\\n\\nWhen using the Hostname value to select between same-Port, same-Protocol\\nListeners, the Hostname value must be different on each Listener for the\\nListener to be distinct.\\n\\n\\nWhen the Listeners are distinct based on Hostname, inbound request\\nhostnames MUST match from the most specific to least specific Hostname\\nvalues to choose the correct Listener and its associated set of Routes.\\n\\n\\nExact matches must be processed before wildcard matches, and wildcard\\nmatches must be processed before fallback (empty Hostname value)\\nmatches. For example, `\\\"foo.example.com\\\"` takes precedence over\\n`\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`.\\n\\n\\nAdditionally, if there are multiple wildcard entries, more specific\\nwildcard entries must be processed before less specific wildcard entries.\\nFor example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`.\\nThe precise definition here is that the higher the number of dots in the\\nhostname to the right of the wildcard character, the higher the precedence.\\n\\n\\nThe wildcard character will match any number of characters _and dots_ to\\nthe left, however, so `\\\"*.example.com\\\"` will match both\\n`\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`.\\n\\n\\nIf a set of Listeners contains Listeners that are not distinct, then those\\nListeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\"\\ncondition in the Listener Status to \\\"True\\\".\\n\\n\\nImplementations MAY choose to accept a Gateway with some Conflicted\\nListeners only if they only accept the partial Listener set that contains\\nno Conflicted Listeners. To put this another way, implementations may\\naccept a partial Listener set only if they throw out *all* the conflicting\\nListeners. No picking one of the conflicting listeners as the winner.\\nThis also means that the Gateway must have at least one non-conflicting\\nListener in this case, otherwise it violates the requirement that at\\nleast one Listener must be present.\\n\\n\\nThe implementation MUST set a \\\"ListenersNotValid\\\" condition on the\\nGateway Status when the Gateway contains Conflicted Listeners whether or\\nnot they accept the Gateway. That Condition SHOULD clearly\\nindicate in the Message which Listeners are conflicted, and which are\\nAccepted. Additionally, the Listener status for those listeners SHOULD\\nindicate which Listeners are conflicted and not Accepted.\\n\\n\\nA Gateway's Listeners are considered \\\"compatible\\\" if:\\n\\n\\n1. They are distinct.\\n2. The implementation can serve them in compliance with the Addresses\\n requirement that all Listeners are available on all assigned\\n addresses.\\n\\n\\nCompatible combinations in Extended support are expected to vary across\\nimplementations. A combination that is compatible for one implementation\\nmay not be compatible for another.\\n\\n\\nFor example, an implementation that cannot serve both TCP and UDP listeners\\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\\nwould not consider those cases compatible, even though they are distinct.\\n\\n\\nNote that requests SHOULD match at most one Listener. For example, if\\nListeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a\\nrequest to \\\"foo.example.com\\\" SHOULD only be routed using routes attached\\nto the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener).\\nThis concept is known as \\\"Listener Isolation\\\". Implementations that do\\nnot support Listener Isolation MUST clearly document this.\\n\\n\\nImplementations MAY merge separate Gateways onto a single set of\\nAddresses if all Listeners across all Gateways are compatible.\\n\\n\\nSupport: Core\""), + listeners: { + '#allowedRoutes':: d.obj(help='"AllowedRoutes defines the types of routes that MAY be attached to a\\nListener and the trusted namespaces where those Route resources MAY be\\npresent.\\n\\n\\nAlthough a client request may match multiple route rules, only one rule\\nmay ultimately receive the request. Matching precedence MUST be\\ndetermined in order of the following criteria:\\n\\n\\n* The most specific match as defined by the Route type.\\n* The oldest Route based on creation timestamp. For example, a Route with\\n a creation timestamp of \\"2020-09-08 01:02:03\\" is given precedence over\\n a Route with a creation timestamp of \\"2020-09-08 01:02:04\\".\\n* If everything else is equivalent, the Route appearing first in\\n alphabetical order (namespace/name) should be given precedence. For\\n example, foo/bar is given precedence over foo/baz.\\n\\n\\nAll valid rules within a Route attached to this Listener should be\\nimplemented. Invalid Route rules can be ignored (sometimes that will mean\\nthe full Route). If a Route rule transitions from valid to invalid,\\nsupport for that Route rule should be dropped to ensure consistency. For\\nexample, even if a filter specified by a Route rule is invalid, the rest\\nof the rules within that Route should still be supported.\\n\\n\\nSupport: Core"'), + allowedRoutes: { + '#kinds':: d.obj(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind\\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\\nselected are determined using the Listener protocol.\\n\\n\\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\\nwith the application protocol specified in the Listener's Protocol field.\\nIf an implementation does not support or recognize this resource type, it\\nMUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the\\n\\\"InvalidRouteKinds\\\" reason.\\n\\n\\nSupport: Core\""), + kinds: { + '#withGroup':: d.fn(help='"Group is the group of the Route."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the Route."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + }, + '#namespaces':: d.obj(help='"Namespaces indicates namespaces from which Routes may be attached to this\\nListener. This is restricted to the namespace of this Gateway by default.\\n\\n\\nSupport: Core"'), + namespaces: { + '#selector':: d.obj(help='"Selector must be specified when From is set to \\"Selector\\". In that case,\\nonly Routes in Namespaces matching this Selector will be selected by this\\nGateway. This field is ignored for other values of \\"From\\".\\n\\n\\nSupport: Core"'), + selector: { + '#matchExpressions':: d.obj(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."'), + matchExpressions: { + '#withKey':: d.fn(help='"key is the label key that the selector applies to."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withOperator':: d.fn(help="\"operator represents a key's relationship to a set of values.\\nValid operators are In, NotIn, Exists and DoesNotExist.\"", args=[d.arg(name='operator', type=d.T.string)]), + withOperator(operator): { operator: operator }, + '#withValues':: d.fn(help='"values is an array of string values. If the operator is In or NotIn,\\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\\nthe values array must be empty. This array is replaced during a strategic\\nmerge patch."', args=[d.arg(name='values', type=d.T.array)]), + withValues(values): { values: if std.isArray(v=values) then values else [values] }, + '#withValuesMixin':: d.fn(help='"values is an array of string values. If the operator is In or NotIn,\\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\\nthe values array must be empty. This array is replaced during a strategic\\nmerge patch."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='values', type=d.T.array)]), + withValuesMixin(values): { values+: if std.isArray(v=values) then values else [values] }, + }, + '#withMatchExpressions':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressions(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchExpressionsMixin':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressionsMixin(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions+: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchLabels':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\\nmap is equivalent to an element of matchExpressions, whose key field is \\"key\\", the\\noperator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabels(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels: matchLabels } } } }, + '#withMatchLabelsMixin':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\\nmap is equivalent to an element of matchExpressions, whose key field is \\"key\\", the\\noperator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabelsMixin(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels+: matchLabels } } } }, + }, + '#withFrom':: d.fn(help='"From indicates where Routes will be selected for this Gateway. Possible\\nvalues are:\\n\\n\\n* All: Routes in all namespaces may be used by this Gateway.\\n* Selector: Routes in namespaces selected by the selector may be used by\\n this Gateway.\\n* Same: Only Routes in the same namespace may be used by this Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='from', type=d.T.string)]), + withFrom(from): { allowedRoutes+: { namespaces+: { from: from } } }, + }, + '#withKinds':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind\\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\\nselected are determined using the Listener protocol.\\n\\n\\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\\nwith the application protocol specified in the Listener's Protocol field.\\nIf an implementation does not support or recognize this resource type, it\\nMUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the\\n\\\"InvalidRouteKinds\\\" reason.\\n\\n\\nSupport: Core\"", args=[d.arg(name='kinds', type=d.T.array)]), + withKinds(kinds): { allowedRoutes+: { kinds: if std.isArray(v=kinds) then kinds else [kinds] } }, + '#withKindsMixin':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind\\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\\nselected are determined using the Listener protocol.\\n\\n\\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\\nwith the application protocol specified in the Listener's Protocol field.\\nIf an implementation does not support or recognize this resource type, it\\nMUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the\\n\\\"InvalidRouteKinds\\\" reason.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='kinds', type=d.T.array)]), + withKindsMixin(kinds): { allowedRoutes+: { kinds+: if std.isArray(v=kinds) then kinds else [kinds] } }, + }, + '#tls':: d.obj(help='"TLS is the TLS configuration for the Listener. This field is required if\\nthe Protocol field is \\"HTTPS\\" or \\"TLS\\". It is invalid to set this field\\nif the Protocol field is \\"HTTP\\", \\"TCP\\", or \\"UDP\\".\\n\\n\\nThe association of SNIs to Certificate defined in GatewayTLSConfig is\\ndefined based on the Hostname field for this listener.\\n\\n\\nThe GatewayClass MUST use the longest matching SNI out of all\\navailable certificates for any TLS handshake.\\n\\n\\nSupport: Core"'), + tls: { + '#certificateRefs':: d.obj(help='"CertificateRefs contains a series of references to Kubernetes objects that\\ncontains TLS certificates and private keys. These certificates are used to\\nestablish a TLS handshake for requests that match the hostname of the\\nassociated listener.\\n\\n\\nA single CertificateRef to a Kubernetes Secret has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nReferences to a resource in different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason.\\n\\n\\nThis field is required to have at least one element when the mode is set\\nto \\"Terminate\\" (default) and is optional otherwise.\\n\\n\\nCertificateRefs can reference to standard Kubernetes resources, i.e.\\nSecret, or implementation-specific custom resources.\\n\\n\\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\\n\\n\\nSupport: Implementation-specific (More than one reference or other resource types)"'), + certificateRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"Secret\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the referenced object. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#frontendValidation':: d.obj(help='"FrontendValidation holds configuration information for validating the frontend (client).\\nSetting this field will require clients to send a client certificate\\nrequired for validation during the TLS handshake. In browsers this may result in a dialog appearing\\nthat requests a user to specify the client certificate.\\nThe maximum depth of a certificate chain accepted in verification is Implementation specific.\\n\\n\\nSupport: Extended\\n\\n\\n"'), + frontendValidation: { + '#caCertificateRefs':: d.obj(help='"CACertificateRefs contains one or more references to\\nKubernetes objects that contain TLS certificates of\\nthe Certificate Authorities that can be used\\nas a trust anchor to validate the certificates presented by the client.\\n\\n\\nA single CA certificate reference to a Kubernetes ConfigMap\\nhas \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple CA certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nSupport: Core - A single reference to a Kubernetes ConfigMap\\nwith the CA certificate in a key named `ca.crt`.\\n\\n\\nSupport: Implementation-specific (More than one reference, or other kinds\\nof resources).\\n\\n\\nReferences to a resource in a different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason."'), + caCertificateRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"ConfigMap\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the referenced object. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#withCaCertificateRefs':: d.fn(help='"CACertificateRefs contains one or more references to\\nKubernetes objects that contain TLS certificates of\\nthe Certificate Authorities that can be used\\nas a trust anchor to validate the certificates presented by the client.\\n\\n\\nA single CA certificate reference to a Kubernetes ConfigMap\\nhas \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple CA certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nSupport: Core - A single reference to a Kubernetes ConfigMap\\nwith the CA certificate in a key named `ca.crt`.\\n\\n\\nSupport: Implementation-specific (More than one reference, or other kinds\\nof resources).\\n\\n\\nReferences to a resource in a different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason."', args=[d.arg(name='caCertificateRefs', type=d.T.array)]), + withCaCertificateRefs(caCertificateRefs): { tls+: { frontendValidation+: { caCertificateRefs: if std.isArray(v=caCertificateRefs) then caCertificateRefs else [caCertificateRefs] } } }, + '#withCaCertificateRefsMixin':: d.fn(help='"CACertificateRefs contains one or more references to\\nKubernetes objects that contain TLS certificates of\\nthe Certificate Authorities that can be used\\nas a trust anchor to validate the certificates presented by the client.\\n\\n\\nA single CA certificate reference to a Kubernetes ConfigMap\\nhas \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple CA certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nSupport: Core - A single reference to a Kubernetes ConfigMap\\nwith the CA certificate in a key named `ca.crt`.\\n\\n\\nSupport: Implementation-specific (More than one reference, or other kinds\\nof resources).\\n\\n\\nReferences to a resource in a different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='caCertificateRefs', type=d.T.array)]), + withCaCertificateRefsMixin(caCertificateRefs): { tls+: { frontendValidation+: { caCertificateRefs+: if std.isArray(v=caCertificateRefs) then caCertificateRefs else [caCertificateRefs] } } }, + }, + '#withCertificateRefs':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that\\ncontains TLS certificates and private keys. These certificates are used to\\nestablish a TLS handshake for requests that match the hostname of the\\nassociated listener.\\n\\n\\nA single CertificateRef to a Kubernetes Secret has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nReferences to a resource in different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason.\\n\\n\\nThis field is required to have at least one element when the mode is set\\nto \\"Terminate\\" (default) and is optional otherwise.\\n\\n\\nCertificateRefs can reference to standard Kubernetes resources, i.e.\\nSecret, or implementation-specific custom resources.\\n\\n\\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\\n\\n\\nSupport: Implementation-specific (More than one reference or other resource types)"', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefs(certificateRefs): { tls+: { certificateRefs: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withCertificateRefsMixin':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that\\ncontains TLS certificates and private keys. These certificates are used to\\nestablish a TLS handshake for requests that match the hostname of the\\nassociated listener.\\n\\n\\nA single CertificateRef to a Kubernetes Secret has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nReferences to a resource in different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason.\\n\\n\\nThis field is required to have at least one element when the mode is set\\nto \\"Terminate\\" (default) and is optional otherwise.\\n\\n\\nCertificateRefs can reference to standard Kubernetes resources, i.e.\\nSecret, or implementation-specific custom resources.\\n\\n\\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\\n\\n\\nSupport: Implementation-specific (More than one reference or other resource types)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefsMixin(certificateRefs): { tls+: { certificateRefs+: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withMode':: d.fn(help="\"Mode defines the TLS behavior for the TLS session initiated by the client.\\nThere are two possible modes:\\n\\n\\n- Terminate: The TLS session between the downstream client and the\\n Gateway is terminated at the Gateway. This mode requires certificates\\n to be specified in some way, such as populating the certificateRefs\\n field.\\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\\n implies that the Gateway can't decipher the TLS stream except for\\n the ClientHello message of the TLS protocol. The certificateRefs field\\n is ignored in this mode.\\n\\n\\nSupport: Core\"", args=[d.arg(name='mode', type=d.T.string)]), + withMode(mode): { tls+: { mode: mode } }, + '#withOptions':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS\\nconfiguration for each implementation. For example, configuring the\\nminimum TLS version or supported cipher suites.\\n\\n\\nA set of common keys MAY be defined by the API in the future. To avoid\\nany ambiguity, implementation-specific definitions MUST use\\ndomain-prefixed names, such as `example.com/my-custom-option`.\\nUn-prefixed names are reserved for key names defined by Gateway API.\\n\\n\\nSupport: Implementation-specific"', args=[d.arg(name='options', type=d.T.object)]), + withOptions(options): { tls+: { options: options } }, + '#withOptionsMixin':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS\\nconfiguration for each implementation. For example, configuring the\\nminimum TLS version or supported cipher suites.\\n\\n\\nA set of common keys MAY be defined by the API in the future. To avoid\\nany ambiguity, implementation-specific definitions MUST use\\ndomain-prefixed names, such as `example.com/my-custom-option`.\\nUn-prefixed names are reserved for key names defined by Gateway API.\\n\\n\\nSupport: Implementation-specific"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='options', type=d.T.object)]), + withOptionsMixin(options): { tls+: { options+: options } }, + }, + '#withHostname':: d.fn(help="\"Hostname specifies the virtual hostname to match for protocol types that\\ndefine this concept. When unspecified, all hostnames are matched. This\\nfield is ignored for protocols that don't require hostname based\\nmatching.\\n\\n\\nImplementations MUST apply Hostname matching appropriately for each of\\nthe following protocols:\\n\\n\\n* TLS: The Listener Hostname MUST match the SNI.\\n* HTTP: The Listener Hostname MUST match the Host header of the request.\\n* HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP\\n protocol layers as described above. If an implementation does not\\n ensure that both the SNI and Host header match the Listener hostname,\\n it MUST clearly document that.\\n\\n\\nFor HTTPRoute and TLSRoute resources, there is an interaction with the\\n`spec.hostnames` array. When both listener and route specify hostnames,\\nthere MUST be an intersection between the values for a Route to be\\naccepted. For more information, refer to the Route specific Hostnames\\ndocumentation.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nSupport: Core\"", args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { hostname: hostname }, + '#withName':: d.fn(help='"Name is the name of the Listener. This name MUST be unique within a\\nGateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withPort':: d.fn(help='"Port is the network port. Multiple listeners may use the\\nsame port, subject to the Listener compatibility rules.\\n\\n\\nSupport: Core"', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withProtocol':: d.fn(help='"Protocol specifies the network protocol this listener expects to receive.\\n\\n\\nSupport: Core"', args=[d.arg(name='protocol', type=d.T.string)]), + withProtocol(protocol): { protocol: protocol }, + }, + '#withAddresses':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can\\ndepend on the implementation. If a value is set in the spec and the\\nrequested address is invalid or unavailable, the implementation MUST\\nindicate this in the associated entry in GatewayStatus.Addresses.\\n\\n\\nThe Addresses field represents a request for the address(es) on the\\n\\"outside of the Gateway\\", that traffic bound for this Gateway will use.\\nThis could be the IP address or hostname of an external load balancer or\\nother networking infrastructure, or some other address that traffic will\\nbe sent to.\\n\\n\\nIf no Addresses are specified, the implementation MAY schedule the\\nGateway in an implementation-specific manner, assigning an appropriate\\nset of Addresses.\\n\\n\\nThe implementation MUST bind all Listeners to every GatewayAddress that\\nit assigns to the Gateway and add a corresponding entry in\\nGatewayStatus.Addresses.\\n\\n\\nSupport: Extended\\n\\n\\n"', args=[d.arg(name='addresses', type=d.T.array)]), + withAddresses(addresses): { spec+: { addresses: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withAddressesMixin':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can\\ndepend on the implementation. If a value is set in the spec and the\\nrequested address is invalid or unavailable, the implementation MUST\\nindicate this in the associated entry in GatewayStatus.Addresses.\\n\\n\\nThe Addresses field represents a request for the address(es) on the\\n\\"outside of the Gateway\\", that traffic bound for this Gateway will use.\\nThis could be the IP address or hostname of an external load balancer or\\nother networking infrastructure, or some other address that traffic will\\nbe sent to.\\n\\n\\nIf no Addresses are specified, the implementation MAY schedule the\\nGateway in an implementation-specific manner, assigning an appropriate\\nset of Addresses.\\n\\n\\nThe implementation MUST bind all Listeners to every GatewayAddress that\\nit assigns to the Gateway and add a corresponding entry in\\nGatewayStatus.Addresses.\\n\\n\\nSupport: Extended\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='addresses', type=d.T.array)]), + withAddressesMixin(addresses): { spec+: { addresses+: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withGatewayClassName':: d.fn(help='"GatewayClassName used for this Gateway. This is the name of a\\nGatewayClass resource."', args=[d.arg(name='gatewayClassName', type=d.T.string)]), + withGatewayClassName(gatewayClassName): { spec+: { gatewayClassName: gatewayClassName } }, + '#withListeners':: d.fn(help="\"Listeners associated with this Gateway. Listeners define\\nlogical endpoints that are bound on this Gateway's addresses.\\nAt least one Listener MUST be specified.\\n\\n\\nEach Listener in a set of Listeners (for example, in a single Gateway)\\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\\nexactly one listener. (This section uses \\\"set of Listeners\\\" rather than\\n\\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration\\nfrom multiple Gateways onto a single data plane, and these rules _also_\\napply in that case).\\n\\n\\nPractically, this means that each listener in a set MUST have a unique\\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\\n\\n\\nSome combinations of port, protocol, and TLS settings are considered\\nCore support and MUST be supported by implementations based on their\\ntargeted conformance profile:\\n\\n\\nHTTP Profile\\n\\n\\n1. HTTPRoute, Port: 80, Protocol: HTTP\\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\\n\\n\\nTLS Profile\\n\\n\\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\\n\\n\\n\\\"Distinct\\\" Listeners have the following property:\\n\\n\\nThe implementation can match inbound requests to a single distinct\\nListener. When multiple Listeners share values for fields (for\\nexample, two Listeners with the same Port value), the implementation\\ncan match requests to only one of the Listeners using other\\nListener fields.\\n\\n\\nFor example, the following Listener scenarios are distinct:\\n\\n\\n1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\"\\n Protocol that all have unique Hostname values.\\n2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or\\n \\\"TLS\\\" Protocol that all have unique Hostname values.\\n3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener\\n with the same Protocol has the same Port value.\\n\\n\\nSome fields in the Listener struct have possible values that affect\\nwhether the Listener is distinct. Hostname is particularly relevant\\nfor HTTP or HTTPS protocols.\\n\\n\\nWhen using the Hostname value to select between same-Port, same-Protocol\\nListeners, the Hostname value must be different on each Listener for the\\nListener to be distinct.\\n\\n\\nWhen the Listeners are distinct based on Hostname, inbound request\\nhostnames MUST match from the most specific to least specific Hostname\\nvalues to choose the correct Listener and its associated set of Routes.\\n\\n\\nExact matches must be processed before wildcard matches, and wildcard\\nmatches must be processed before fallback (empty Hostname value)\\nmatches. For example, `\\\"foo.example.com\\\"` takes precedence over\\n`\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`.\\n\\n\\nAdditionally, if there are multiple wildcard entries, more specific\\nwildcard entries must be processed before less specific wildcard entries.\\nFor example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`.\\nThe precise definition here is that the higher the number of dots in the\\nhostname to the right of the wildcard character, the higher the precedence.\\n\\n\\nThe wildcard character will match any number of characters _and dots_ to\\nthe left, however, so `\\\"*.example.com\\\"` will match both\\n`\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`.\\n\\n\\nIf a set of Listeners contains Listeners that are not distinct, then those\\nListeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\"\\ncondition in the Listener Status to \\\"True\\\".\\n\\n\\nImplementations MAY choose to accept a Gateway with some Conflicted\\nListeners only if they only accept the partial Listener set that contains\\nno Conflicted Listeners. To put this another way, implementations may\\naccept a partial Listener set only if they throw out *all* the conflicting\\nListeners. No picking one of the conflicting listeners as the winner.\\nThis also means that the Gateway must have at least one non-conflicting\\nListener in this case, otherwise it violates the requirement that at\\nleast one Listener must be present.\\n\\n\\nThe implementation MUST set a \\\"ListenersNotValid\\\" condition on the\\nGateway Status when the Gateway contains Conflicted Listeners whether or\\nnot they accept the Gateway. That Condition SHOULD clearly\\nindicate in the Message which Listeners are conflicted, and which are\\nAccepted. Additionally, the Listener status for those listeners SHOULD\\nindicate which Listeners are conflicted and not Accepted.\\n\\n\\nA Gateway's Listeners are considered \\\"compatible\\\" if:\\n\\n\\n1. They are distinct.\\n2. The implementation can serve them in compliance with the Addresses\\n requirement that all Listeners are available on all assigned\\n addresses.\\n\\n\\nCompatible combinations in Extended support are expected to vary across\\nimplementations. A combination that is compatible for one implementation\\nmay not be compatible for another.\\n\\n\\nFor example, an implementation that cannot serve both TCP and UDP listeners\\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\\nwould not consider those cases compatible, even though they are distinct.\\n\\n\\nNote that requests SHOULD match at most one Listener. For example, if\\nListeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a\\nrequest to \\\"foo.example.com\\\" SHOULD only be routed using routes attached\\nto the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener).\\nThis concept is known as \\\"Listener Isolation\\\". Implementations that do\\nnot support Listener Isolation MUST clearly document this.\\n\\n\\nImplementations MAY merge separate Gateways onto a single set of\\nAddresses if all Listeners across all Gateways are compatible.\\n\\n\\nSupport: Core\"", args=[d.arg(name='listeners', type=d.T.array)]), + withListeners(listeners): { spec+: { listeners: if std.isArray(v=listeners) then listeners else [listeners] } }, + '#withListenersMixin':: d.fn(help="\"Listeners associated with this Gateway. Listeners define\\nlogical endpoints that are bound on this Gateway's addresses.\\nAt least one Listener MUST be specified.\\n\\n\\nEach Listener in a set of Listeners (for example, in a single Gateway)\\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\\nexactly one listener. (This section uses \\\"set of Listeners\\\" rather than\\n\\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration\\nfrom multiple Gateways onto a single data plane, and these rules _also_\\napply in that case).\\n\\n\\nPractically, this means that each listener in a set MUST have a unique\\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\\n\\n\\nSome combinations of port, protocol, and TLS settings are considered\\nCore support and MUST be supported by implementations based on their\\ntargeted conformance profile:\\n\\n\\nHTTP Profile\\n\\n\\n1. HTTPRoute, Port: 80, Protocol: HTTP\\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\\n\\n\\nTLS Profile\\n\\n\\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\\n\\n\\n\\\"Distinct\\\" Listeners have the following property:\\n\\n\\nThe implementation can match inbound requests to a single distinct\\nListener. When multiple Listeners share values for fields (for\\nexample, two Listeners with the same Port value), the implementation\\ncan match requests to only one of the Listeners using other\\nListener fields.\\n\\n\\nFor example, the following Listener scenarios are distinct:\\n\\n\\n1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\"\\n Protocol that all have unique Hostname values.\\n2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or\\n \\\"TLS\\\" Protocol that all have unique Hostname values.\\n3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener\\n with the same Protocol has the same Port value.\\n\\n\\nSome fields in the Listener struct have possible values that affect\\nwhether the Listener is distinct. Hostname is particularly relevant\\nfor HTTP or HTTPS protocols.\\n\\n\\nWhen using the Hostname value to select between same-Port, same-Protocol\\nListeners, the Hostname value must be different on each Listener for the\\nListener to be distinct.\\n\\n\\nWhen the Listeners are distinct based on Hostname, inbound request\\nhostnames MUST match from the most specific to least specific Hostname\\nvalues to choose the correct Listener and its associated set of Routes.\\n\\n\\nExact matches must be processed before wildcard matches, and wildcard\\nmatches must be processed before fallback (empty Hostname value)\\nmatches. For example, `\\\"foo.example.com\\\"` takes precedence over\\n`\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`.\\n\\n\\nAdditionally, if there are multiple wildcard entries, more specific\\nwildcard entries must be processed before less specific wildcard entries.\\nFor example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`.\\nThe precise definition here is that the higher the number of dots in the\\nhostname to the right of the wildcard character, the higher the precedence.\\n\\n\\nThe wildcard character will match any number of characters _and dots_ to\\nthe left, however, so `\\\"*.example.com\\\"` will match both\\n`\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`.\\n\\n\\nIf a set of Listeners contains Listeners that are not distinct, then those\\nListeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\"\\ncondition in the Listener Status to \\\"True\\\".\\n\\n\\nImplementations MAY choose to accept a Gateway with some Conflicted\\nListeners only if they only accept the partial Listener set that contains\\nno Conflicted Listeners. To put this another way, implementations may\\naccept a partial Listener set only if they throw out *all* the conflicting\\nListeners. No picking one of the conflicting listeners as the winner.\\nThis also means that the Gateway must have at least one non-conflicting\\nListener in this case, otherwise it violates the requirement that at\\nleast one Listener must be present.\\n\\n\\nThe implementation MUST set a \\\"ListenersNotValid\\\" condition on the\\nGateway Status when the Gateway contains Conflicted Listeners whether or\\nnot they accept the Gateway. That Condition SHOULD clearly\\nindicate in the Message which Listeners are conflicted, and which are\\nAccepted. Additionally, the Listener status for those listeners SHOULD\\nindicate which Listeners are conflicted and not Accepted.\\n\\n\\nA Gateway's Listeners are considered \\\"compatible\\\" if:\\n\\n\\n1. They are distinct.\\n2. The implementation can serve them in compliance with the Addresses\\n requirement that all Listeners are available on all assigned\\n addresses.\\n\\n\\nCompatible combinations in Extended support are expected to vary across\\nimplementations. A combination that is compatible for one implementation\\nmay not be compatible for another.\\n\\n\\nFor example, an implementation that cannot serve both TCP and UDP listeners\\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\\nwould not consider those cases compatible, even though they are distinct.\\n\\n\\nNote that requests SHOULD match at most one Listener. For example, if\\nListeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a\\nrequest to \\\"foo.example.com\\\" SHOULD only be routed using routes attached\\nto the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener).\\nThis concept is known as \\\"Listener Isolation\\\". Implementations that do\\nnot support Listener Isolation MUST clearly document this.\\n\\n\\nImplementations MAY merge separate Gateways onto a single set of\\nAddresses if all Listeners across all Gateways are compatible.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='listeners', type=d.T.array)]), + withListenersMixin(listeners): { spec+: { listeners+: if std.isArray(v=listeners) then listeners else [listeners] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet b/1.1-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet new file mode 100644 index 0000000..19a38e0 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1beta1/gatewayClass.libsonnet @@ -0,0 +1,72 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gatewayClass', url='', help='"GatewayClass describes a class of Gateways available to the user for creating\\nGateway resources.\\n\\n\\nIt is recommended that this resource be used as a template for Gateways. This\\nmeans that a Gateway is based on the state of the GatewayClass at the time it\\nwas created and changes to the GatewayClass or associated parameters are not\\npropagated down to existing Gateways. This recommendation is intended to\\nlimit the blast radius of changes to GatewayClass or associated parameters.\\nIf implementations choose to propagate GatewayClass changes to existing\\nGateways, that MUST be clearly documented by the implementation.\\n\\n\\nWhenever one or more Gateways are using a GatewayClass, implementations SHOULD\\nadd the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the\\nassociated GatewayClass. This ensures that a GatewayClass associated with a\\nGateway is not deleted while in use.\\n\\n\\nGatewayClass is a Cluster level resource."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GatewayClass', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'GatewayClass', + } + self.metadata.withName(name=name) + self.metadata.withAnnotations(annotations={ + 'tanka.dev/namespaced': 'false', + }), + '#spec':: d.obj(help='"Spec defines the desired state of GatewayClass."'), + spec: { + '#parametersRef':: d.obj(help="\"ParametersRef is a reference to a resource that contains the configuration\\nparameters corresponding to the GatewayClass. This is optional if the\\ncontroller does not require any additional configuration.\\n\\n\\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\\nor an implementation-specific custom resource. The resource can be\\ncluster-scoped or namespace-scoped.\\n\\n\\nIf the referent cannot be found, the GatewayClass's \\\"InvalidParameters\\\"\\nstatus condition will be true.\\n\\n\\nA Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,\\nthe merging behavior is implementation specific.\\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\\n\\n\\nSupport: Implementation-specific\""), + parametersRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { spec+: { parametersRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is kind of the referent."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { spec+: { parametersRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { parametersRef+: { name: name } } }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent.\\nThis field is required when referring to a Namespace-scoped resource and\\nMUST be unset when referring to a Cluster-scoped resource."', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { parametersRef+: { namespace: namespace } } }, + }, + '#withControllerName':: d.fn(help='"ControllerName is the name of the controller that is managing Gateways of\\nthis class. The value of this field MUST be a domain prefixed path.\\n\\n\\nExample: \\"example.net/gateway-controller\\".\\n\\n\\nThis field is not mutable and cannot be empty.\\n\\n\\nSupport: Core"', args=[d.arg(name='controllerName', type=d.T.string)]), + withControllerName(controllerName): { spec+: { controllerName: controllerName } }, + '#withDescription':: d.fn(help='"Description helps describe a GatewayClass with more details."', args=[d.arg(name='description', type=d.T.string)]), + withDescription(description): { spec+: { description: description } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet b/1.1-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet new file mode 100644 index 0000000..858eaa2 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1beta1/httpRoute.libsonnet @@ -0,0 +1,421 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='httpRoute', url='', help='"HTTPRoute provides a way to route HTTP requests. This includes the capability\\nto match requests by hostname, path, header, or query param. Filters can be\\nused to specify additional processing steps. Backends specify where matching\\nrequests should be routed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of HTTPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'HTTPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of HTTPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen unspecified, \\"gateway.networking.k8s.io\\" is inferred.\\nTo set the core API group (such as for a \\"Service\\" kind referent),\\nGroup must be explicitly set to \\"\\" (empty string).\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nSupport for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers\\nto the local namespace of the Route.\\n\\n\\nNote that there are specific rules for ParentRefs which cross namespace\\nboundaries. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example:\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable any other kind of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted\\ndifferently based on the type of parent resource.\\n\\n\\nWhen the parent resource is a Gateway, this targets all listeners\\nlistening on the specified port that also support this kind of Route(and\\nselect this Route). It's not recommended to set `Port` unless the\\nnetworking behaviors specified in a Route must apply to a specific port\\nas opposed to a listener(s) whose port(s) may be changed. When both Port\\nand SectionName are specified, the name and port of the selected listener\\nmust match both specified values.\\n\\n\\n\\nWhen the parent resource is a Service, this targets a specific port in the\\nService spec. When both Port (experimental) and SectionName are specified,\\nthe name and port of the selected port must match both specified values.\\n\\n\\n\\nImplementations MAY choose to support other parent resources.\\nImplementations supporting other types of parent resources MUST clearly\\ndocument how/if Port is interpreted.\\n\\n\\nFor the purpose of status, an attachment is considered successful as\\nlong as the parent resource accepts it partially. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\\nfrom the referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route,\\nthe Route MUST be considered detached from the Gateway.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the\\nfollowing resources, SectionName is interpreted as the following:\\n\\n\\n* Gateway: Listener name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n* Service: Port name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n\\n\\nImplementations MAY choose to support attaching Routes to other resources.\\nIf that is the case, they MUST clearly document how SectionName is\\ninterpreted.\\n\\n\\nWhen unspecified (empty string), this will reference the entire resource.\\nFor the purpose of status, an attachment is considered successful if at\\nleast one section in the parent resource accepts it. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\\nthe referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route, the\\nRoute MUST be considered detached from the Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of HTTP matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive a 500 status code.\\n\\n\\nSee the HTTPBackendRef definition for the rules about what makes a single\\nHTTPBackendRef invalid.\\n\\n\\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive a 500 status code.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic must receive a 500. Implementations may\\nchoose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level should be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in HTTPRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nThis filter can be used multiple times within the same rule.\\n\\n\\nSupport: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the\\nrequest with an HTTP redirection.\\n\\n\\nSupport: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request.\\nThe modified path is then used to construct the `Location` header. When\\nempty, the request path is used as-is.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location`\\nheader in the response.\\nWhen empty, the hostname in the `Host` header of the request is used.\\n\\n\\nSupport: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location`\\nheader in the response.\\n\\n\\nIf no port is specified, the redirect port MUST be derived using the\\nfollowing rules:\\n\\n\\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\\n port associated with the redirect scheme. Specifically \\\"http\\\" to port 80\\n and \\\"https\\\" to port 443. If the redirect scheme does not have a\\n well-known port, the listener port of the Gateway SHOULD be used.\\n* If redirect scheme is empty, the redirect port MUST be the Gateway\\n Listener port.\\n\\n\\nImplementations SHOULD NOT add the port number in the 'Location'\\nheader in the following cases:\\n\\n\\n* A Location header that will use HTTP (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 80.\\n* A Location header that will use HTTPS (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 443.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in\\nthe response. When empty, the scheme of the request is used.\\n\\n\\nScheme redirects can affect the port of the redirect, for more information,\\nrefer to the documentation for the port field of this filter.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding.\\n\\n\\nSupport: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during\\nforwarding.\\n\\n\\nSupport: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations must support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by\\n specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` should be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level should be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in HTTPRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level should be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in HTTPRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced\\nbackend. This is computed as weight/(sum of all weights in this\\nBackendRefs list). For non-zero values, there may be some epsilon from\\nthe exact proportion defined here depending on the precision an\\nimplementation supports. Weight is not a percentage and the sum of\\nweights does not need to equal 100.\\n\\n\\nIf only one backend is specified and it has a weight greater than 0, 100%\\nof the traffic is forwarded to that backend. If weight is set to 0, no\\ntraffic should be forwarded for this entry. If unspecified, weight\\ndefaults to 1.\\n\\n\\nSupport for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nWherever possible, implementations SHOULD implement filters in the order\\nthey are specified.\\n\\n\\nImplementations MAY choose to implement this ordering strictly, rejecting\\nany combination or order of filters that can not be supported. If implementations\\nchoose a strict interpretation of filter ordering, they MUST clearly document\\nthat behavior.\\n\\n\\nTo reject an invalid combination or order of filters, implementations SHOULD\\nconsider the Route Rules with this configuration invalid. If all Route Rules\\nin a Route are invalid, the entire Route would be considered invalid. If only\\na portion of Route Rules are invalid, implementations MUST set the\\n\\"PartiallyInvalid\\" condition for the Route.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nAll filters are expected to be compatible with each other except for the\\nURLRewrite and RequestRedirect filters, which may not be combined. If an\\nimplementation can not support other combinations of filters, they must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nThis filter can be used multiple times within the same rule.\\n\\n\\nSupport: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the\\nrequest with an HTTP redirection.\\n\\n\\nSupport: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request.\\nThe modified path is then used to construct the `Location` header. When\\nempty, the request path is used as-is.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location`\\nheader in the response.\\nWhen empty, the hostname in the `Host` header of the request is used.\\n\\n\\nSupport: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location`\\nheader in the response.\\n\\n\\nIf no port is specified, the redirect port MUST be derived using the\\nfollowing rules:\\n\\n\\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\\n port associated with the redirect scheme. Specifically \\\"http\\\" to port 80\\n and \\\"https\\\" to port 443. If the redirect scheme does not have a\\n well-known port, the listener port of the Gateway SHOULD be used.\\n* If redirect scheme is empty, the redirect port MUST be the Gateway\\n Listener port.\\n\\n\\nImplementations SHOULD NOT add the port number in the 'Location'\\nheader in the following cases:\\n\\n\\n* A Location header that will use HTTP (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 80.\\n* A Location header that will use HTTPS (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 443.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in\\nthe response. When empty, the scheme of the request is used.\\n\\n\\nScheme redirects can affect the port of the redirect, for more information,\\nrefer to the documentation for the port field of this filter.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding.\\n\\n\\nSupport: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during\\nforwarding.\\n\\n\\nSupport: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations must support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by\\n specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` should be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming\\nHTTP requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- path:\\n value: \\"/foo\\"\\n headers:\\n - name: \\"version\\"\\n value: \\"v2\\"\\n- path:\\n value: \\"/v2/foo\\"\\n```\\n\\n\\nFor a request to match against this rule, a request must satisfy\\nEITHER of the two conditions:\\n\\n\\n- path prefixed with `/foo` AND contains the header `version: v2`\\n- path prefix of `/v2/foo`\\n\\n\\nSee the documentation for HTTPRouteMatch on how to specify multiple\\nmatch conditions that should be ANDed together.\\n\\n\\nIf no matches are specified, the default is a prefix\\npath match on \\"/\\", which has the effect of matching every\\nHTTP request.\\n\\n\\nProxy or Load Balancer routing configuration generated from HTTPRoutes\\nMUST prioritize matches based on the following criteria, continuing on\\nties. Across all rules specified on applicable Routes, precedence must be\\ngiven to the match having:\\n\\n\\n* \\"Exact\\" path match.\\n* \\"Prefix\\" path match with largest number of characters.\\n* Method match.\\n* Largest number of header matches.\\n* Largest number of query param matches.\\n\\n\\nNote: The precedence of RegularExpression path matches are implementation-specific.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\\nto the FIRST matching rule (in list order) with a match meeting the above\\ncriteria.\\n\\n\\nWhen no rules matching a request have been successfully attached to the\\nparent a request is coming from, a HTTP 404 status code MUST be returned."'), + matches: { + '#headers':: d.obj(help='"Headers specifies HTTP request header matchers. Multiple match values are\\nANDed together, meaning, a request must match all the specified headers\\nto select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, only the first\\nentry with an equivalent name MUST be considered for a match. Subsequent\\nentries with an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent.\\n\\n\\nWhen a header is repeated in an HTTP request, it is\\nimplementation-specific behavior as to how this is represented.\\nGenerally, proxies should follow the guidance from the RFC:\\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\\nprocessing a repeated header, with special handling for \\"Set-Cookie\\"."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the header.\\n\\n\\nSupport: Core (Exact)\\n\\n\\nSupport: Implementation-specific (RegularExpression)\\n\\n\\nSince RegularExpression HeaderMatchType has implementation-specific\\nconformance, implementations can support POSIX, PCRE or any other dialects\\nof regular expressions. Please read the implementation's documentation to\\ndetermine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#path':: d.obj(help='"Path specifies a HTTP request path matcher. If this field is not\\nspecified, a default prefix match on the \\"/\\" path is provided."'), + path: { + '#withType':: d.fn(help='"Type specifies how to match against the path Value.\\n\\n\\nSupport: Core (Exact, PathPrefix)\\n\\n\\nSupport: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { path+: { type: type } }, + '#withValue':: d.fn(help='"Value of the HTTP path to match against."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { path+: { value: value } }, + }, + '#queryParams':: d.obj(help='"QueryParams specifies HTTP query parameter matchers. Multiple match\\nvalues are ANDed together, meaning, a request must match all the\\nspecified query parameters to select the route.\\n\\n\\nSupport: Extended"'), + queryParams: { + '#withName':: d.fn(help='"Name is the name of the HTTP query param to be matched. This must be an\\nexact string match. (See\\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\\n\\n\\nIf multiple entries specify equivalent query param names, only the first\\nentry with an equivalent name MUST be considered for a match. Subsequent\\nentries with an equivalent query param name MUST be ignored.\\n\\n\\nIf a query param is repeated in an HTTP request, the behavior is\\npurposely left undefined, since different data planes have different\\ncapabilities. However, it is *recommended* that implementations should\\nmatch against the first value of the param if the data plane supports it,\\nas this behavior is expected in other load balancing contexts outside of\\nthe Gateway API.\\n\\n\\nUsers SHOULD NOT route traffic based on repeated query params to guard\\nthemselves against potential differences in the implementations."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the query parameter.\\n\\n\\nSupport: Extended (Exact)\\n\\n\\nSupport: Implementation-specific (RegularExpression)\\n\\n\\nSince RegularExpression QueryParamMatchType has Implementation-specific\\nconformance, implementations can support POSIX, PCRE or any other\\ndialects of regular expressions. Please read the implementation's\\ndocumentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP query param to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withHeaders':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are\\nANDed together, meaning, a request must match all the specified headers\\nto select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are\\nANDed together, meaning, a request must match all the specified headers\\nto select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + '#withMethod':: d.fn(help='"Method specifies HTTP method matcher.\\nWhen specified, this route will be matched only if the request has the\\nspecified method.\\n\\n\\nSupport: Extended"', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method: method }, + '#withQueryParams':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match\\nvalues are ANDed together, meaning, a request must match all the\\nspecified query parameters to select the route.\\n\\n\\nSupport: Extended"', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParams(queryParams): { queryParams: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + '#withQueryParamsMixin':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match\\nvalues are ANDed together, meaning, a request must match all the\\nspecified query parameters to select the route.\\n\\n\\nSupport: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParamsMixin(queryParams): { queryParams+: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + }, + '#sessionPersistence':: d.obj(help='"SessionPersistence defines and configures session persistence\\nfor the route rule.\\n\\n\\nSupport: Extended\\n\\n\\n"'), + sessionPersistence: { + '#cookieConfig':: d.obj(help='"CookieConfig provides configuration settings that are specific\\nto cookie-based session persistence.\\n\\n\\nSupport: Core"'), + cookieConfig: { + '#withLifetimeType':: d.fn(help="\"LifetimeType specifies whether the cookie has a permanent or\\nsession-based lifetime. A permanent cookie persists until its\\nspecified expiry time, defined by the Expires or Max-Age cookie\\nattributes, while a session cookie is deleted when the current\\nsession ends.\\n\\n\\nWhen set to \\\"Permanent\\\", AbsoluteTimeout indicates the\\ncookie's lifetime via the Expires or Max-Age cookie attributes\\nand is required.\\n\\n\\nWhen set to \\\"Session\\\", AbsoluteTimeout indicates the\\nabsolute lifetime of the cookie tracked by the gateway and\\nis optional.\\n\\n\\nSupport: Core for \\\"Session\\\" type\\n\\n\\nSupport: Extended for \\\"Permanent\\\" type\"", args=[d.arg(name='lifetimeType', type=d.T.string)]), + withLifetimeType(lifetimeType): { sessionPersistence+: { cookieConfig+: { lifetimeType: lifetimeType } } }, + }, + '#withAbsoluteTimeout':: d.fn(help='"AbsoluteTimeout defines the absolute timeout of the persistent\\nsession. Once the AbsoluteTimeout duration has elapsed, the\\nsession becomes invalid.\\n\\n\\nSupport: Extended"', args=[d.arg(name='absoluteTimeout', type=d.T.string)]), + withAbsoluteTimeout(absoluteTimeout): { sessionPersistence+: { absoluteTimeout: absoluteTimeout } }, + '#withIdleTimeout':: d.fn(help='"IdleTimeout defines the idle timeout of the persistent session.\\nOnce the session has been idle for more than the specified\\nIdleTimeout duration, the session becomes invalid.\\n\\n\\nSupport: Extended"', args=[d.arg(name='idleTimeout', type=d.T.string)]), + withIdleTimeout(idleTimeout): { sessionPersistence+: { idleTimeout: idleTimeout } }, + '#withSessionName':: d.fn(help='"SessionName defines the name of the persistent session token\\nwhich may be reflected in the cookie or the header. Users\\nshould avoid reusing session names to prevent unintended\\nconsequences, such as rejection or unpredictable behavior.\\n\\n\\nSupport: Implementation-specific"', args=[d.arg(name='sessionName', type=d.T.string)]), + withSessionName(sessionName): { sessionPersistence+: { sessionName: sessionName } }, + '#withType':: d.fn(help='"Type defines the type of session persistence such as through\\nthe use a header or cookie. Defaults to cookie based session\\npersistence.\\n\\n\\nSupport: Core for \\"Cookie\\" type\\n\\n\\nSupport: Extended for \\"Header\\" type"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { sessionPersistence+: { type: type } }, + }, + '#timeouts':: d.obj(help='"Timeouts defines the timeouts that can be configured for an HTTP request.\\n\\n\\nSupport: Extended\\n\\n\\n"'), + timeouts: { + '#withBackendRequest':: d.fn(help='"BackendRequest specifies a timeout for an individual request from the gateway\\nto a backend. This covers the time from when the request first starts being\\nsent from the gateway to when the full response has been received from the backend.\\n\\n\\nSetting a timeout to the zero duration (e.g. \\"0s\\") SHOULD disable the timeout\\ncompletely. Implementations that cannot completely disable the timeout MUST\\ninstead interpret the zero duration as the longest possible value to which\\nthe timeout can be set.\\n\\n\\nAn entire client HTTP transaction with a gateway, covered by the Request timeout,\\nmay result in more than one call from the gateway to the destination backend,\\nfor example, if automatic retries are supported.\\n\\n\\nBecause the Request timeout encompasses the BackendRequest timeout, the value of\\nBackendRequest must be <= the value of Request timeout.\\n\\n\\nSupport: Extended"', args=[d.arg(name='backendRequest', type=d.T.string)]), + withBackendRequest(backendRequest): { timeouts+: { backendRequest: backendRequest } }, + '#withRequest':: d.fn(help='"Request specifies the maximum duration for a gateway to respond to an HTTP request.\\nIf the gateway has not been able to respond before this deadline is met, the gateway\\nMUST return a timeout error.\\n\\n\\nFor example, setting the `rules.timeouts.request` field to the value `10s` in an\\n`HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds\\nto complete.\\n\\n\\nSetting a timeout to the zero duration (e.g. \\"0s\\") SHOULD disable the timeout\\ncompletely. Implementations that cannot completely disable the timeout MUST\\ninstead interpret the zero duration as the longest possible value to which\\nthe timeout can be set.\\n\\n\\nThis timeout is intended to cover as close to the whole request-response transaction\\nas possible although an implementation MAY choose to start the timeout after the entire\\nrequest stream has been received instead of immediately after the transaction is\\ninitiated by the client.\\n\\n\\nWhen this field is unspecified, request timeout behavior is implementation-specific.\\n\\n\\nSupport: Extended"', args=[d.arg(name='request', type=d.T.string)]), + withRequest(request): { timeouts+: { request: request } }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive a 500 status code.\\n\\n\\nSee the HTTPBackendRef definition for the rules about what makes a single\\nHTTPBackendRef invalid.\\n\\n\\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive a 500 status code.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic must receive a 500. Implementations may\\nchoose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive a 500 status code.\\n\\n\\nSee the HTTPBackendRef definition for the rules about what makes a single\\nHTTPBackendRef invalid.\\n\\n\\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive a 500 status code.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic must receive a 500. Implementations may\\nchoose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nWherever possible, implementations SHOULD implement filters in the order\\nthey are specified.\\n\\n\\nImplementations MAY choose to implement this ordering strictly, rejecting\\nany combination or order of filters that can not be supported. If implementations\\nchoose a strict interpretation of filter ordering, they MUST clearly document\\nthat behavior.\\n\\n\\nTo reject an invalid combination or order of filters, implementations SHOULD\\nconsider the Route Rules with this configuration invalid. If all Route Rules\\nin a Route are invalid, the entire Route would be considered invalid. If only\\na portion of Route Rules are invalid, implementations MUST set the\\n\\"PartiallyInvalid\\" condition for the Route.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nAll filters are expected to be compatible with each other except for the\\nURLRewrite and RequestRedirect filters, which may not be combined. If an\\nimplementation can not support other combinations of filters, they must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nWherever possible, implementations SHOULD implement filters in the order\\nthey are specified.\\n\\n\\nImplementations MAY choose to implement this ordering strictly, rejecting\\nany combination or order of filters that can not be supported. If implementations\\nchoose a strict interpretation of filter ordering, they MUST clearly document\\nthat behavior.\\n\\n\\nTo reject an invalid combination or order of filters, implementations SHOULD\\nconsider the Route Rules with this configuration invalid. If all Route Rules\\nin a Route are invalid, the entire Route would be considered invalid. If only\\na portion of Route Rules are invalid, implementations MUST set the\\n\\"PartiallyInvalid\\" condition for the Route.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nAll filters are expected to be compatible with each other except for the\\nURLRewrite and RequestRedirect filters, which may not be combined. If an\\nimplementation can not support other combinations of filters, they must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\nHTTP requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- path:\\n value: \\"/foo\\"\\n headers:\\n - name: \\"version\\"\\n value: \\"v2\\"\\n- path:\\n value: \\"/v2/foo\\"\\n```\\n\\n\\nFor a request to match against this rule, a request must satisfy\\nEITHER of the two conditions:\\n\\n\\n- path prefixed with `/foo` AND contains the header `version: v2`\\n- path prefix of `/v2/foo`\\n\\n\\nSee the documentation for HTTPRouteMatch on how to specify multiple\\nmatch conditions that should be ANDed together.\\n\\n\\nIf no matches are specified, the default is a prefix\\npath match on \\"/\\", which has the effect of matching every\\nHTTP request.\\n\\n\\nProxy or Load Balancer routing configuration generated from HTTPRoutes\\nMUST prioritize matches based on the following criteria, continuing on\\nties. Across all rules specified on applicable Routes, precedence must be\\ngiven to the match having:\\n\\n\\n* \\"Exact\\" path match.\\n* \\"Prefix\\" path match with largest number of characters.\\n* Method match.\\n* Largest number of header matches.\\n* Largest number of query param matches.\\n\\n\\nNote: The precedence of RegularExpression path matches are implementation-specific.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\\nto the FIRST matching rule (in list order) with a match meeting the above\\ncriteria.\\n\\n\\nWhen no rules matching a request have been successfully attached to the\\nparent a request is coming from, a HTTP 404 status code MUST be returned."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\nHTTP requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- path:\\n value: \\"/foo\\"\\n headers:\\n - name: \\"version\\"\\n value: \\"v2\\"\\n- path:\\n value: \\"/v2/foo\\"\\n```\\n\\n\\nFor a request to match against this rule, a request must satisfy\\nEITHER of the two conditions:\\n\\n\\n- path prefixed with `/foo` AND contains the header `version: v2`\\n- path prefix of `/v2/foo`\\n\\n\\nSee the documentation for HTTPRouteMatch on how to specify multiple\\nmatch conditions that should be ANDed together.\\n\\n\\nIf no matches are specified, the default is a prefix\\npath match on \\"/\\", which has the effect of matching every\\nHTTP request.\\n\\n\\nProxy or Load Balancer routing configuration generated from HTTPRoutes\\nMUST prioritize matches based on the following criteria, continuing on\\nties. Across all rules specified on applicable Routes, precedence must be\\ngiven to the match having:\\n\\n\\n* \\"Exact\\" path match.\\n* \\"Prefix\\" path match with largest number of characters.\\n* Method match.\\n* Largest number of header matches.\\n* Largest number of query param matches.\\n\\n\\nNote: The precedence of RegularExpression path matches are implementation-specific.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\\nto the FIRST matching rule (in list order) with a match meeting the above\\ncriteria.\\n\\n\\nWhen no rules matching a request have been successfully attached to the\\nparent a request is coming from, a HTTP 404 status code MUST be returned."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host\\nheader to select a HTTPRoute used to process the request. Implementations\\nMUST ignore any port value specified in the HTTP Host header while\\nperforming a match and (absent of any applicable header modification\\nconfiguration) MUST forward this header unmodified to the backend.\\n\\n\\nValid values for Hostnames are determined by RFC 1123 definition of a\\nhostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label must appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and HTTPRoute, there\\nmust be at least one intersecting hostname for the HTTPRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\\n all match. On the other hand, `example.com` and `test.example.net` would\\n not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, any\\nHTTPRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nHTTPRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` must not be considered for a match.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, and none\\nmatch with the criteria above, then the HTTPRoute is not accepted. The\\nimplementation must raise an 'Accepted' Condition with a status of\\n`False` in the corresponding RouteParentStatus.\\n\\n\\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\\noverlapping wildcard matching and exact matching hostnames), precedence must\\nbe given to rules from the HTTPRoute with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n\\n\\nIf ties exist across multiple Routes, the matching precedence rules for\\nHTTPRouteMatches takes over.\\n\\n\\nSupport: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host\\nheader to select a HTTPRoute used to process the request. Implementations\\nMUST ignore any port value specified in the HTTP Host header while\\nperforming a match and (absent of any applicable header modification\\nconfiguration) MUST forward this header unmodified to the backend.\\n\\n\\nValid values for Hostnames are determined by RFC 1123 definition of a\\nhostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label must appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and HTTPRoute, there\\nmust be at least one intersecting hostname for the HTTPRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\\n all match. On the other hand, `example.com` and `test.example.net` would\\n not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, any\\nHTTPRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nHTTPRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` must not be considered for a match.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, and none\\nmatch with the criteria above, then the HTTPRoute is not accepted. The\\nimplementation must raise an 'Accepted' Condition with a status of\\n`False` in the corresponding RouteParentStatus.\\n\\n\\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\\noverlapping wildcard matching and exact matching hostnames), precedence must\\nbe given to rules from the HTTPRoute with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n\\n\\nIf ties exist across multiple Routes, the matching precedence rules for\\nHTTPRouteMatches takes over.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\nParentRefs from a Route to a Service in the same namespace are \\"producer\\"\\nroutes, which apply default routing rules to inbound connections from\\nany namespace to the Service.\\n\\n\\nParentRefs from a Route to a Service in a different namespace are\\n\\"consumer\\" routes, and these routing rules are only applied to outbound\\nconnections originating from the same namespace as the Route, for which\\nthe intended destination of the connections are a Service targeted as a\\nParentRef of the Route.\\n\\n\\n\\n\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/_gen/gateway/v1beta1/main.libsonnet b/1.1-experimental/_gen/gateway/v1beta1/main.libsonnet new file mode 100644 index 0000000..e6189e7 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1beta1/main.libsonnet @@ -0,0 +1,8 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1beta1', url='', help=''), + gateway: (import 'gateway.libsonnet'), + gatewayClass: (import 'gatewayClass.libsonnet'), + httpRoute: (import 'httpRoute.libsonnet'), + referenceGrant: (import 'referenceGrant.libsonnet'), +} diff --git a/1.1-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet b/1.1-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet new file mode 100644 index 0000000..4abba69 --- /dev/null +++ b/1.1-experimental/_gen/gateway/v1beta1/referenceGrant.libsonnet @@ -0,0 +1,81 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='referenceGrant', url='', help='"ReferenceGrant identifies kinds of resources in other namespaces that are\\ntrusted to reference the specified kinds of resources in the same namespace\\nas the policy.\\n\\n\\nEach ReferenceGrant can be used to represent a unique trust relationship.\\nAdditional Reference Grants can be used to add to the set of trusted\\nsources of inbound references for the namespace they are defined within.\\n\\n\\nAll cross-namespace references in Gateway API (with the exception of cross-namespace\\nGateway-route attachment) require a ReferenceGrant.\\n\\n\\nReferenceGrant is a form of runtime verification allowing users to assert\\nwhich cross-namespace object references are permitted. Implementations that\\nsupport ReferenceGrant MUST NOT permit cross-namespace references which have\\nno grant, and MUST respond to the removal of a grant by revoking the access\\nthat the grant allowed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of ReferenceGrant', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'ReferenceGrant', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of ReferenceGrant."'), + spec: { + '#from':: d.obj(help='"From describes the trusted namespaces and kinds that can reference the\\nresources described in \\"To\\". Each entry in this list MUST be considered\\nto be an additional place that references can be valid from, or to put\\nthis another way, entries MUST be combined using OR.\\n\\n\\nSupport: Core"'), + from: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen empty, the Kubernetes core API group is inferred.\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support\\nadditional resources, the following types are part of the \\"Core\\"\\nsupport level for this field.\\n\\n\\nWhen used to permit a SecretObjectReference:\\n\\n\\n* Gateway\\n\\n\\nWhen used to permit a BackendObjectReference:\\n\\n\\n* GRPCRoute\\n* HTTPRoute\\n* TCPRoute\\n* TLSRoute\\n* UDPRoute"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#to':: d.obj(help='"To describes the resources that may be referenced by the resources\\ndescribed in \\"From\\". Each entry in this list MUST be considered to be an\\nadditional place that references can be valid to, or to put this another\\nway, entries MUST be combined using OR.\\n\\n\\nSupport: Core"'), + to: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen empty, the Kubernetes core API group is inferred.\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support\\nadditional resources, the following types are part of the \\"Core\\"\\nsupport level for this field:\\n\\n\\n* Secret when used to permit a SecretObjectReference\\n* Service when used to permit a BackendObjectReference"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. When unspecified, this policy\\nrefers to all resources of the specified Group and Kind in the local\\nnamespace."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withFrom':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the\\nresources described in \\"To\\". Each entry in this list MUST be considered\\nto be an additional place that references can be valid from, or to put\\nthis another way, entries MUST be combined using OR.\\n\\n\\nSupport: Core"', args=[d.arg(name='from', type=d.T.array)]), + withFrom(from): { spec+: { from: if std.isArray(v=from) then from else [from] } }, + '#withFromMixin':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the\\nresources described in \\"To\\". Each entry in this list MUST be considered\\nto be an additional place that references can be valid from, or to put\\nthis another way, entries MUST be combined using OR.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='from', type=d.T.array)]), + withFromMixin(from): { spec+: { from+: if std.isArray(v=from) then from else [from] } }, + '#withTo':: d.fn(help='"To describes the resources that may be referenced by the resources\\ndescribed in \\"From\\". Each entry in this list MUST be considered to be an\\nadditional place that references can be valid to, or to put this another\\nway, entries MUST be combined using OR.\\n\\n\\nSupport: Core"', args=[d.arg(name='to', type=d.T.array)]), + withTo(to): { spec+: { to: if std.isArray(v=to) then to else [to] } }, + '#withToMixin':: d.fn(help='"To describes the resources that may be referenced by the resources\\ndescribed in \\"From\\". Each entry in this list MUST be considered to be an\\nadditional place that references can be valid to, or to put this another\\nway, entries MUST be combined using OR.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='to', type=d.T.array)]), + withToMixin(to): { spec+: { to+: if std.isArray(v=to) then to else [to] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1-experimental/gen.libsonnet b/1.1-experimental/gen.libsonnet new file mode 100644 index 0000000..9b94198 --- /dev/null +++ b/1.1-experimental/gen.libsonnet @@ -0,0 +1,5 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway-api', url='github.com/jsonnet-libs/gateway-api-libsonnet/1.1-experimental/main.libsonnet', help=''), + gateway:: (import '_gen/gateway/main.libsonnet'), +} diff --git a/1.1-experimental/main.libsonnet b/1.1-experimental/main.libsonnet new file mode 100644 index 0000000..f5597a5 --- /dev/null +++ b/1.1-experimental/main.libsonnet @@ -0,0 +1 @@ +(import 'gen.libsonnet') diff --git a/1.1/_gen/gateway/main.libsonnet b/1.1/_gen/gateway/main.libsonnet new file mode 100644 index 0000000..923565c --- /dev/null +++ b/1.1/_gen/gateway/main.libsonnet @@ -0,0 +1,7 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help=''), + v1: (import 'v1/main.libsonnet'), + v1alpha2: (import 'v1alpha2/main.libsonnet'), + v1beta1: (import 'v1beta1/main.libsonnet'), +} diff --git a/1.1/_gen/gateway/v1/gateway.libsonnet b/1.1/_gen/gateway/v1/gateway.libsonnet new file mode 100644 index 0000000..77da18b --- /dev/null +++ b/1.1/_gen/gateway/v1/gateway.libsonnet @@ -0,0 +1,148 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help='"Gateway represents an instance of a service-traffic handling infrastructure\\nby binding Listeners to a set of IP addresses."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of Gateway', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'Gateway', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of Gateway."'), + spec: { + '#addresses':: d.obj(help='"Addresses requested for this Gateway. This is optional and behavior can\\ndepend on the implementation. If a value is set in the spec and the\\nrequested address is invalid or unavailable, the implementation MUST\\nindicate this in the associated entry in GatewayStatus.Addresses.\\n\\n\\nThe Addresses field represents a request for the address(es) on the\\n\\"outside of the Gateway\\", that traffic bound for this Gateway will use.\\nThis could be the IP address or hostname of an external load balancer or\\nother networking infrastructure, or some other address that traffic will\\nbe sent to.\\n\\n\\nIf no Addresses are specified, the implementation MAY schedule the\\nGateway in an implementation-specific manner, assigning an appropriate\\nset of Addresses.\\n\\n\\nThe implementation MUST bind all Listeners to every GatewayAddress that\\nit assigns to the Gateway and add a corresponding entry in\\nGatewayStatus.Addresses.\\n\\n\\nSupport: Extended\\n\\n\\n"'), + addresses: { + '#withType':: d.fn(help='"Type of the address."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value of the address. The validity of the values will depend\\non the type and support by the controller.\\n\\n\\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#listeners':: d.obj(help="\"Listeners associated with this Gateway. Listeners define\\nlogical endpoints that are bound on this Gateway's addresses.\\nAt least one Listener MUST be specified.\\n\\n\\nEach Listener in a set of Listeners (for example, in a single Gateway)\\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\\nexactly one listener. (This section uses \\\"set of Listeners\\\" rather than\\n\\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration\\nfrom multiple Gateways onto a single data plane, and these rules _also_\\napply in that case).\\n\\n\\nPractically, this means that each listener in a set MUST have a unique\\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\\n\\n\\nSome combinations of port, protocol, and TLS settings are considered\\nCore support and MUST be supported by implementations based on their\\ntargeted conformance profile:\\n\\n\\nHTTP Profile\\n\\n\\n1. HTTPRoute, Port: 80, Protocol: HTTP\\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\\n\\n\\nTLS Profile\\n\\n\\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\\n\\n\\n\\\"Distinct\\\" Listeners have the following property:\\n\\n\\nThe implementation can match inbound requests to a single distinct\\nListener. When multiple Listeners share values for fields (for\\nexample, two Listeners with the same Port value), the implementation\\ncan match requests to only one of the Listeners using other\\nListener fields.\\n\\n\\nFor example, the following Listener scenarios are distinct:\\n\\n\\n1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\"\\n Protocol that all have unique Hostname values.\\n2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or\\n \\\"TLS\\\" Protocol that all have unique Hostname values.\\n3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener\\n with the same Protocol has the same Port value.\\n\\n\\nSome fields in the Listener struct have possible values that affect\\nwhether the Listener is distinct. Hostname is particularly relevant\\nfor HTTP or HTTPS protocols.\\n\\n\\nWhen using the Hostname value to select between same-Port, same-Protocol\\nListeners, the Hostname value must be different on each Listener for the\\nListener to be distinct.\\n\\n\\nWhen the Listeners are distinct based on Hostname, inbound request\\nhostnames MUST match from the most specific to least specific Hostname\\nvalues to choose the correct Listener and its associated set of Routes.\\n\\n\\nExact matches must be processed before wildcard matches, and wildcard\\nmatches must be processed before fallback (empty Hostname value)\\nmatches. For example, `\\\"foo.example.com\\\"` takes precedence over\\n`\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`.\\n\\n\\nAdditionally, if there are multiple wildcard entries, more specific\\nwildcard entries must be processed before less specific wildcard entries.\\nFor example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`.\\nThe precise definition here is that the higher the number of dots in the\\nhostname to the right of the wildcard character, the higher the precedence.\\n\\n\\nThe wildcard character will match any number of characters _and dots_ to\\nthe left, however, so `\\\"*.example.com\\\"` will match both\\n`\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`.\\n\\n\\nIf a set of Listeners contains Listeners that are not distinct, then those\\nListeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\"\\ncondition in the Listener Status to \\\"True\\\".\\n\\n\\nImplementations MAY choose to accept a Gateway with some Conflicted\\nListeners only if they only accept the partial Listener set that contains\\nno Conflicted Listeners. To put this another way, implementations may\\naccept a partial Listener set only if they throw out *all* the conflicting\\nListeners. No picking one of the conflicting listeners as the winner.\\nThis also means that the Gateway must have at least one non-conflicting\\nListener in this case, otherwise it violates the requirement that at\\nleast one Listener must be present.\\n\\n\\nThe implementation MUST set a \\\"ListenersNotValid\\\" condition on the\\nGateway Status when the Gateway contains Conflicted Listeners whether or\\nnot they accept the Gateway. That Condition SHOULD clearly\\nindicate in the Message which Listeners are conflicted, and which are\\nAccepted. Additionally, the Listener status for those listeners SHOULD\\nindicate which Listeners are conflicted and not Accepted.\\n\\n\\nA Gateway's Listeners are considered \\\"compatible\\\" if:\\n\\n\\n1. They are distinct.\\n2. The implementation can serve them in compliance with the Addresses\\n requirement that all Listeners are available on all assigned\\n addresses.\\n\\n\\nCompatible combinations in Extended support are expected to vary across\\nimplementations. A combination that is compatible for one implementation\\nmay not be compatible for another.\\n\\n\\nFor example, an implementation that cannot serve both TCP and UDP listeners\\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\\nwould not consider those cases compatible, even though they are distinct.\\n\\n\\nNote that requests SHOULD match at most one Listener. For example, if\\nListeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a\\nrequest to \\\"foo.example.com\\\" SHOULD only be routed using routes attached\\nto the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener).\\nThis concept is known as \\\"Listener Isolation\\\". Implementations that do\\nnot support Listener Isolation MUST clearly document this.\\n\\n\\nImplementations MAY merge separate Gateways onto a single set of\\nAddresses if all Listeners across all Gateways are compatible.\\n\\n\\nSupport: Core\""), + listeners: { + '#allowedRoutes':: d.obj(help='"AllowedRoutes defines the types of routes that MAY be attached to a\\nListener and the trusted namespaces where those Route resources MAY be\\npresent.\\n\\n\\nAlthough a client request may match multiple route rules, only one rule\\nmay ultimately receive the request. Matching precedence MUST be\\ndetermined in order of the following criteria:\\n\\n\\n* The most specific match as defined by the Route type.\\n* The oldest Route based on creation timestamp. For example, a Route with\\n a creation timestamp of \\"2020-09-08 01:02:03\\" is given precedence over\\n a Route with a creation timestamp of \\"2020-09-08 01:02:04\\".\\n* If everything else is equivalent, the Route appearing first in\\n alphabetical order (namespace/name) should be given precedence. For\\n example, foo/bar is given precedence over foo/baz.\\n\\n\\nAll valid rules within a Route attached to this Listener should be\\nimplemented. Invalid Route rules can be ignored (sometimes that will mean\\nthe full Route). If a Route rule transitions from valid to invalid,\\nsupport for that Route rule should be dropped to ensure consistency. For\\nexample, even if a filter specified by a Route rule is invalid, the rest\\nof the rules within that Route should still be supported.\\n\\n\\nSupport: Core"'), + allowedRoutes: { + '#kinds':: d.obj(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind\\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\\nselected are determined using the Listener protocol.\\n\\n\\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\\nwith the application protocol specified in the Listener's Protocol field.\\nIf an implementation does not support or recognize this resource type, it\\nMUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the\\n\\\"InvalidRouteKinds\\\" reason.\\n\\n\\nSupport: Core\""), + kinds: { + '#withGroup':: d.fn(help='"Group is the group of the Route."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the Route."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + }, + '#namespaces':: d.obj(help='"Namespaces indicates namespaces from which Routes may be attached to this\\nListener. This is restricted to the namespace of this Gateway by default.\\n\\n\\nSupport: Core"'), + namespaces: { + '#selector':: d.obj(help='"Selector must be specified when From is set to \\"Selector\\". In that case,\\nonly Routes in Namespaces matching this Selector will be selected by this\\nGateway. This field is ignored for other values of \\"From\\".\\n\\n\\nSupport: Core"'), + selector: { + '#matchExpressions':: d.obj(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."'), + matchExpressions: { + '#withKey':: d.fn(help='"key is the label key that the selector applies to."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withOperator':: d.fn(help="\"operator represents a key's relationship to a set of values.\\nValid operators are In, NotIn, Exists and DoesNotExist.\"", args=[d.arg(name='operator', type=d.T.string)]), + withOperator(operator): { operator: operator }, + '#withValues':: d.fn(help='"values is an array of string values. If the operator is In or NotIn,\\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\\nthe values array must be empty. This array is replaced during a strategic\\nmerge patch."', args=[d.arg(name='values', type=d.T.array)]), + withValues(values): { values: if std.isArray(v=values) then values else [values] }, + '#withValuesMixin':: d.fn(help='"values is an array of string values. If the operator is In or NotIn,\\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\\nthe values array must be empty. This array is replaced during a strategic\\nmerge patch."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='values', type=d.T.array)]), + withValuesMixin(values): { values+: if std.isArray(v=values) then values else [values] }, + }, + '#withMatchExpressions':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressions(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchExpressionsMixin':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressionsMixin(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions+: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchLabels':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\\nmap is equivalent to an element of matchExpressions, whose key field is \\"key\\", the\\noperator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabels(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels: matchLabels } } } }, + '#withMatchLabelsMixin':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\\nmap is equivalent to an element of matchExpressions, whose key field is \\"key\\", the\\noperator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabelsMixin(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels+: matchLabels } } } }, + }, + '#withFrom':: d.fn(help='"From indicates where Routes will be selected for this Gateway. Possible\\nvalues are:\\n\\n\\n* All: Routes in all namespaces may be used by this Gateway.\\n* Selector: Routes in namespaces selected by the selector may be used by\\n this Gateway.\\n* Same: Only Routes in the same namespace may be used by this Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='from', type=d.T.string)]), + withFrom(from): { allowedRoutes+: { namespaces+: { from: from } } }, + }, + '#withKinds':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind\\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\\nselected are determined using the Listener protocol.\\n\\n\\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\\nwith the application protocol specified in the Listener's Protocol field.\\nIf an implementation does not support or recognize this resource type, it\\nMUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the\\n\\\"InvalidRouteKinds\\\" reason.\\n\\n\\nSupport: Core\"", args=[d.arg(name='kinds', type=d.T.array)]), + withKinds(kinds): { allowedRoutes+: { kinds: if std.isArray(v=kinds) then kinds else [kinds] } }, + '#withKindsMixin':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind\\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\\nselected are determined using the Listener protocol.\\n\\n\\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\\nwith the application protocol specified in the Listener's Protocol field.\\nIf an implementation does not support or recognize this resource type, it\\nMUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the\\n\\\"InvalidRouteKinds\\\" reason.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='kinds', type=d.T.array)]), + withKindsMixin(kinds): { allowedRoutes+: { kinds+: if std.isArray(v=kinds) then kinds else [kinds] } }, + }, + '#tls':: d.obj(help='"TLS is the TLS configuration for the Listener. This field is required if\\nthe Protocol field is \\"HTTPS\\" or \\"TLS\\". It is invalid to set this field\\nif the Protocol field is \\"HTTP\\", \\"TCP\\", or \\"UDP\\".\\n\\n\\nThe association of SNIs to Certificate defined in GatewayTLSConfig is\\ndefined based on the Hostname field for this listener.\\n\\n\\nThe GatewayClass MUST use the longest matching SNI out of all\\navailable certificates for any TLS handshake.\\n\\n\\nSupport: Core"'), + tls: { + '#certificateRefs':: d.obj(help='"CertificateRefs contains a series of references to Kubernetes objects that\\ncontains TLS certificates and private keys. These certificates are used to\\nestablish a TLS handshake for requests that match the hostname of the\\nassociated listener.\\n\\n\\nA single CertificateRef to a Kubernetes Secret has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nReferences to a resource in different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason.\\n\\n\\nThis field is required to have at least one element when the mode is set\\nto \\"Terminate\\" (default) and is optional otherwise.\\n\\n\\nCertificateRefs can reference to standard Kubernetes resources, i.e.\\nSecret, or implementation-specific custom resources.\\n\\n\\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\\n\\n\\nSupport: Implementation-specific (More than one reference or other resource types)"'), + certificateRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"Secret\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the referenced object. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#withCertificateRefs':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that\\ncontains TLS certificates and private keys. These certificates are used to\\nestablish a TLS handshake for requests that match the hostname of the\\nassociated listener.\\n\\n\\nA single CertificateRef to a Kubernetes Secret has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nReferences to a resource in different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason.\\n\\n\\nThis field is required to have at least one element when the mode is set\\nto \\"Terminate\\" (default) and is optional otherwise.\\n\\n\\nCertificateRefs can reference to standard Kubernetes resources, i.e.\\nSecret, or implementation-specific custom resources.\\n\\n\\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\\n\\n\\nSupport: Implementation-specific (More than one reference or other resource types)"', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefs(certificateRefs): { tls+: { certificateRefs: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withCertificateRefsMixin':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that\\ncontains TLS certificates and private keys. These certificates are used to\\nestablish a TLS handshake for requests that match the hostname of the\\nassociated listener.\\n\\n\\nA single CertificateRef to a Kubernetes Secret has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nReferences to a resource in different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason.\\n\\n\\nThis field is required to have at least one element when the mode is set\\nto \\"Terminate\\" (default) and is optional otherwise.\\n\\n\\nCertificateRefs can reference to standard Kubernetes resources, i.e.\\nSecret, or implementation-specific custom resources.\\n\\n\\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\\n\\n\\nSupport: Implementation-specific (More than one reference or other resource types)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefsMixin(certificateRefs): { tls+: { certificateRefs+: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withMode':: d.fn(help="\"Mode defines the TLS behavior for the TLS session initiated by the client.\\nThere are two possible modes:\\n\\n\\n- Terminate: The TLS session between the downstream client and the\\n Gateway is terminated at the Gateway. This mode requires certificates\\n to be specified in some way, such as populating the certificateRefs\\n field.\\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\\n implies that the Gateway can't decipher the TLS stream except for\\n the ClientHello message of the TLS protocol. The certificateRefs field\\n is ignored in this mode.\\n\\n\\nSupport: Core\"", args=[d.arg(name='mode', type=d.T.string)]), + withMode(mode): { tls+: { mode: mode } }, + '#withOptions':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS\\nconfiguration for each implementation. For example, configuring the\\nminimum TLS version or supported cipher suites.\\n\\n\\nA set of common keys MAY be defined by the API in the future. To avoid\\nany ambiguity, implementation-specific definitions MUST use\\ndomain-prefixed names, such as `example.com/my-custom-option`.\\nUn-prefixed names are reserved for key names defined by Gateway API.\\n\\n\\nSupport: Implementation-specific"', args=[d.arg(name='options', type=d.T.object)]), + withOptions(options): { tls+: { options: options } }, + '#withOptionsMixin':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS\\nconfiguration for each implementation. For example, configuring the\\nminimum TLS version or supported cipher suites.\\n\\n\\nA set of common keys MAY be defined by the API in the future. To avoid\\nany ambiguity, implementation-specific definitions MUST use\\ndomain-prefixed names, such as `example.com/my-custom-option`.\\nUn-prefixed names are reserved for key names defined by Gateway API.\\n\\n\\nSupport: Implementation-specific"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='options', type=d.T.object)]), + withOptionsMixin(options): { tls+: { options+: options } }, + }, + '#withHostname':: d.fn(help="\"Hostname specifies the virtual hostname to match for protocol types that\\ndefine this concept. When unspecified, all hostnames are matched. This\\nfield is ignored for protocols that don't require hostname based\\nmatching.\\n\\n\\nImplementations MUST apply Hostname matching appropriately for each of\\nthe following protocols:\\n\\n\\n* TLS: The Listener Hostname MUST match the SNI.\\n* HTTP: The Listener Hostname MUST match the Host header of the request.\\n* HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP\\n protocol layers as described above. If an implementation does not\\n ensure that both the SNI and Host header match the Listener hostname,\\n it MUST clearly document that.\\n\\n\\nFor HTTPRoute and TLSRoute resources, there is an interaction with the\\n`spec.hostnames` array. When both listener and route specify hostnames,\\nthere MUST be an intersection between the values for a Route to be\\naccepted. For more information, refer to the Route specific Hostnames\\ndocumentation.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nSupport: Core\"", args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { hostname: hostname }, + '#withName':: d.fn(help='"Name is the name of the Listener. This name MUST be unique within a\\nGateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withPort':: d.fn(help='"Port is the network port. Multiple listeners may use the\\nsame port, subject to the Listener compatibility rules.\\n\\n\\nSupport: Core"', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withProtocol':: d.fn(help='"Protocol specifies the network protocol this listener expects to receive.\\n\\n\\nSupport: Core"', args=[d.arg(name='protocol', type=d.T.string)]), + withProtocol(protocol): { protocol: protocol }, + }, + '#withAddresses':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can\\ndepend on the implementation. If a value is set in the spec and the\\nrequested address is invalid or unavailable, the implementation MUST\\nindicate this in the associated entry in GatewayStatus.Addresses.\\n\\n\\nThe Addresses field represents a request for the address(es) on the\\n\\"outside of the Gateway\\", that traffic bound for this Gateway will use.\\nThis could be the IP address or hostname of an external load balancer or\\nother networking infrastructure, or some other address that traffic will\\nbe sent to.\\n\\n\\nIf no Addresses are specified, the implementation MAY schedule the\\nGateway in an implementation-specific manner, assigning an appropriate\\nset of Addresses.\\n\\n\\nThe implementation MUST bind all Listeners to every GatewayAddress that\\nit assigns to the Gateway and add a corresponding entry in\\nGatewayStatus.Addresses.\\n\\n\\nSupport: Extended\\n\\n\\n"', args=[d.arg(name='addresses', type=d.T.array)]), + withAddresses(addresses): { spec+: { addresses: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withAddressesMixin':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can\\ndepend on the implementation. If a value is set in the spec and the\\nrequested address is invalid or unavailable, the implementation MUST\\nindicate this in the associated entry in GatewayStatus.Addresses.\\n\\n\\nThe Addresses field represents a request for the address(es) on the\\n\\"outside of the Gateway\\", that traffic bound for this Gateway will use.\\nThis could be the IP address or hostname of an external load balancer or\\nother networking infrastructure, or some other address that traffic will\\nbe sent to.\\n\\n\\nIf no Addresses are specified, the implementation MAY schedule the\\nGateway in an implementation-specific manner, assigning an appropriate\\nset of Addresses.\\n\\n\\nThe implementation MUST bind all Listeners to every GatewayAddress that\\nit assigns to the Gateway and add a corresponding entry in\\nGatewayStatus.Addresses.\\n\\n\\nSupport: Extended\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='addresses', type=d.T.array)]), + withAddressesMixin(addresses): { spec+: { addresses+: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withGatewayClassName':: d.fn(help='"GatewayClassName used for this Gateway. This is the name of a\\nGatewayClass resource."', args=[d.arg(name='gatewayClassName', type=d.T.string)]), + withGatewayClassName(gatewayClassName): { spec+: { gatewayClassName: gatewayClassName } }, + '#withListeners':: d.fn(help="\"Listeners associated with this Gateway. Listeners define\\nlogical endpoints that are bound on this Gateway's addresses.\\nAt least one Listener MUST be specified.\\n\\n\\nEach Listener in a set of Listeners (for example, in a single Gateway)\\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\\nexactly one listener. (This section uses \\\"set of Listeners\\\" rather than\\n\\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration\\nfrom multiple Gateways onto a single data plane, and these rules _also_\\napply in that case).\\n\\n\\nPractically, this means that each listener in a set MUST have a unique\\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\\n\\n\\nSome combinations of port, protocol, and TLS settings are considered\\nCore support and MUST be supported by implementations based on their\\ntargeted conformance profile:\\n\\n\\nHTTP Profile\\n\\n\\n1. HTTPRoute, Port: 80, Protocol: HTTP\\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\\n\\n\\nTLS Profile\\n\\n\\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\\n\\n\\n\\\"Distinct\\\" Listeners have the following property:\\n\\n\\nThe implementation can match inbound requests to a single distinct\\nListener. When multiple Listeners share values for fields (for\\nexample, two Listeners with the same Port value), the implementation\\ncan match requests to only one of the Listeners using other\\nListener fields.\\n\\n\\nFor example, the following Listener scenarios are distinct:\\n\\n\\n1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\"\\n Protocol that all have unique Hostname values.\\n2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or\\n \\\"TLS\\\" Protocol that all have unique Hostname values.\\n3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener\\n with the same Protocol has the same Port value.\\n\\n\\nSome fields in the Listener struct have possible values that affect\\nwhether the Listener is distinct. Hostname is particularly relevant\\nfor HTTP or HTTPS protocols.\\n\\n\\nWhen using the Hostname value to select between same-Port, same-Protocol\\nListeners, the Hostname value must be different on each Listener for the\\nListener to be distinct.\\n\\n\\nWhen the Listeners are distinct based on Hostname, inbound request\\nhostnames MUST match from the most specific to least specific Hostname\\nvalues to choose the correct Listener and its associated set of Routes.\\n\\n\\nExact matches must be processed before wildcard matches, and wildcard\\nmatches must be processed before fallback (empty Hostname value)\\nmatches. For example, `\\\"foo.example.com\\\"` takes precedence over\\n`\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`.\\n\\n\\nAdditionally, if there are multiple wildcard entries, more specific\\nwildcard entries must be processed before less specific wildcard entries.\\nFor example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`.\\nThe precise definition here is that the higher the number of dots in the\\nhostname to the right of the wildcard character, the higher the precedence.\\n\\n\\nThe wildcard character will match any number of characters _and dots_ to\\nthe left, however, so `\\\"*.example.com\\\"` will match both\\n`\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`.\\n\\n\\nIf a set of Listeners contains Listeners that are not distinct, then those\\nListeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\"\\ncondition in the Listener Status to \\\"True\\\".\\n\\n\\nImplementations MAY choose to accept a Gateway with some Conflicted\\nListeners only if they only accept the partial Listener set that contains\\nno Conflicted Listeners. To put this another way, implementations may\\naccept a partial Listener set only if they throw out *all* the conflicting\\nListeners. No picking one of the conflicting listeners as the winner.\\nThis also means that the Gateway must have at least one non-conflicting\\nListener in this case, otherwise it violates the requirement that at\\nleast one Listener must be present.\\n\\n\\nThe implementation MUST set a \\\"ListenersNotValid\\\" condition on the\\nGateway Status when the Gateway contains Conflicted Listeners whether or\\nnot they accept the Gateway. That Condition SHOULD clearly\\nindicate in the Message which Listeners are conflicted, and which are\\nAccepted. Additionally, the Listener status for those listeners SHOULD\\nindicate which Listeners are conflicted and not Accepted.\\n\\n\\nA Gateway's Listeners are considered \\\"compatible\\\" if:\\n\\n\\n1. They are distinct.\\n2. The implementation can serve them in compliance with the Addresses\\n requirement that all Listeners are available on all assigned\\n addresses.\\n\\n\\nCompatible combinations in Extended support are expected to vary across\\nimplementations. A combination that is compatible for one implementation\\nmay not be compatible for another.\\n\\n\\nFor example, an implementation that cannot serve both TCP and UDP listeners\\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\\nwould not consider those cases compatible, even though they are distinct.\\n\\n\\nNote that requests SHOULD match at most one Listener. For example, if\\nListeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a\\nrequest to \\\"foo.example.com\\\" SHOULD only be routed using routes attached\\nto the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener).\\nThis concept is known as \\\"Listener Isolation\\\". Implementations that do\\nnot support Listener Isolation MUST clearly document this.\\n\\n\\nImplementations MAY merge separate Gateways onto a single set of\\nAddresses if all Listeners across all Gateways are compatible.\\n\\n\\nSupport: Core\"", args=[d.arg(name='listeners', type=d.T.array)]), + withListeners(listeners): { spec+: { listeners: if std.isArray(v=listeners) then listeners else [listeners] } }, + '#withListenersMixin':: d.fn(help="\"Listeners associated with this Gateway. Listeners define\\nlogical endpoints that are bound on this Gateway's addresses.\\nAt least one Listener MUST be specified.\\n\\n\\nEach Listener in a set of Listeners (for example, in a single Gateway)\\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\\nexactly one listener. (This section uses \\\"set of Listeners\\\" rather than\\n\\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration\\nfrom multiple Gateways onto a single data plane, and these rules _also_\\napply in that case).\\n\\n\\nPractically, this means that each listener in a set MUST have a unique\\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\\n\\n\\nSome combinations of port, protocol, and TLS settings are considered\\nCore support and MUST be supported by implementations based on their\\ntargeted conformance profile:\\n\\n\\nHTTP Profile\\n\\n\\n1. HTTPRoute, Port: 80, Protocol: HTTP\\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\\n\\n\\nTLS Profile\\n\\n\\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\\n\\n\\n\\\"Distinct\\\" Listeners have the following property:\\n\\n\\nThe implementation can match inbound requests to a single distinct\\nListener. When multiple Listeners share values for fields (for\\nexample, two Listeners with the same Port value), the implementation\\ncan match requests to only one of the Listeners using other\\nListener fields.\\n\\n\\nFor example, the following Listener scenarios are distinct:\\n\\n\\n1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\"\\n Protocol that all have unique Hostname values.\\n2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or\\n \\\"TLS\\\" Protocol that all have unique Hostname values.\\n3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener\\n with the same Protocol has the same Port value.\\n\\n\\nSome fields in the Listener struct have possible values that affect\\nwhether the Listener is distinct. Hostname is particularly relevant\\nfor HTTP or HTTPS protocols.\\n\\n\\nWhen using the Hostname value to select between same-Port, same-Protocol\\nListeners, the Hostname value must be different on each Listener for the\\nListener to be distinct.\\n\\n\\nWhen the Listeners are distinct based on Hostname, inbound request\\nhostnames MUST match from the most specific to least specific Hostname\\nvalues to choose the correct Listener and its associated set of Routes.\\n\\n\\nExact matches must be processed before wildcard matches, and wildcard\\nmatches must be processed before fallback (empty Hostname value)\\nmatches. For example, `\\\"foo.example.com\\\"` takes precedence over\\n`\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`.\\n\\n\\nAdditionally, if there are multiple wildcard entries, more specific\\nwildcard entries must be processed before less specific wildcard entries.\\nFor example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`.\\nThe precise definition here is that the higher the number of dots in the\\nhostname to the right of the wildcard character, the higher the precedence.\\n\\n\\nThe wildcard character will match any number of characters _and dots_ to\\nthe left, however, so `\\\"*.example.com\\\"` will match both\\n`\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`.\\n\\n\\nIf a set of Listeners contains Listeners that are not distinct, then those\\nListeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\"\\ncondition in the Listener Status to \\\"True\\\".\\n\\n\\nImplementations MAY choose to accept a Gateway with some Conflicted\\nListeners only if they only accept the partial Listener set that contains\\nno Conflicted Listeners. To put this another way, implementations may\\naccept a partial Listener set only if they throw out *all* the conflicting\\nListeners. No picking one of the conflicting listeners as the winner.\\nThis also means that the Gateway must have at least one non-conflicting\\nListener in this case, otherwise it violates the requirement that at\\nleast one Listener must be present.\\n\\n\\nThe implementation MUST set a \\\"ListenersNotValid\\\" condition on the\\nGateway Status when the Gateway contains Conflicted Listeners whether or\\nnot they accept the Gateway. That Condition SHOULD clearly\\nindicate in the Message which Listeners are conflicted, and which are\\nAccepted. Additionally, the Listener status for those listeners SHOULD\\nindicate which Listeners are conflicted and not Accepted.\\n\\n\\nA Gateway's Listeners are considered \\\"compatible\\\" if:\\n\\n\\n1. They are distinct.\\n2. The implementation can serve them in compliance with the Addresses\\n requirement that all Listeners are available on all assigned\\n addresses.\\n\\n\\nCompatible combinations in Extended support are expected to vary across\\nimplementations. A combination that is compatible for one implementation\\nmay not be compatible for another.\\n\\n\\nFor example, an implementation that cannot serve both TCP and UDP listeners\\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\\nwould not consider those cases compatible, even though they are distinct.\\n\\n\\nNote that requests SHOULD match at most one Listener. For example, if\\nListeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a\\nrequest to \\\"foo.example.com\\\" SHOULD only be routed using routes attached\\nto the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener).\\nThis concept is known as \\\"Listener Isolation\\\". Implementations that do\\nnot support Listener Isolation MUST clearly document this.\\n\\n\\nImplementations MAY merge separate Gateways onto a single set of\\nAddresses if all Listeners across all Gateways are compatible.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='listeners', type=d.T.array)]), + withListenersMixin(listeners): { spec+: { listeners+: if std.isArray(v=listeners) then listeners else [listeners] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1/_gen/gateway/v1/gatewayClass.libsonnet b/1.1/_gen/gateway/v1/gatewayClass.libsonnet new file mode 100644 index 0000000..6fc0b30 --- /dev/null +++ b/1.1/_gen/gateway/v1/gatewayClass.libsonnet @@ -0,0 +1,72 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gatewayClass', url='', help='"GatewayClass describes a class of Gateways available to the user for creating\\nGateway resources.\\n\\n\\nIt is recommended that this resource be used as a template for Gateways. This\\nmeans that a Gateway is based on the state of the GatewayClass at the time it\\nwas created and changes to the GatewayClass or associated parameters are not\\npropagated down to existing Gateways. This recommendation is intended to\\nlimit the blast radius of changes to GatewayClass or associated parameters.\\nIf implementations choose to propagate GatewayClass changes to existing\\nGateways, that MUST be clearly documented by the implementation.\\n\\n\\nWhenever one or more Gateways are using a GatewayClass, implementations SHOULD\\nadd the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the\\nassociated GatewayClass. This ensures that a GatewayClass associated with a\\nGateway is not deleted while in use.\\n\\n\\nGatewayClass is a Cluster level resource."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GatewayClass', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'GatewayClass', + } + self.metadata.withName(name=name) + self.metadata.withAnnotations(annotations={ + 'tanka.dev/namespaced': 'false', + }), + '#spec':: d.obj(help='"Spec defines the desired state of GatewayClass."'), + spec: { + '#parametersRef':: d.obj(help="\"ParametersRef is a reference to a resource that contains the configuration\\nparameters corresponding to the GatewayClass. This is optional if the\\ncontroller does not require any additional configuration.\\n\\n\\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\\nor an implementation-specific custom resource. The resource can be\\ncluster-scoped or namespace-scoped.\\n\\n\\nIf the referent cannot be found, the GatewayClass's \\\"InvalidParameters\\\"\\nstatus condition will be true.\\n\\n\\nA Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,\\nthe merging behavior is implementation specific.\\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\\n\\n\\nSupport: Implementation-specific\""), + parametersRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { spec+: { parametersRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is kind of the referent."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { spec+: { parametersRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { parametersRef+: { name: name } } }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent.\\nThis field is required when referring to a Namespace-scoped resource and\\nMUST be unset when referring to a Cluster-scoped resource."', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { parametersRef+: { namespace: namespace } } }, + }, + '#withControllerName':: d.fn(help='"ControllerName is the name of the controller that is managing Gateways of\\nthis class. The value of this field MUST be a domain prefixed path.\\n\\n\\nExample: \\"example.net/gateway-controller\\".\\n\\n\\nThis field is not mutable and cannot be empty.\\n\\n\\nSupport: Core"', args=[d.arg(name='controllerName', type=d.T.string)]), + withControllerName(controllerName): { spec+: { controllerName: controllerName } }, + '#withDescription':: d.fn(help='"Description helps describe a GatewayClass with more details."', args=[d.arg(name='description', type=d.T.string)]), + withDescription(description): { spec+: { description: description } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1/_gen/gateway/v1/grpcRoute.libsonnet b/1.1/_gen/gateway/v1/grpcRoute.libsonnet new file mode 100644 index 0000000..3da775c --- /dev/null +++ b/1.1/_gen/gateway/v1/grpcRoute.libsonnet @@ -0,0 +1,317 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='grpcRoute', url='', help='"GRPCRoute provides a way to route gRPC requests. This includes the capability\\nto match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.\\nFilters can be used to specify additional processing steps. Backends specify\\nwhere matching requests will be routed.\\n\\n\\nGRPCRoute falls under extended support within the Gateway API. Within the\\nfollowing specification, the word \\"MUST\\" indicates that an implementation\\nsupporting GRPCRoute must conform to the indicated requirement, but an\\nimplementation not supporting this route type need not follow the requirement\\nunless explicitly indicated.\\n\\n\\nImplementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST\\naccept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via\\nALPN. If the implementation does not support this, then it MUST set the\\n\\"Accepted\\" condition to \\"False\\" for the affected listener with a reason of\\n\\"UnsupportedProtocol\\". Implementations MAY also accept HTTP/2 connections\\nwith an upgrade from HTTP/1.\\n\\n\\nImplementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST\\nsupport HTTP/2 over cleartext TCP (h2c,\\nhttps://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial\\nupgrade from HTTP/1.1, i.e. with prior knowledge\\n(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation\\ndoes not support this, then it MUST set the \\"Accepted\\" condition to \\"False\\"\\nfor the affected listener with a reason of \\"UnsupportedProtocol\\".\\nImplementations MAY also accept HTTP/2 connections with an upgrade from\\nHTTP/1, i.e. without prior knowledge."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GRPCRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'GRPCRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of GRPCRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\n\\n\\n\\n\\n\\n"'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen unspecified, \\"gateway.networking.k8s.io\\" is inferred.\\nTo set the core API group (such as for a \\"Service\\" kind referent),\\nGroup must be explicitly set to \\"\\" (empty string).\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nSupport for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers\\nto the local namespace of the Route.\\n\\n\\nNote that there are specific rules for ParentRefs which cross namespace\\nboundaries. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example:\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable any other kind of cross-namespace reference.\\n\\n\\n\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted\\ndifferently based on the type of parent resource.\\n\\n\\nWhen the parent resource is a Gateway, this targets all listeners\\nlistening on the specified port that also support this kind of Route(and\\nselect this Route). It's not recommended to set `Port` unless the\\nnetworking behaviors specified in a Route must apply to a specific port\\nas opposed to a listener(s) whose port(s) may be changed. When both Port\\nand SectionName are specified, the name and port of the selected listener\\nmust match both specified values.\\n\\n\\n\\n\\n\\nImplementations MAY choose to support other parent resources.\\nImplementations supporting other types of parent resources MUST clearly\\ndocument how/if Port is interpreted.\\n\\n\\nFor the purpose of status, an attachment is considered successful as\\nlong as the parent resource accepts it partially. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\\nfrom the referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route,\\nthe Route MUST be considered detached from the Gateway.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the\\nfollowing resources, SectionName is interpreted as the following:\\n\\n\\n* Gateway: Listener name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n* Service: Port name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n\\n\\nImplementations MAY choose to support attaching Routes to other resources.\\nIf that is the case, they MUST clearly document how SectionName is\\ninterpreted.\\n\\n\\nWhen unspecified (empty string), this will reference the entire resource.\\nFor the purpose of status, an attachment is considered successful if at\\nleast one section in the parent resource accepts it. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\\nthe referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route, the\\nRoute MUST be considered detached from the Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of GRPC matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive an `UNAVAILABLE` status.\\n\\n\\nSee the GRPCBackendRef definition for the rules about what makes a single\\nGRPCBackendRef invalid.\\n\\n\\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive an `UNAVAILABLE` status.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\\nImplementations may choose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level MUST be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in GRPCRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nSupport: Implementation-specific\\n\\n\\nThis filter can be used multiple times within the same rule."'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations supporting GRPCRoute MUST support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` MUST be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\n"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level MUST be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in GRPCRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level MUST be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in GRPCRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced\\nbackend. This is computed as weight/(sum of all weights in this\\nBackendRefs list). For non-zero values, there may be some epsilon from\\nthe exact proportion defined here depending on the precision an\\nimplementation supports. Weight is not a percentage and the sum of\\nweights does not need to equal 100.\\n\\n\\nIf only one backend is specified and it has a weight greater than 0, 100%\\nof the traffic is forwarded to that backend. If weight is set to 0, no\\ntraffic should be forwarded for this entry. If unspecified, weight\\ndefaults to 1.\\n\\n\\nSupport for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nThe effects of ordering of multiple behaviors are currently unspecified.\\nThis can change in the future based on feedback during the alpha stage.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations that support\\n GRPCRoute.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nIf an implementation can not support a combination of filters, it must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nSupport: Implementation-specific\\n\\n\\nThis filter can be used multiple times within the same rule."'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations supporting GRPCRoute MUST support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` MUST be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\n"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming\\ngRPC requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- method:\\n service: foo.bar\\n headers:\\n values:\\n version: 2\\n- method:\\n service: foo.bar.v2\\n```\\n\\n\\nFor a request to match against this rule, it MUST satisfy\\nEITHER of the two conditions:\\n\\n\\n- service of foo.bar AND contains the header `version: 2`\\n- service of foo.bar.v2\\n\\n\\nSee the documentation for GRPCRouteMatch on how to specify multiple\\nmatch conditions to be ANDed together.\\n\\n\\nIf no matches are specified, the implementation MUST match every gRPC request.\\n\\n\\nProxy or Load Balancer routing configuration generated from GRPCRoutes\\nMUST prioritize rules based on the following criteria, continuing on\\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\\nPrecedence MUST be given to the rule with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n* Characters in a matching service.\\n* Characters in a matching method.\\n* Header matches.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within the Route that has been given precedence,\\nmatching precedence MUST be granted to the first matching rule meeting\\nthe above criteria."'), + matches: { + '#headers':: d.obj(help='"Headers specifies gRPC request header matchers. Multiple match values are\\nANDed together, meaning, a request MUST match all the specified headers\\nto select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the gRPC Header to be matched.\\n\\n\\nIf multiple entries specify equivalent header names, only the first\\nentry with an equivalent name MUST be considered for a match. Subsequent\\nentries with an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help='"Type specifies how to match against the value of the header."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of the gRPC Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#method':: d.obj(help='"Method specifies a gRPC request service/method matcher. If this field is\\nnot specified, all services and methods will match."'), + method: { + '#withMethod':: d.fn(help='"Value of the method to match against. If left empty or omitted, will\\nmatch all services.\\n\\n\\nAt least one of Service and Method MUST be a non-empty string."', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method+: { method: method } }, + '#withService':: d.fn(help='"Value of the service to match against. If left empty or omitted, will\\nmatch any service.\\n\\n\\nAt least one of Service and Method MUST be a non-empty string."', args=[d.arg(name='service', type=d.T.string)]), + withService(service): { method+: { service: service } }, + '#withType':: d.fn(help='"Type specifies how to match against the service and/or method.\\nSupport: Core (Exact with service and method specified)\\n\\n\\nSupport: Implementation-specific (Exact with method specified but no service specified)\\n\\n\\nSupport: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { method+: { type: type } }, + }, + '#withHeaders':: d.fn(help='"Headers specifies gRPC request header matchers. Multiple match values are\\nANDed together, meaning, a request MUST match all the specified headers\\nto select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies gRPC request header matchers. Multiple match values are\\nANDed together, meaning, a request MUST match all the specified headers\\nto select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive an `UNAVAILABLE` status.\\n\\n\\nSee the GRPCBackendRef definition for the rules about what makes a single\\nGRPCBackendRef invalid.\\n\\n\\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive an `UNAVAILABLE` status.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\\nImplementations may choose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive an `UNAVAILABLE` status.\\n\\n\\nSee the GRPCBackendRef definition for the rules about what makes a single\\nGRPCBackendRef invalid.\\n\\n\\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive an `UNAVAILABLE` status.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\\nImplementations may choose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nThe effects of ordering of multiple behaviors are currently unspecified.\\nThis can change in the future based on feedback during the alpha stage.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations that support\\n GRPCRoute.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nIf an implementation can not support a combination of filters, it must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nThe effects of ordering of multiple behaviors are currently unspecified.\\nThis can change in the future based on feedback during the alpha stage.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations that support\\n GRPCRoute.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nIf an implementation can not support a combination of filters, it must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\ngRPC requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- method:\\n service: foo.bar\\n headers:\\n values:\\n version: 2\\n- method:\\n service: foo.bar.v2\\n```\\n\\n\\nFor a request to match against this rule, it MUST satisfy\\nEITHER of the two conditions:\\n\\n\\n- service of foo.bar AND contains the header `version: 2`\\n- service of foo.bar.v2\\n\\n\\nSee the documentation for GRPCRouteMatch on how to specify multiple\\nmatch conditions to be ANDed together.\\n\\n\\nIf no matches are specified, the implementation MUST match every gRPC request.\\n\\n\\nProxy or Load Balancer routing configuration generated from GRPCRoutes\\nMUST prioritize rules based on the following criteria, continuing on\\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\\nPrecedence MUST be given to the rule with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n* Characters in a matching service.\\n* Characters in a matching method.\\n* Header matches.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within the Route that has been given precedence,\\nmatching precedence MUST be granted to the first matching rule meeting\\nthe above criteria."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\ngRPC requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- method:\\n service: foo.bar\\n headers:\\n values:\\n version: 2\\n- method:\\n service: foo.bar.v2\\n```\\n\\n\\nFor a request to match against this rule, it MUST satisfy\\nEITHER of the two conditions:\\n\\n\\n- service of foo.bar AND contains the header `version: 2`\\n- service of foo.bar.v2\\n\\n\\nSee the documentation for GRPCRouteMatch on how to specify multiple\\nmatch conditions to be ANDed together.\\n\\n\\nIf no matches are specified, the implementation MUST match every gRPC request.\\n\\n\\nProxy or Load Balancer routing configuration generated from GRPCRoutes\\nMUST prioritize rules based on the following criteria, continuing on\\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\\nPrecedence MUST be given to the rule with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n* Characters in a matching service.\\n* Characters in a matching method.\\n* Header matches.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within the Route that has been given precedence,\\nmatching precedence MUST be granted to the first matching rule meeting\\nthe above criteria."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames to match against the GRPC\\nHost header to select a GRPCRoute to process the request. This matches\\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label MUST appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and GRPCRoute, there\\nMUST be at least one intersecting hostname for the GRPCRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `test.example.com` and `*.example.com` would both match. On the other\\n hand, `example.com` and `test.example.net` would not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, any\\nGRPCRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nGRPCRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` MUST NOT be considered for a match.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, and none\\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\\nthe implementation. The implementation MUST raise an 'Accepted' Condition\\nwith a status of `False` in the corresponding RouteParentStatus.\\n\\n\\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\\nListener and that listener already has another Route (B) of the other\\ntype attached and the intersection of the hostnames of A and B is\\nnon-empty, then the implementation MUST accept exactly one of these two\\nroutes, determined by the following criteria, in order:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\\"{namespace}/{name}\\\".\\n\\n\\nThe rejected Route MUST raise an 'Accepted' condition with a status of\\n'False' in the corresponding RouteParentStatus.\\n\\n\\nSupport: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames to match against the GRPC\\nHost header to select a GRPCRoute to process the request. This matches\\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label MUST appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and GRPCRoute, there\\nMUST be at least one intersecting hostname for the GRPCRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `test.example.com` and `*.example.com` would both match. On the other\\n hand, `example.com` and `test.example.net` would not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, any\\nGRPCRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nGRPCRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` MUST NOT be considered for a match.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, and none\\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\\nthe implementation. The implementation MUST raise an 'Accepted' Condition\\nwith a status of `False` in the corresponding RouteParentStatus.\\n\\n\\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\\nListener and that listener already has another Route (B) of the other\\ntype attached and the intersection of the hostnames of A and B is\\nnon-empty, then the implementation MUST accept exactly one of these two\\nroutes, determined by the following criteria, in order:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\\"{namespace}/{name}\\\".\\n\\n\\nThe rejected Route MUST raise an 'Accepted' condition with a status of\\n'False' in the corresponding RouteParentStatus.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\n\\n\\n\\n\\n\\n"', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\n\\n\\n\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of GRPC matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of GRPC matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1/_gen/gateway/v1/httpRoute.libsonnet b/1.1/_gen/gateway/v1/httpRoute.libsonnet new file mode 100644 index 0000000..90d3062 --- /dev/null +++ b/1.1/_gen/gateway/v1/httpRoute.libsonnet @@ -0,0 +1,398 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='httpRoute', url='', help='"HTTPRoute provides a way to route HTTP requests. This includes the capability\\nto match requests by hostname, path, header, or query param. Filters can be\\nused to specify additional processing steps. Backends specify where matching\\nrequests should be routed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of HTTPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1', + kind: 'HTTPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of HTTPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\n\\n\\n\\n\\n\\n"'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen unspecified, \\"gateway.networking.k8s.io\\" is inferred.\\nTo set the core API group (such as for a \\"Service\\" kind referent),\\nGroup must be explicitly set to \\"\\" (empty string).\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nSupport for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers\\nto the local namespace of the Route.\\n\\n\\nNote that there are specific rules for ParentRefs which cross namespace\\nboundaries. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example:\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable any other kind of cross-namespace reference.\\n\\n\\n\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted\\ndifferently based on the type of parent resource.\\n\\n\\nWhen the parent resource is a Gateway, this targets all listeners\\nlistening on the specified port that also support this kind of Route(and\\nselect this Route). It's not recommended to set `Port` unless the\\nnetworking behaviors specified in a Route must apply to a specific port\\nas opposed to a listener(s) whose port(s) may be changed. When both Port\\nand SectionName are specified, the name and port of the selected listener\\nmust match both specified values.\\n\\n\\n\\n\\n\\nImplementations MAY choose to support other parent resources.\\nImplementations supporting other types of parent resources MUST clearly\\ndocument how/if Port is interpreted.\\n\\n\\nFor the purpose of status, an attachment is considered successful as\\nlong as the parent resource accepts it partially. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\\nfrom the referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route,\\nthe Route MUST be considered detached from the Gateway.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the\\nfollowing resources, SectionName is interpreted as the following:\\n\\n\\n* Gateway: Listener name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n* Service: Port name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n\\n\\nImplementations MAY choose to support attaching Routes to other resources.\\nIf that is the case, they MUST clearly document how SectionName is\\ninterpreted.\\n\\n\\nWhen unspecified (empty string), this will reference the entire resource.\\nFor the purpose of status, an attachment is considered successful if at\\nleast one section in the parent resource accepts it. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\\nthe referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route, the\\nRoute MUST be considered detached from the Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of HTTP matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive a 500 status code.\\n\\n\\nSee the HTTPBackendRef definition for the rules about what makes a single\\nHTTPBackendRef invalid.\\n\\n\\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive a 500 status code.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic must receive a 500. Implementations may\\nchoose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level should be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in HTTPRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nThis filter can be used multiple times within the same rule.\\n\\n\\nSupport: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the\\nrequest with an HTTP redirection.\\n\\n\\nSupport: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request.\\nThe modified path is then used to construct the `Location` header. When\\nempty, the request path is used as-is.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location`\\nheader in the response.\\nWhen empty, the hostname in the `Host` header of the request is used.\\n\\n\\nSupport: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location`\\nheader in the response.\\n\\n\\nIf no port is specified, the redirect port MUST be derived using the\\nfollowing rules:\\n\\n\\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\\n port associated with the redirect scheme. Specifically \\\"http\\\" to port 80\\n and \\\"https\\\" to port 443. If the redirect scheme does not have a\\n well-known port, the listener port of the Gateway SHOULD be used.\\n* If redirect scheme is empty, the redirect port MUST be the Gateway\\n Listener port.\\n\\n\\nImplementations SHOULD NOT add the port number in the 'Location'\\nheader in the following cases:\\n\\n\\n* A Location header that will use HTTP (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 80.\\n* A Location header that will use HTTPS (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 443.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in\\nthe response. When empty, the scheme of the request is used.\\n\\n\\nScheme redirects can affect the port of the redirect, for more information,\\nrefer to the documentation for the port field of this filter.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding.\\n\\n\\nSupport: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during\\nforwarding.\\n\\n\\nSupport: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations must support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by\\n specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` should be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level should be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in HTTPRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level should be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in HTTPRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced\\nbackend. This is computed as weight/(sum of all weights in this\\nBackendRefs list). For non-zero values, there may be some epsilon from\\nthe exact proportion defined here depending on the precision an\\nimplementation supports. Weight is not a percentage and the sum of\\nweights does not need to equal 100.\\n\\n\\nIf only one backend is specified and it has a weight greater than 0, 100%\\nof the traffic is forwarded to that backend. If weight is set to 0, no\\ntraffic should be forwarded for this entry. If unspecified, weight\\ndefaults to 1.\\n\\n\\nSupport for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nWherever possible, implementations SHOULD implement filters in the order\\nthey are specified.\\n\\n\\nImplementations MAY choose to implement this ordering strictly, rejecting\\nany combination or order of filters that can not be supported. If implementations\\nchoose a strict interpretation of filter ordering, they MUST clearly document\\nthat behavior.\\n\\n\\nTo reject an invalid combination or order of filters, implementations SHOULD\\nconsider the Route Rules with this configuration invalid. If all Route Rules\\nin a Route are invalid, the entire Route would be considered invalid. If only\\na portion of Route Rules are invalid, implementations MUST set the\\n\\"PartiallyInvalid\\" condition for the Route.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nAll filters are expected to be compatible with each other except for the\\nURLRewrite and RequestRedirect filters, which may not be combined. If an\\nimplementation can not support other combinations of filters, they must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nThis filter can be used multiple times within the same rule.\\n\\n\\nSupport: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the\\nrequest with an HTTP redirection.\\n\\n\\nSupport: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request.\\nThe modified path is then used to construct the `Location` header. When\\nempty, the request path is used as-is.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location`\\nheader in the response.\\nWhen empty, the hostname in the `Host` header of the request is used.\\n\\n\\nSupport: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location`\\nheader in the response.\\n\\n\\nIf no port is specified, the redirect port MUST be derived using the\\nfollowing rules:\\n\\n\\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\\n port associated with the redirect scheme. Specifically \\\"http\\\" to port 80\\n and \\\"https\\\" to port 443. If the redirect scheme does not have a\\n well-known port, the listener port of the Gateway SHOULD be used.\\n* If redirect scheme is empty, the redirect port MUST be the Gateway\\n Listener port.\\n\\n\\nImplementations SHOULD NOT add the port number in the 'Location'\\nheader in the following cases:\\n\\n\\n* A Location header that will use HTTP (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 80.\\n* A Location header that will use HTTPS (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 443.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in\\nthe response. When empty, the scheme of the request is used.\\n\\n\\nScheme redirects can affect the port of the redirect, for more information,\\nrefer to the documentation for the port field of this filter.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding.\\n\\n\\nSupport: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during\\nforwarding.\\n\\n\\nSupport: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations must support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by\\n specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` should be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming\\nHTTP requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- path:\\n value: \\"/foo\\"\\n headers:\\n - name: \\"version\\"\\n value: \\"v2\\"\\n- path:\\n value: \\"/v2/foo\\"\\n```\\n\\n\\nFor a request to match against this rule, a request must satisfy\\nEITHER of the two conditions:\\n\\n\\n- path prefixed with `/foo` AND contains the header `version: v2`\\n- path prefix of `/v2/foo`\\n\\n\\nSee the documentation for HTTPRouteMatch on how to specify multiple\\nmatch conditions that should be ANDed together.\\n\\n\\nIf no matches are specified, the default is a prefix\\npath match on \\"/\\", which has the effect of matching every\\nHTTP request.\\n\\n\\nProxy or Load Balancer routing configuration generated from HTTPRoutes\\nMUST prioritize matches based on the following criteria, continuing on\\nties. Across all rules specified on applicable Routes, precedence must be\\ngiven to the match having:\\n\\n\\n* \\"Exact\\" path match.\\n* \\"Prefix\\" path match with largest number of characters.\\n* Method match.\\n* Largest number of header matches.\\n* Largest number of query param matches.\\n\\n\\nNote: The precedence of RegularExpression path matches are implementation-specific.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\\nto the FIRST matching rule (in list order) with a match meeting the above\\ncriteria.\\n\\n\\nWhen no rules matching a request have been successfully attached to the\\nparent a request is coming from, a HTTP 404 status code MUST be returned."'), + matches: { + '#headers':: d.obj(help='"Headers specifies HTTP request header matchers. Multiple match values are\\nANDed together, meaning, a request must match all the specified headers\\nto select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, only the first\\nentry with an equivalent name MUST be considered for a match. Subsequent\\nentries with an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent.\\n\\n\\nWhen a header is repeated in an HTTP request, it is\\nimplementation-specific behavior as to how this is represented.\\nGenerally, proxies should follow the guidance from the RFC:\\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\\nprocessing a repeated header, with special handling for \\"Set-Cookie\\"."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the header.\\n\\n\\nSupport: Core (Exact)\\n\\n\\nSupport: Implementation-specific (RegularExpression)\\n\\n\\nSince RegularExpression HeaderMatchType has implementation-specific\\nconformance, implementations can support POSIX, PCRE or any other dialects\\nof regular expressions. Please read the implementation's documentation to\\ndetermine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#path':: d.obj(help='"Path specifies a HTTP request path matcher. If this field is not\\nspecified, a default prefix match on the \\"/\\" path is provided."'), + path: { + '#withType':: d.fn(help='"Type specifies how to match against the path Value.\\n\\n\\nSupport: Core (Exact, PathPrefix)\\n\\n\\nSupport: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { path+: { type: type } }, + '#withValue':: d.fn(help='"Value of the HTTP path to match against."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { path+: { value: value } }, + }, + '#queryParams':: d.obj(help='"QueryParams specifies HTTP query parameter matchers. Multiple match\\nvalues are ANDed together, meaning, a request must match all the\\nspecified query parameters to select the route.\\n\\n\\nSupport: Extended"'), + queryParams: { + '#withName':: d.fn(help='"Name is the name of the HTTP query param to be matched. This must be an\\nexact string match. (See\\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\\n\\n\\nIf multiple entries specify equivalent query param names, only the first\\nentry with an equivalent name MUST be considered for a match. Subsequent\\nentries with an equivalent query param name MUST be ignored.\\n\\n\\nIf a query param is repeated in an HTTP request, the behavior is\\npurposely left undefined, since different data planes have different\\ncapabilities. However, it is *recommended* that implementations should\\nmatch against the first value of the param if the data plane supports it,\\nas this behavior is expected in other load balancing contexts outside of\\nthe Gateway API.\\n\\n\\nUsers SHOULD NOT route traffic based on repeated query params to guard\\nthemselves against potential differences in the implementations."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the query parameter.\\n\\n\\nSupport: Extended (Exact)\\n\\n\\nSupport: Implementation-specific (RegularExpression)\\n\\n\\nSince RegularExpression QueryParamMatchType has Implementation-specific\\nconformance, implementations can support POSIX, PCRE or any other\\ndialects of regular expressions. Please read the implementation's\\ndocumentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP query param to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withHeaders':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are\\nANDed together, meaning, a request must match all the specified headers\\nto select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are\\nANDed together, meaning, a request must match all the specified headers\\nto select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + '#withMethod':: d.fn(help='"Method specifies HTTP method matcher.\\nWhen specified, this route will be matched only if the request has the\\nspecified method.\\n\\n\\nSupport: Extended"', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method: method }, + '#withQueryParams':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match\\nvalues are ANDed together, meaning, a request must match all the\\nspecified query parameters to select the route.\\n\\n\\nSupport: Extended"', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParams(queryParams): { queryParams: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + '#withQueryParamsMixin':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match\\nvalues are ANDed together, meaning, a request must match all the\\nspecified query parameters to select the route.\\n\\n\\nSupport: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParamsMixin(queryParams): { queryParams+: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive a 500 status code.\\n\\n\\nSee the HTTPBackendRef definition for the rules about what makes a single\\nHTTPBackendRef invalid.\\n\\n\\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive a 500 status code.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic must receive a 500. Implementations may\\nchoose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive a 500 status code.\\n\\n\\nSee the HTTPBackendRef definition for the rules about what makes a single\\nHTTPBackendRef invalid.\\n\\n\\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive a 500 status code.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic must receive a 500. Implementations may\\nchoose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nWherever possible, implementations SHOULD implement filters in the order\\nthey are specified.\\n\\n\\nImplementations MAY choose to implement this ordering strictly, rejecting\\nany combination or order of filters that can not be supported. If implementations\\nchoose a strict interpretation of filter ordering, they MUST clearly document\\nthat behavior.\\n\\n\\nTo reject an invalid combination or order of filters, implementations SHOULD\\nconsider the Route Rules with this configuration invalid. If all Route Rules\\nin a Route are invalid, the entire Route would be considered invalid. If only\\na portion of Route Rules are invalid, implementations MUST set the\\n\\"PartiallyInvalid\\" condition for the Route.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nAll filters are expected to be compatible with each other except for the\\nURLRewrite and RequestRedirect filters, which may not be combined. If an\\nimplementation can not support other combinations of filters, they must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nWherever possible, implementations SHOULD implement filters in the order\\nthey are specified.\\n\\n\\nImplementations MAY choose to implement this ordering strictly, rejecting\\nany combination or order of filters that can not be supported. If implementations\\nchoose a strict interpretation of filter ordering, they MUST clearly document\\nthat behavior.\\n\\n\\nTo reject an invalid combination or order of filters, implementations SHOULD\\nconsider the Route Rules with this configuration invalid. If all Route Rules\\nin a Route are invalid, the entire Route would be considered invalid. If only\\na portion of Route Rules are invalid, implementations MUST set the\\n\\"PartiallyInvalid\\" condition for the Route.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nAll filters are expected to be compatible with each other except for the\\nURLRewrite and RequestRedirect filters, which may not be combined. If an\\nimplementation can not support other combinations of filters, they must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\nHTTP requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- path:\\n value: \\"/foo\\"\\n headers:\\n - name: \\"version\\"\\n value: \\"v2\\"\\n- path:\\n value: \\"/v2/foo\\"\\n```\\n\\n\\nFor a request to match against this rule, a request must satisfy\\nEITHER of the two conditions:\\n\\n\\n- path prefixed with `/foo` AND contains the header `version: v2`\\n- path prefix of `/v2/foo`\\n\\n\\nSee the documentation for HTTPRouteMatch on how to specify multiple\\nmatch conditions that should be ANDed together.\\n\\n\\nIf no matches are specified, the default is a prefix\\npath match on \\"/\\", which has the effect of matching every\\nHTTP request.\\n\\n\\nProxy or Load Balancer routing configuration generated from HTTPRoutes\\nMUST prioritize matches based on the following criteria, continuing on\\nties. Across all rules specified on applicable Routes, precedence must be\\ngiven to the match having:\\n\\n\\n* \\"Exact\\" path match.\\n* \\"Prefix\\" path match with largest number of characters.\\n* Method match.\\n* Largest number of header matches.\\n* Largest number of query param matches.\\n\\n\\nNote: The precedence of RegularExpression path matches are implementation-specific.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\\nto the FIRST matching rule (in list order) with a match meeting the above\\ncriteria.\\n\\n\\nWhen no rules matching a request have been successfully attached to the\\nparent a request is coming from, a HTTP 404 status code MUST be returned."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\nHTTP requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- path:\\n value: \\"/foo\\"\\n headers:\\n - name: \\"version\\"\\n value: \\"v2\\"\\n- path:\\n value: \\"/v2/foo\\"\\n```\\n\\n\\nFor a request to match against this rule, a request must satisfy\\nEITHER of the two conditions:\\n\\n\\n- path prefixed with `/foo` AND contains the header `version: v2`\\n- path prefix of `/v2/foo`\\n\\n\\nSee the documentation for HTTPRouteMatch on how to specify multiple\\nmatch conditions that should be ANDed together.\\n\\n\\nIf no matches are specified, the default is a prefix\\npath match on \\"/\\", which has the effect of matching every\\nHTTP request.\\n\\n\\nProxy or Load Balancer routing configuration generated from HTTPRoutes\\nMUST prioritize matches based on the following criteria, continuing on\\nties. Across all rules specified on applicable Routes, precedence must be\\ngiven to the match having:\\n\\n\\n* \\"Exact\\" path match.\\n* \\"Prefix\\" path match with largest number of characters.\\n* Method match.\\n* Largest number of header matches.\\n* Largest number of query param matches.\\n\\n\\nNote: The precedence of RegularExpression path matches are implementation-specific.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\\nto the FIRST matching rule (in list order) with a match meeting the above\\ncriteria.\\n\\n\\nWhen no rules matching a request have been successfully attached to the\\nparent a request is coming from, a HTTP 404 status code MUST be returned."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host\\nheader to select a HTTPRoute used to process the request. Implementations\\nMUST ignore any port value specified in the HTTP Host header while\\nperforming a match and (absent of any applicable header modification\\nconfiguration) MUST forward this header unmodified to the backend.\\n\\n\\nValid values for Hostnames are determined by RFC 1123 definition of a\\nhostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label must appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and HTTPRoute, there\\nmust be at least one intersecting hostname for the HTTPRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\\n all match. On the other hand, `example.com` and `test.example.net` would\\n not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, any\\nHTTPRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nHTTPRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` must not be considered for a match.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, and none\\nmatch with the criteria above, then the HTTPRoute is not accepted. The\\nimplementation must raise an 'Accepted' Condition with a status of\\n`False` in the corresponding RouteParentStatus.\\n\\n\\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\\noverlapping wildcard matching and exact matching hostnames), precedence must\\nbe given to rules from the HTTPRoute with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n\\n\\nIf ties exist across multiple Routes, the matching precedence rules for\\nHTTPRouteMatches takes over.\\n\\n\\nSupport: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host\\nheader to select a HTTPRoute used to process the request. Implementations\\nMUST ignore any port value specified in the HTTP Host header while\\nperforming a match and (absent of any applicable header modification\\nconfiguration) MUST forward this header unmodified to the backend.\\n\\n\\nValid values for Hostnames are determined by RFC 1123 definition of a\\nhostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label must appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and HTTPRoute, there\\nmust be at least one intersecting hostname for the HTTPRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\\n all match. On the other hand, `example.com` and `test.example.net` would\\n not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, any\\nHTTPRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nHTTPRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` must not be considered for a match.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, and none\\nmatch with the criteria above, then the HTTPRoute is not accepted. The\\nimplementation must raise an 'Accepted' Condition with a status of\\n`False` in the corresponding RouteParentStatus.\\n\\n\\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\\noverlapping wildcard matching and exact matching hostnames), precedence must\\nbe given to rules from the HTTPRoute with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n\\n\\nIf ties exist across multiple Routes, the matching precedence rules for\\nHTTPRouteMatches takes over.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\n\\n\\n\\n\\n\\n"', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\n\\n\\n\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1/_gen/gateway/v1/main.libsonnet b/1.1/_gen/gateway/v1/main.libsonnet new file mode 100644 index 0000000..8c80233 --- /dev/null +++ b/1.1/_gen/gateway/v1/main.libsonnet @@ -0,0 +1,8 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1', url='', help=''), + gateway: (import 'gateway.libsonnet'), + gatewayClass: (import 'gatewayClass.libsonnet'), + grpcRoute: (import 'grpcRoute.libsonnet'), + httpRoute: (import 'httpRoute.libsonnet'), +} diff --git a/1.1/_gen/gateway/v1alpha2/grpcRoute.libsonnet b/1.1/_gen/gateway/v1alpha2/grpcRoute.libsonnet new file mode 100644 index 0000000..7e63414 --- /dev/null +++ b/1.1/_gen/gateway/v1alpha2/grpcRoute.libsonnet @@ -0,0 +1,317 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='grpcRoute', url='', help='"GRPCRoute provides a way to route gRPC requests. This includes the capability\\nto match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.\\nFilters can be used to specify additional processing steps. Backends specify\\nwhere matching requests will be routed.\\n\\n\\nGRPCRoute falls under extended support within the Gateway API. Within the\\nfollowing specification, the word \\"MUST\\" indicates that an implementation\\nsupporting GRPCRoute must conform to the indicated requirement, but an\\nimplementation not supporting this route type need not follow the requirement\\nunless explicitly indicated.\\n\\n\\nImplementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST\\naccept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via\\nALPN. If the implementation does not support this, then it MUST set the\\n\\"Accepted\\" condition to \\"False\\" for the affected listener with a reason of\\n\\"UnsupportedProtocol\\". Implementations MAY also accept HTTP/2 connections\\nwith an upgrade from HTTP/1.\\n\\n\\nImplementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST\\nsupport HTTP/2 over cleartext TCP (h2c,\\nhttps://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial\\nupgrade from HTTP/1.1, i.e. with prior knowledge\\n(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation\\ndoes not support this, then it MUST set the \\"Accepted\\" condition to \\"False\\"\\nfor the affected listener with a reason of \\"UnsupportedProtocol\\".\\nImplementations MAY also accept HTTP/2 connections with an upgrade from\\nHTTP/1, i.e. without prior knowledge."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GRPCRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'GRPCRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of GRPCRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\n\\n\\n\\n\\n\\n"'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen unspecified, \\"gateway.networking.k8s.io\\" is inferred.\\nTo set the core API group (such as for a \\"Service\\" kind referent),\\nGroup must be explicitly set to \\"\\" (empty string).\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nSupport for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers\\nto the local namespace of the Route.\\n\\n\\nNote that there are specific rules for ParentRefs which cross namespace\\nboundaries. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example:\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable any other kind of cross-namespace reference.\\n\\n\\n\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted\\ndifferently based on the type of parent resource.\\n\\n\\nWhen the parent resource is a Gateway, this targets all listeners\\nlistening on the specified port that also support this kind of Route(and\\nselect this Route). It's not recommended to set `Port` unless the\\nnetworking behaviors specified in a Route must apply to a specific port\\nas opposed to a listener(s) whose port(s) may be changed. When both Port\\nand SectionName are specified, the name and port of the selected listener\\nmust match both specified values.\\n\\n\\n\\n\\n\\nImplementations MAY choose to support other parent resources.\\nImplementations supporting other types of parent resources MUST clearly\\ndocument how/if Port is interpreted.\\n\\n\\nFor the purpose of status, an attachment is considered successful as\\nlong as the parent resource accepts it partially. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\\nfrom the referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route,\\nthe Route MUST be considered detached from the Gateway.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the\\nfollowing resources, SectionName is interpreted as the following:\\n\\n\\n* Gateway: Listener name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n* Service: Port name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n\\n\\nImplementations MAY choose to support attaching Routes to other resources.\\nIf that is the case, they MUST clearly document how SectionName is\\ninterpreted.\\n\\n\\nWhen unspecified (empty string), this will reference the entire resource.\\nFor the purpose of status, an attachment is considered successful if at\\nleast one section in the parent resource accepts it. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\\nthe referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route, the\\nRoute MUST be considered detached from the Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of GRPC matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive an `UNAVAILABLE` status.\\n\\n\\nSee the GRPCBackendRef definition for the rules about what makes a single\\nGRPCBackendRef invalid.\\n\\n\\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive an `UNAVAILABLE` status.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\\nImplementations may choose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level MUST be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in GRPCRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nSupport: Implementation-specific\\n\\n\\nThis filter can be used multiple times within the same rule."'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations supporting GRPCRoute MUST support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` MUST be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\n"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level MUST be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in GRPCRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level MUST be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in GRPCRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced\\nbackend. This is computed as weight/(sum of all weights in this\\nBackendRefs list). For non-zero values, there may be some epsilon from\\nthe exact proportion defined here depending on the precision an\\nimplementation supports. Weight is not a percentage and the sum of\\nweights does not need to equal 100.\\n\\n\\nIf only one backend is specified and it has a weight greater than 0, 100%\\nof the traffic is forwarded to that backend. If weight is set to 0, no\\ntraffic should be forwarded for this entry. If unspecified, weight\\ndefaults to 1.\\n\\n\\nSupport for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nThe effects of ordering of multiple behaviors are currently unspecified.\\nThis can change in the future based on feedback during the alpha stage.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations that support\\n GRPCRoute.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nIf an implementation can not support a combination of filters, it must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nSupport: Implementation-specific\\n\\n\\nThis filter can be used multiple times within the same rule."'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations supporting GRPCRoute MUST support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` MUST be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\n"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming\\ngRPC requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- method:\\n service: foo.bar\\n headers:\\n values:\\n version: 2\\n- method:\\n service: foo.bar.v2\\n```\\n\\n\\nFor a request to match against this rule, it MUST satisfy\\nEITHER of the two conditions:\\n\\n\\n- service of foo.bar AND contains the header `version: 2`\\n- service of foo.bar.v2\\n\\n\\nSee the documentation for GRPCRouteMatch on how to specify multiple\\nmatch conditions to be ANDed together.\\n\\n\\nIf no matches are specified, the implementation MUST match every gRPC request.\\n\\n\\nProxy or Load Balancer routing configuration generated from GRPCRoutes\\nMUST prioritize rules based on the following criteria, continuing on\\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\\nPrecedence MUST be given to the rule with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n* Characters in a matching service.\\n* Characters in a matching method.\\n* Header matches.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within the Route that has been given precedence,\\nmatching precedence MUST be granted to the first matching rule meeting\\nthe above criteria."'), + matches: { + '#headers':: d.obj(help='"Headers specifies gRPC request header matchers. Multiple match values are\\nANDed together, meaning, a request MUST match all the specified headers\\nto select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the gRPC Header to be matched.\\n\\n\\nIf multiple entries specify equivalent header names, only the first\\nentry with an equivalent name MUST be considered for a match. Subsequent\\nentries with an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help='"Type specifies how to match against the value of the header."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of the gRPC Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#method':: d.obj(help='"Method specifies a gRPC request service/method matcher. If this field is\\nnot specified, all services and methods will match."'), + method: { + '#withMethod':: d.fn(help='"Value of the method to match against. If left empty or omitted, will\\nmatch all services.\\n\\n\\nAt least one of Service and Method MUST be a non-empty string."', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method+: { method: method } }, + '#withService':: d.fn(help='"Value of the service to match against. If left empty or omitted, will\\nmatch any service.\\n\\n\\nAt least one of Service and Method MUST be a non-empty string."', args=[d.arg(name='service', type=d.T.string)]), + withService(service): { method+: { service: service } }, + '#withType':: d.fn(help='"Type specifies how to match against the service and/or method.\\nSupport: Core (Exact with service and method specified)\\n\\n\\nSupport: Implementation-specific (Exact with method specified but no service specified)\\n\\n\\nSupport: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { method+: { type: type } }, + }, + '#withHeaders':: d.fn(help='"Headers specifies gRPC request header matchers. Multiple match values are\\nANDed together, meaning, a request MUST match all the specified headers\\nto select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies gRPC request header matchers. Multiple match values are\\nANDed together, meaning, a request MUST match all the specified headers\\nto select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive an `UNAVAILABLE` status.\\n\\n\\nSee the GRPCBackendRef definition for the rules about what makes a single\\nGRPCBackendRef invalid.\\n\\n\\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive an `UNAVAILABLE` status.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\\nImplementations may choose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive an `UNAVAILABLE` status.\\n\\n\\nSee the GRPCBackendRef definition for the rules about what makes a single\\nGRPCBackendRef invalid.\\n\\n\\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive an `UNAVAILABLE` status.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\\nImplementations may choose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nThe effects of ordering of multiple behaviors are currently unspecified.\\nThis can change in the future based on feedback during the alpha stage.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations that support\\n GRPCRoute.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nIf an implementation can not support a combination of filters, it must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nThe effects of ordering of multiple behaviors are currently unspecified.\\nThis can change in the future based on feedback during the alpha stage.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations that support\\n GRPCRoute.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nIf an implementation can not support a combination of filters, it must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\ngRPC requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- method:\\n service: foo.bar\\n headers:\\n values:\\n version: 2\\n- method:\\n service: foo.bar.v2\\n```\\n\\n\\nFor a request to match against this rule, it MUST satisfy\\nEITHER of the two conditions:\\n\\n\\n- service of foo.bar AND contains the header `version: 2`\\n- service of foo.bar.v2\\n\\n\\nSee the documentation for GRPCRouteMatch on how to specify multiple\\nmatch conditions to be ANDed together.\\n\\n\\nIf no matches are specified, the implementation MUST match every gRPC request.\\n\\n\\nProxy or Load Balancer routing configuration generated from GRPCRoutes\\nMUST prioritize rules based on the following criteria, continuing on\\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\\nPrecedence MUST be given to the rule with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n* Characters in a matching service.\\n* Characters in a matching method.\\n* Header matches.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within the Route that has been given precedence,\\nmatching precedence MUST be granted to the first matching rule meeting\\nthe above criteria."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\ngRPC requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- method:\\n service: foo.bar\\n headers:\\n values:\\n version: 2\\n- method:\\n service: foo.bar.v2\\n```\\n\\n\\nFor a request to match against this rule, it MUST satisfy\\nEITHER of the two conditions:\\n\\n\\n- service of foo.bar AND contains the header `version: 2`\\n- service of foo.bar.v2\\n\\n\\nSee the documentation for GRPCRouteMatch on how to specify multiple\\nmatch conditions to be ANDed together.\\n\\n\\nIf no matches are specified, the implementation MUST match every gRPC request.\\n\\n\\nProxy or Load Balancer routing configuration generated from GRPCRoutes\\nMUST prioritize rules based on the following criteria, continuing on\\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\\nPrecedence MUST be given to the rule with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n* Characters in a matching service.\\n* Characters in a matching method.\\n* Header matches.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within the Route that has been given precedence,\\nmatching precedence MUST be granted to the first matching rule meeting\\nthe above criteria."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames to match against the GRPC\\nHost header to select a GRPCRoute to process the request. This matches\\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label MUST appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and GRPCRoute, there\\nMUST be at least one intersecting hostname for the GRPCRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `test.example.com` and `*.example.com` would both match. On the other\\n hand, `example.com` and `test.example.net` would not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, any\\nGRPCRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nGRPCRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` MUST NOT be considered for a match.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, and none\\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\\nthe implementation. The implementation MUST raise an 'Accepted' Condition\\nwith a status of `False` in the corresponding RouteParentStatus.\\n\\n\\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\\nListener and that listener already has another Route (B) of the other\\ntype attached and the intersection of the hostnames of A and B is\\nnon-empty, then the implementation MUST accept exactly one of these two\\nroutes, determined by the following criteria, in order:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\\"{namespace}/{name}\\\".\\n\\n\\nThe rejected Route MUST raise an 'Accepted' condition with a status of\\n'False' in the corresponding RouteParentStatus.\\n\\n\\nSupport: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames to match against the GRPC\\nHost header to select a GRPCRoute to process the request. This matches\\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label MUST appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and GRPCRoute, there\\nMUST be at least one intersecting hostname for the GRPCRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `test.example.com` and `*.example.com` would both match. On the other\\n hand, `example.com` and `test.example.net` would not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, any\\nGRPCRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nGRPCRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` MUST NOT be considered for a match.\\n\\n\\nIf both the Listener and GRPCRoute have specified hostnames, and none\\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\\nthe implementation. The implementation MUST raise an 'Accepted' Condition\\nwith a status of `False` in the corresponding RouteParentStatus.\\n\\n\\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\\nListener and that listener already has another Route (B) of the other\\ntype attached and the intersection of the hostnames of A and B is\\nnon-empty, then the implementation MUST accept exactly one of these two\\nroutes, determined by the following criteria, in order:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\\"{namespace}/{name}\\\".\\n\\n\\nThe rejected Route MUST raise an 'Accepted' condition with a status of\\n'False' in the corresponding RouteParentStatus.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\n\\n\\n\\n\\n\\n"', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\n\\n\\n\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of GRPC matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of GRPC matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1/_gen/gateway/v1alpha2/main.libsonnet b/1.1/_gen/gateway/v1alpha2/main.libsonnet new file mode 100644 index 0000000..d670b50 --- /dev/null +++ b/1.1/_gen/gateway/v1alpha2/main.libsonnet @@ -0,0 +1,6 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1alpha2', url='', help=''), + grpcRoute: (import 'grpcRoute.libsonnet'), + referenceGrant: (import 'referenceGrant.libsonnet'), +} diff --git a/1.1/_gen/gateway/v1alpha2/referenceGrant.libsonnet b/1.1/_gen/gateway/v1alpha2/referenceGrant.libsonnet new file mode 100644 index 0000000..281d1c8 --- /dev/null +++ b/1.1/_gen/gateway/v1alpha2/referenceGrant.libsonnet @@ -0,0 +1,81 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='referenceGrant', url='', help='"ReferenceGrant identifies kinds of resources in other namespaces that are\\ntrusted to reference the specified kinds of resources in the same namespace\\nas the policy.\\n\\n\\nEach ReferenceGrant can be used to represent a unique trust relationship.\\nAdditional Reference Grants can be used to add to the set of trusted\\nsources of inbound references for the namespace they are defined within.\\n\\n\\nA ReferenceGrant is required for all cross-namespace references in Gateway API\\n(with the exception of cross-namespace Route-Gateway attachment, which is\\ngoverned by the AllowedRoutes configuration on the Gateway, and cross-namespace\\nService ParentRefs on a \\"consumer\\" mesh Route, which defines routing rules\\napplicable only to workloads in the Route namespace). ReferenceGrants allowing\\na reference from a Route to a Service are only applicable to BackendRefs.\\n\\n\\nReferenceGrant is a form of runtime verification allowing users to assert\\nwhich cross-namespace object references are permitted. Implementations that\\nsupport ReferenceGrant MUST NOT permit cross-namespace references which have\\nno grant, and MUST respond to the removal of a grant by revoking the access\\nthat the grant allowed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of ReferenceGrant', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1alpha2', + kind: 'ReferenceGrant', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of ReferenceGrant."'), + spec: { + '#from':: d.obj(help='"From describes the trusted namespaces and kinds that can reference the\\nresources described in \\"To\\". Each entry in this list MUST be considered\\nto be an additional place that references can be valid from, or to put\\nthis another way, entries MUST be combined using OR.\\n\\n\\nSupport: Core"'), + from: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen empty, the Kubernetes core API group is inferred.\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support\\nadditional resources, the following types are part of the \\"Core\\"\\nsupport level for this field.\\n\\n\\nWhen used to permit a SecretObjectReference:\\n\\n\\n* Gateway\\n\\n\\nWhen used to permit a BackendObjectReference:\\n\\n\\n* GRPCRoute\\n* HTTPRoute\\n* TCPRoute\\n* TLSRoute\\n* UDPRoute"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#to':: d.obj(help='"To describes the resources that may be referenced by the resources\\ndescribed in \\"From\\". Each entry in this list MUST be considered to be an\\nadditional place that references can be valid to, or to put this another\\nway, entries MUST be combined using OR.\\n\\n\\nSupport: Core"'), + to: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen empty, the Kubernetes core API group is inferred.\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support\\nadditional resources, the following types are part of the \\"Core\\"\\nsupport level for this field:\\n\\n\\n* Secret when used to permit a SecretObjectReference\\n* Service when used to permit a BackendObjectReference"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. When unspecified, this policy\\nrefers to all resources of the specified Group and Kind in the local\\nnamespace."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withFrom':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the\\nresources described in \\"To\\". Each entry in this list MUST be considered\\nto be an additional place that references can be valid from, or to put\\nthis another way, entries MUST be combined using OR.\\n\\n\\nSupport: Core"', args=[d.arg(name='from', type=d.T.array)]), + withFrom(from): { spec+: { from: if std.isArray(v=from) then from else [from] } }, + '#withFromMixin':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the\\nresources described in \\"To\\". Each entry in this list MUST be considered\\nto be an additional place that references can be valid from, or to put\\nthis another way, entries MUST be combined using OR.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='from', type=d.T.array)]), + withFromMixin(from): { spec+: { from+: if std.isArray(v=from) then from else [from] } }, + '#withTo':: d.fn(help='"To describes the resources that may be referenced by the resources\\ndescribed in \\"From\\". Each entry in this list MUST be considered to be an\\nadditional place that references can be valid to, or to put this another\\nway, entries MUST be combined using OR.\\n\\n\\nSupport: Core"', args=[d.arg(name='to', type=d.T.array)]), + withTo(to): { spec+: { to: if std.isArray(v=to) then to else [to] } }, + '#withToMixin':: d.fn(help='"To describes the resources that may be referenced by the resources\\ndescribed in \\"From\\". Each entry in this list MUST be considered to be an\\nadditional place that references can be valid to, or to put this another\\nway, entries MUST be combined using OR.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='to', type=d.T.array)]), + withToMixin(to): { spec+: { to+: if std.isArray(v=to) then to else [to] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1/_gen/gateway/v1beta1/gateway.libsonnet b/1.1/_gen/gateway/v1beta1/gateway.libsonnet new file mode 100644 index 0000000..a72ba69 --- /dev/null +++ b/1.1/_gen/gateway/v1beta1/gateway.libsonnet @@ -0,0 +1,148 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway', url='', help='"Gateway represents an instance of a service-traffic handling infrastructure\\nby binding Listeners to a set of IP addresses."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of Gateway', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'Gateway', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of Gateway."'), + spec: { + '#addresses':: d.obj(help='"Addresses requested for this Gateway. This is optional and behavior can\\ndepend on the implementation. If a value is set in the spec and the\\nrequested address is invalid or unavailable, the implementation MUST\\nindicate this in the associated entry in GatewayStatus.Addresses.\\n\\n\\nThe Addresses field represents a request for the address(es) on the\\n\\"outside of the Gateway\\", that traffic bound for this Gateway will use.\\nThis could be the IP address or hostname of an external load balancer or\\nother networking infrastructure, or some other address that traffic will\\nbe sent to.\\n\\n\\nIf no Addresses are specified, the implementation MAY schedule the\\nGateway in an implementation-specific manner, assigning an appropriate\\nset of Addresses.\\n\\n\\nThe implementation MUST bind all Listeners to every GatewayAddress that\\nit assigns to the Gateway and add a corresponding entry in\\nGatewayStatus.Addresses.\\n\\n\\nSupport: Extended\\n\\n\\n"'), + addresses: { + '#withType':: d.fn(help='"Type of the address."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value of the address. The validity of the values will depend\\non the type and support by the controller.\\n\\n\\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#listeners':: d.obj(help="\"Listeners associated with this Gateway. Listeners define\\nlogical endpoints that are bound on this Gateway's addresses.\\nAt least one Listener MUST be specified.\\n\\n\\nEach Listener in a set of Listeners (for example, in a single Gateway)\\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\\nexactly one listener. (This section uses \\\"set of Listeners\\\" rather than\\n\\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration\\nfrom multiple Gateways onto a single data plane, and these rules _also_\\napply in that case).\\n\\n\\nPractically, this means that each listener in a set MUST have a unique\\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\\n\\n\\nSome combinations of port, protocol, and TLS settings are considered\\nCore support and MUST be supported by implementations based on their\\ntargeted conformance profile:\\n\\n\\nHTTP Profile\\n\\n\\n1. HTTPRoute, Port: 80, Protocol: HTTP\\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\\n\\n\\nTLS Profile\\n\\n\\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\\n\\n\\n\\\"Distinct\\\" Listeners have the following property:\\n\\n\\nThe implementation can match inbound requests to a single distinct\\nListener. When multiple Listeners share values for fields (for\\nexample, two Listeners with the same Port value), the implementation\\ncan match requests to only one of the Listeners using other\\nListener fields.\\n\\n\\nFor example, the following Listener scenarios are distinct:\\n\\n\\n1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\"\\n Protocol that all have unique Hostname values.\\n2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or\\n \\\"TLS\\\" Protocol that all have unique Hostname values.\\n3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener\\n with the same Protocol has the same Port value.\\n\\n\\nSome fields in the Listener struct have possible values that affect\\nwhether the Listener is distinct. Hostname is particularly relevant\\nfor HTTP or HTTPS protocols.\\n\\n\\nWhen using the Hostname value to select between same-Port, same-Protocol\\nListeners, the Hostname value must be different on each Listener for the\\nListener to be distinct.\\n\\n\\nWhen the Listeners are distinct based on Hostname, inbound request\\nhostnames MUST match from the most specific to least specific Hostname\\nvalues to choose the correct Listener and its associated set of Routes.\\n\\n\\nExact matches must be processed before wildcard matches, and wildcard\\nmatches must be processed before fallback (empty Hostname value)\\nmatches. For example, `\\\"foo.example.com\\\"` takes precedence over\\n`\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`.\\n\\n\\nAdditionally, if there are multiple wildcard entries, more specific\\nwildcard entries must be processed before less specific wildcard entries.\\nFor example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`.\\nThe precise definition here is that the higher the number of dots in the\\nhostname to the right of the wildcard character, the higher the precedence.\\n\\n\\nThe wildcard character will match any number of characters _and dots_ to\\nthe left, however, so `\\\"*.example.com\\\"` will match both\\n`\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`.\\n\\n\\nIf a set of Listeners contains Listeners that are not distinct, then those\\nListeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\"\\ncondition in the Listener Status to \\\"True\\\".\\n\\n\\nImplementations MAY choose to accept a Gateway with some Conflicted\\nListeners only if they only accept the partial Listener set that contains\\nno Conflicted Listeners. To put this another way, implementations may\\naccept a partial Listener set only if they throw out *all* the conflicting\\nListeners. No picking one of the conflicting listeners as the winner.\\nThis also means that the Gateway must have at least one non-conflicting\\nListener in this case, otherwise it violates the requirement that at\\nleast one Listener must be present.\\n\\n\\nThe implementation MUST set a \\\"ListenersNotValid\\\" condition on the\\nGateway Status when the Gateway contains Conflicted Listeners whether or\\nnot they accept the Gateway. That Condition SHOULD clearly\\nindicate in the Message which Listeners are conflicted, and which are\\nAccepted. Additionally, the Listener status for those listeners SHOULD\\nindicate which Listeners are conflicted and not Accepted.\\n\\n\\nA Gateway's Listeners are considered \\\"compatible\\\" if:\\n\\n\\n1. They are distinct.\\n2. The implementation can serve them in compliance with the Addresses\\n requirement that all Listeners are available on all assigned\\n addresses.\\n\\n\\nCompatible combinations in Extended support are expected to vary across\\nimplementations. A combination that is compatible for one implementation\\nmay not be compatible for another.\\n\\n\\nFor example, an implementation that cannot serve both TCP and UDP listeners\\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\\nwould not consider those cases compatible, even though they are distinct.\\n\\n\\nNote that requests SHOULD match at most one Listener. For example, if\\nListeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a\\nrequest to \\\"foo.example.com\\\" SHOULD only be routed using routes attached\\nto the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener).\\nThis concept is known as \\\"Listener Isolation\\\". Implementations that do\\nnot support Listener Isolation MUST clearly document this.\\n\\n\\nImplementations MAY merge separate Gateways onto a single set of\\nAddresses if all Listeners across all Gateways are compatible.\\n\\n\\nSupport: Core\""), + listeners: { + '#allowedRoutes':: d.obj(help='"AllowedRoutes defines the types of routes that MAY be attached to a\\nListener and the trusted namespaces where those Route resources MAY be\\npresent.\\n\\n\\nAlthough a client request may match multiple route rules, only one rule\\nmay ultimately receive the request. Matching precedence MUST be\\ndetermined in order of the following criteria:\\n\\n\\n* The most specific match as defined by the Route type.\\n* The oldest Route based on creation timestamp. For example, a Route with\\n a creation timestamp of \\"2020-09-08 01:02:03\\" is given precedence over\\n a Route with a creation timestamp of \\"2020-09-08 01:02:04\\".\\n* If everything else is equivalent, the Route appearing first in\\n alphabetical order (namespace/name) should be given precedence. For\\n example, foo/bar is given precedence over foo/baz.\\n\\n\\nAll valid rules within a Route attached to this Listener should be\\nimplemented. Invalid Route rules can be ignored (sometimes that will mean\\nthe full Route). If a Route rule transitions from valid to invalid,\\nsupport for that Route rule should be dropped to ensure consistency. For\\nexample, even if a filter specified by a Route rule is invalid, the rest\\nof the rules within that Route should still be supported.\\n\\n\\nSupport: Core"'), + allowedRoutes: { + '#kinds':: d.obj(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind\\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\\nselected are determined using the Listener protocol.\\n\\n\\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\\nwith the application protocol specified in the Listener's Protocol field.\\nIf an implementation does not support or recognize this resource type, it\\nMUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the\\n\\\"InvalidRouteKinds\\\" reason.\\n\\n\\nSupport: Core\""), + kinds: { + '#withGroup':: d.fn(help='"Group is the group of the Route."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the Route."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + }, + '#namespaces':: d.obj(help='"Namespaces indicates namespaces from which Routes may be attached to this\\nListener. This is restricted to the namespace of this Gateway by default.\\n\\n\\nSupport: Core"'), + namespaces: { + '#selector':: d.obj(help='"Selector must be specified when From is set to \\"Selector\\". In that case,\\nonly Routes in Namespaces matching this Selector will be selected by this\\nGateway. This field is ignored for other values of \\"From\\".\\n\\n\\nSupport: Core"'), + selector: { + '#matchExpressions':: d.obj(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."'), + matchExpressions: { + '#withKey':: d.fn(help='"key is the label key that the selector applies to."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withOperator':: d.fn(help="\"operator represents a key's relationship to a set of values.\\nValid operators are In, NotIn, Exists and DoesNotExist.\"", args=[d.arg(name='operator', type=d.T.string)]), + withOperator(operator): { operator: operator }, + '#withValues':: d.fn(help='"values is an array of string values. If the operator is In or NotIn,\\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\\nthe values array must be empty. This array is replaced during a strategic\\nmerge patch."', args=[d.arg(name='values', type=d.T.array)]), + withValues(values): { values: if std.isArray(v=values) then values else [values] }, + '#withValuesMixin':: d.fn(help='"values is an array of string values. If the operator is In or NotIn,\\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\\nthe values array must be empty. This array is replaced during a strategic\\nmerge patch."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='values', type=d.T.array)]), + withValuesMixin(values): { values+: if std.isArray(v=values) then values else [values] }, + }, + '#withMatchExpressions':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressions(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchExpressionsMixin':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressionsMixin(matchExpressions): { allowedRoutes+: { namespaces+: { selector+: { matchExpressions+: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } }, + '#withMatchLabels':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\\nmap is equivalent to an element of matchExpressions, whose key field is \\"key\\", the\\noperator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabels(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels: matchLabels } } } }, + '#withMatchLabelsMixin':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\\nmap is equivalent to an element of matchExpressions, whose key field is \\"key\\", the\\noperator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabelsMixin(matchLabels): { allowedRoutes+: { namespaces+: { selector+: { matchLabels+: matchLabels } } } }, + }, + '#withFrom':: d.fn(help='"From indicates where Routes will be selected for this Gateway. Possible\\nvalues are:\\n\\n\\n* All: Routes in all namespaces may be used by this Gateway.\\n* Selector: Routes in namespaces selected by the selector may be used by\\n this Gateway.\\n* Same: Only Routes in the same namespace may be used by this Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='from', type=d.T.string)]), + withFrom(from): { allowedRoutes+: { namespaces+: { from: from } } }, + }, + '#withKinds':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind\\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\\nselected are determined using the Listener protocol.\\n\\n\\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\\nwith the application protocol specified in the Listener's Protocol field.\\nIf an implementation does not support or recognize this resource type, it\\nMUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the\\n\\\"InvalidRouteKinds\\\" reason.\\n\\n\\nSupport: Core\"", args=[d.arg(name='kinds', type=d.T.array)]), + withKinds(kinds): { allowedRoutes+: { kinds: if std.isArray(v=kinds) then kinds else [kinds] } }, + '#withKindsMixin':: d.fn(help="\"Kinds specifies the groups and kinds of Routes that are allowed to bind\\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\\nselected are determined using the Listener protocol.\\n\\n\\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\\nwith the application protocol specified in the Listener's Protocol field.\\nIf an implementation does not support or recognize this resource type, it\\nMUST set the \\\"ResolvedRefs\\\" condition to False for this Listener with the\\n\\\"InvalidRouteKinds\\\" reason.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='kinds', type=d.T.array)]), + withKindsMixin(kinds): { allowedRoutes+: { kinds+: if std.isArray(v=kinds) then kinds else [kinds] } }, + }, + '#tls':: d.obj(help='"TLS is the TLS configuration for the Listener. This field is required if\\nthe Protocol field is \\"HTTPS\\" or \\"TLS\\". It is invalid to set this field\\nif the Protocol field is \\"HTTP\\", \\"TCP\\", or \\"UDP\\".\\n\\n\\nThe association of SNIs to Certificate defined in GatewayTLSConfig is\\ndefined based on the Hostname field for this listener.\\n\\n\\nThe GatewayClass MUST use the longest matching SNI out of all\\navailable certificates for any TLS handshake.\\n\\n\\nSupport: Core"'), + tls: { + '#certificateRefs':: d.obj(help='"CertificateRefs contains a series of references to Kubernetes objects that\\ncontains TLS certificates and private keys. These certificates are used to\\nestablish a TLS handshake for requests that match the hostname of the\\nassociated listener.\\n\\n\\nA single CertificateRef to a Kubernetes Secret has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nReferences to a resource in different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason.\\n\\n\\nThis field is required to have at least one element when the mode is set\\nto \\"Terminate\\" (default) and is optional otherwise.\\n\\n\\nCertificateRefs can reference to standard Kubernetes resources, i.e.\\nSecret, or implementation-specific custom resources.\\n\\n\\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\\n\\n\\nSupport: Implementation-specific (More than one reference or other resource types)"'), + certificateRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"Secret\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the referenced object. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#withCertificateRefs':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that\\ncontains TLS certificates and private keys. These certificates are used to\\nestablish a TLS handshake for requests that match the hostname of the\\nassociated listener.\\n\\n\\nA single CertificateRef to a Kubernetes Secret has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nReferences to a resource in different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason.\\n\\n\\nThis field is required to have at least one element when the mode is set\\nto \\"Terminate\\" (default) and is optional otherwise.\\n\\n\\nCertificateRefs can reference to standard Kubernetes resources, i.e.\\nSecret, or implementation-specific custom resources.\\n\\n\\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\\n\\n\\nSupport: Implementation-specific (More than one reference or other resource types)"', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefs(certificateRefs): { tls+: { certificateRefs: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withCertificateRefsMixin':: d.fn(help='"CertificateRefs contains a series of references to Kubernetes objects that\\ncontains TLS certificates and private keys. These certificates are used to\\nestablish a TLS handshake for requests that match the hostname of the\\nassociated listener.\\n\\n\\nA single CertificateRef to a Kubernetes Secret has \\"Core\\" support.\\nImplementations MAY choose to support attaching multiple certificates to\\na Listener, but this behavior is implementation-specific.\\n\\n\\nReferences to a resource in different namespace are invalid UNLESS there\\nis a ReferenceGrant in the target namespace that allows the certificate\\nto be attached. If a ReferenceGrant does not allow this reference, the\\n\\"ResolvedRefs\\" condition MUST be set to False for this listener with the\\n\\"RefNotPermitted\\" reason.\\n\\n\\nThis field is required to have at least one element when the mode is set\\nto \\"Terminate\\" (default) and is optional otherwise.\\n\\n\\nCertificateRefs can reference to standard Kubernetes resources, i.e.\\nSecret, or implementation-specific custom resources.\\n\\n\\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\\n\\n\\nSupport: Implementation-specific (More than one reference or other resource types)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='certificateRefs', type=d.T.array)]), + withCertificateRefsMixin(certificateRefs): { tls+: { certificateRefs+: if std.isArray(v=certificateRefs) then certificateRefs else [certificateRefs] } }, + '#withMode':: d.fn(help="\"Mode defines the TLS behavior for the TLS session initiated by the client.\\nThere are two possible modes:\\n\\n\\n- Terminate: The TLS session between the downstream client and the\\n Gateway is terminated at the Gateway. This mode requires certificates\\n to be specified in some way, such as populating the certificateRefs\\n field.\\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\\n implies that the Gateway can't decipher the TLS stream except for\\n the ClientHello message of the TLS protocol. The certificateRefs field\\n is ignored in this mode.\\n\\n\\nSupport: Core\"", args=[d.arg(name='mode', type=d.T.string)]), + withMode(mode): { tls+: { mode: mode } }, + '#withOptions':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS\\nconfiguration for each implementation. For example, configuring the\\nminimum TLS version or supported cipher suites.\\n\\n\\nA set of common keys MAY be defined by the API in the future. To avoid\\nany ambiguity, implementation-specific definitions MUST use\\ndomain-prefixed names, such as `example.com/my-custom-option`.\\nUn-prefixed names are reserved for key names defined by Gateway API.\\n\\n\\nSupport: Implementation-specific"', args=[d.arg(name='options', type=d.T.object)]), + withOptions(options): { tls+: { options: options } }, + '#withOptionsMixin':: d.fn(help='"Options are a list of key/value pairs to enable extended TLS\\nconfiguration for each implementation. For example, configuring the\\nminimum TLS version or supported cipher suites.\\n\\n\\nA set of common keys MAY be defined by the API in the future. To avoid\\nany ambiguity, implementation-specific definitions MUST use\\ndomain-prefixed names, such as `example.com/my-custom-option`.\\nUn-prefixed names are reserved for key names defined by Gateway API.\\n\\n\\nSupport: Implementation-specific"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='options', type=d.T.object)]), + withOptionsMixin(options): { tls+: { options+: options } }, + }, + '#withHostname':: d.fn(help="\"Hostname specifies the virtual hostname to match for protocol types that\\ndefine this concept. When unspecified, all hostnames are matched. This\\nfield is ignored for protocols that don't require hostname based\\nmatching.\\n\\n\\nImplementations MUST apply Hostname matching appropriately for each of\\nthe following protocols:\\n\\n\\n* TLS: The Listener Hostname MUST match the SNI.\\n* HTTP: The Listener Hostname MUST match the Host header of the request.\\n* HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP\\n protocol layers as described above. If an implementation does not\\n ensure that both the SNI and Host header match the Listener hostname,\\n it MUST clearly document that.\\n\\n\\nFor HTTPRoute and TLSRoute resources, there is an interaction with the\\n`spec.hostnames` array. When both listener and route specify hostnames,\\nthere MUST be an intersection between the values for a Route to be\\naccepted. For more information, refer to the Route specific Hostnames\\ndocumentation.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nSupport: Core\"", args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { hostname: hostname }, + '#withName':: d.fn(help='"Name is the name of the Listener. This name MUST be unique within a\\nGateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withPort':: d.fn(help='"Port is the network port. Multiple listeners may use the\\nsame port, subject to the Listener compatibility rules.\\n\\n\\nSupport: Core"', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withProtocol':: d.fn(help='"Protocol specifies the network protocol this listener expects to receive.\\n\\n\\nSupport: Core"', args=[d.arg(name='protocol', type=d.T.string)]), + withProtocol(protocol): { protocol: protocol }, + }, + '#withAddresses':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can\\ndepend on the implementation. If a value is set in the spec and the\\nrequested address is invalid or unavailable, the implementation MUST\\nindicate this in the associated entry in GatewayStatus.Addresses.\\n\\n\\nThe Addresses field represents a request for the address(es) on the\\n\\"outside of the Gateway\\", that traffic bound for this Gateway will use.\\nThis could be the IP address or hostname of an external load balancer or\\nother networking infrastructure, or some other address that traffic will\\nbe sent to.\\n\\n\\nIf no Addresses are specified, the implementation MAY schedule the\\nGateway in an implementation-specific manner, assigning an appropriate\\nset of Addresses.\\n\\n\\nThe implementation MUST bind all Listeners to every GatewayAddress that\\nit assigns to the Gateway and add a corresponding entry in\\nGatewayStatus.Addresses.\\n\\n\\nSupport: Extended\\n\\n\\n"', args=[d.arg(name='addresses', type=d.T.array)]), + withAddresses(addresses): { spec+: { addresses: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withAddressesMixin':: d.fn(help='"Addresses requested for this Gateway. This is optional and behavior can\\ndepend on the implementation. If a value is set in the spec and the\\nrequested address is invalid or unavailable, the implementation MUST\\nindicate this in the associated entry in GatewayStatus.Addresses.\\n\\n\\nThe Addresses field represents a request for the address(es) on the\\n\\"outside of the Gateway\\", that traffic bound for this Gateway will use.\\nThis could be the IP address or hostname of an external load balancer or\\nother networking infrastructure, or some other address that traffic will\\nbe sent to.\\n\\n\\nIf no Addresses are specified, the implementation MAY schedule the\\nGateway in an implementation-specific manner, assigning an appropriate\\nset of Addresses.\\n\\n\\nThe implementation MUST bind all Listeners to every GatewayAddress that\\nit assigns to the Gateway and add a corresponding entry in\\nGatewayStatus.Addresses.\\n\\n\\nSupport: Extended\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='addresses', type=d.T.array)]), + withAddressesMixin(addresses): { spec+: { addresses+: if std.isArray(v=addresses) then addresses else [addresses] } }, + '#withGatewayClassName':: d.fn(help='"GatewayClassName used for this Gateway. This is the name of a\\nGatewayClass resource."', args=[d.arg(name='gatewayClassName', type=d.T.string)]), + withGatewayClassName(gatewayClassName): { spec+: { gatewayClassName: gatewayClassName } }, + '#withListeners':: d.fn(help="\"Listeners associated with this Gateway. Listeners define\\nlogical endpoints that are bound on this Gateway's addresses.\\nAt least one Listener MUST be specified.\\n\\n\\nEach Listener in a set of Listeners (for example, in a single Gateway)\\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\\nexactly one listener. (This section uses \\\"set of Listeners\\\" rather than\\n\\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration\\nfrom multiple Gateways onto a single data plane, and these rules _also_\\napply in that case).\\n\\n\\nPractically, this means that each listener in a set MUST have a unique\\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\\n\\n\\nSome combinations of port, protocol, and TLS settings are considered\\nCore support and MUST be supported by implementations based on their\\ntargeted conformance profile:\\n\\n\\nHTTP Profile\\n\\n\\n1. HTTPRoute, Port: 80, Protocol: HTTP\\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\\n\\n\\nTLS Profile\\n\\n\\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\\n\\n\\n\\\"Distinct\\\" Listeners have the following property:\\n\\n\\nThe implementation can match inbound requests to a single distinct\\nListener. When multiple Listeners share values for fields (for\\nexample, two Listeners with the same Port value), the implementation\\ncan match requests to only one of the Listeners using other\\nListener fields.\\n\\n\\nFor example, the following Listener scenarios are distinct:\\n\\n\\n1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\"\\n Protocol that all have unique Hostname values.\\n2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or\\n \\\"TLS\\\" Protocol that all have unique Hostname values.\\n3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener\\n with the same Protocol has the same Port value.\\n\\n\\nSome fields in the Listener struct have possible values that affect\\nwhether the Listener is distinct. Hostname is particularly relevant\\nfor HTTP or HTTPS protocols.\\n\\n\\nWhen using the Hostname value to select between same-Port, same-Protocol\\nListeners, the Hostname value must be different on each Listener for the\\nListener to be distinct.\\n\\n\\nWhen the Listeners are distinct based on Hostname, inbound request\\nhostnames MUST match from the most specific to least specific Hostname\\nvalues to choose the correct Listener and its associated set of Routes.\\n\\n\\nExact matches must be processed before wildcard matches, and wildcard\\nmatches must be processed before fallback (empty Hostname value)\\nmatches. For example, `\\\"foo.example.com\\\"` takes precedence over\\n`\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`.\\n\\n\\nAdditionally, if there are multiple wildcard entries, more specific\\nwildcard entries must be processed before less specific wildcard entries.\\nFor example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`.\\nThe precise definition here is that the higher the number of dots in the\\nhostname to the right of the wildcard character, the higher the precedence.\\n\\n\\nThe wildcard character will match any number of characters _and dots_ to\\nthe left, however, so `\\\"*.example.com\\\"` will match both\\n`\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`.\\n\\n\\nIf a set of Listeners contains Listeners that are not distinct, then those\\nListeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\"\\ncondition in the Listener Status to \\\"True\\\".\\n\\n\\nImplementations MAY choose to accept a Gateway with some Conflicted\\nListeners only if they only accept the partial Listener set that contains\\nno Conflicted Listeners. To put this another way, implementations may\\naccept a partial Listener set only if they throw out *all* the conflicting\\nListeners. No picking one of the conflicting listeners as the winner.\\nThis also means that the Gateway must have at least one non-conflicting\\nListener in this case, otherwise it violates the requirement that at\\nleast one Listener must be present.\\n\\n\\nThe implementation MUST set a \\\"ListenersNotValid\\\" condition on the\\nGateway Status when the Gateway contains Conflicted Listeners whether or\\nnot they accept the Gateway. That Condition SHOULD clearly\\nindicate in the Message which Listeners are conflicted, and which are\\nAccepted. Additionally, the Listener status for those listeners SHOULD\\nindicate which Listeners are conflicted and not Accepted.\\n\\n\\nA Gateway's Listeners are considered \\\"compatible\\\" if:\\n\\n\\n1. They are distinct.\\n2. The implementation can serve them in compliance with the Addresses\\n requirement that all Listeners are available on all assigned\\n addresses.\\n\\n\\nCompatible combinations in Extended support are expected to vary across\\nimplementations. A combination that is compatible for one implementation\\nmay not be compatible for another.\\n\\n\\nFor example, an implementation that cannot serve both TCP and UDP listeners\\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\\nwould not consider those cases compatible, even though they are distinct.\\n\\n\\nNote that requests SHOULD match at most one Listener. For example, if\\nListeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a\\nrequest to \\\"foo.example.com\\\" SHOULD only be routed using routes attached\\nto the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener).\\nThis concept is known as \\\"Listener Isolation\\\". Implementations that do\\nnot support Listener Isolation MUST clearly document this.\\n\\n\\nImplementations MAY merge separate Gateways onto a single set of\\nAddresses if all Listeners across all Gateways are compatible.\\n\\n\\nSupport: Core\"", args=[d.arg(name='listeners', type=d.T.array)]), + withListeners(listeners): { spec+: { listeners: if std.isArray(v=listeners) then listeners else [listeners] } }, + '#withListenersMixin':: d.fn(help="\"Listeners associated with this Gateway. Listeners define\\nlogical endpoints that are bound on this Gateway's addresses.\\nAt least one Listener MUST be specified.\\n\\n\\nEach Listener in a set of Listeners (for example, in a single Gateway)\\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\\nexactly one listener. (This section uses \\\"set of Listeners\\\" rather than\\n\\\"Listeners in a single Gateway\\\" because implementations MAY merge configuration\\nfrom multiple Gateways onto a single data plane, and these rules _also_\\napply in that case).\\n\\n\\nPractically, this means that each listener in a set MUST have a unique\\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\\n\\n\\nSome combinations of port, protocol, and TLS settings are considered\\nCore support and MUST be supported by implementations based on their\\ntargeted conformance profile:\\n\\n\\nHTTP Profile\\n\\n\\n1. HTTPRoute, Port: 80, Protocol: HTTP\\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\\n\\n\\nTLS Profile\\n\\n\\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\\n\\n\\n\\\"Distinct\\\" Listeners have the following property:\\n\\n\\nThe implementation can match inbound requests to a single distinct\\nListener. When multiple Listeners share values for fields (for\\nexample, two Listeners with the same Port value), the implementation\\ncan match requests to only one of the Listeners using other\\nListener fields.\\n\\n\\nFor example, the following Listener scenarios are distinct:\\n\\n\\n1. Multiple Listeners with the same Port that all use the \\\"HTTP\\\"\\n Protocol that all have unique Hostname values.\\n2. Multiple Listeners with the same Port that use either the \\\"HTTPS\\\" or\\n \\\"TLS\\\" Protocol that all have unique Hostname values.\\n3. A mixture of \\\"TCP\\\" and \\\"UDP\\\" Protocol Listeners, where no Listener\\n with the same Protocol has the same Port value.\\n\\n\\nSome fields in the Listener struct have possible values that affect\\nwhether the Listener is distinct. Hostname is particularly relevant\\nfor HTTP or HTTPS protocols.\\n\\n\\nWhen using the Hostname value to select between same-Port, same-Protocol\\nListeners, the Hostname value must be different on each Listener for the\\nListener to be distinct.\\n\\n\\nWhen the Listeners are distinct based on Hostname, inbound request\\nhostnames MUST match from the most specific to least specific Hostname\\nvalues to choose the correct Listener and its associated set of Routes.\\n\\n\\nExact matches must be processed before wildcard matches, and wildcard\\nmatches must be processed before fallback (empty Hostname value)\\nmatches. For example, `\\\"foo.example.com\\\"` takes precedence over\\n`\\\"*.example.com\\\"`, and `\\\"*.example.com\\\"` takes precedence over `\\\"\\\"`.\\n\\n\\nAdditionally, if there are multiple wildcard entries, more specific\\nwildcard entries must be processed before less specific wildcard entries.\\nFor example, `\\\"*.foo.example.com\\\"` takes precedence over `\\\"*.example.com\\\"`.\\nThe precise definition here is that the higher the number of dots in the\\nhostname to the right of the wildcard character, the higher the precedence.\\n\\n\\nThe wildcard character will match any number of characters _and dots_ to\\nthe left, however, so `\\\"*.example.com\\\"` will match both\\n`\\\"foo.bar.example.com\\\"` _and_ `\\\"bar.example.com\\\"`.\\n\\n\\nIf a set of Listeners contains Listeners that are not distinct, then those\\nListeners are Conflicted, and the implementation MUST set the \\\"Conflicted\\\"\\ncondition in the Listener Status to \\\"True\\\".\\n\\n\\nImplementations MAY choose to accept a Gateway with some Conflicted\\nListeners only if they only accept the partial Listener set that contains\\nno Conflicted Listeners. To put this another way, implementations may\\naccept a partial Listener set only if they throw out *all* the conflicting\\nListeners. No picking one of the conflicting listeners as the winner.\\nThis also means that the Gateway must have at least one non-conflicting\\nListener in this case, otherwise it violates the requirement that at\\nleast one Listener must be present.\\n\\n\\nThe implementation MUST set a \\\"ListenersNotValid\\\" condition on the\\nGateway Status when the Gateway contains Conflicted Listeners whether or\\nnot they accept the Gateway. That Condition SHOULD clearly\\nindicate in the Message which Listeners are conflicted, and which are\\nAccepted. Additionally, the Listener status for those listeners SHOULD\\nindicate which Listeners are conflicted and not Accepted.\\n\\n\\nA Gateway's Listeners are considered \\\"compatible\\\" if:\\n\\n\\n1. They are distinct.\\n2. The implementation can serve them in compliance with the Addresses\\n requirement that all Listeners are available on all assigned\\n addresses.\\n\\n\\nCompatible combinations in Extended support are expected to vary across\\nimplementations. A combination that is compatible for one implementation\\nmay not be compatible for another.\\n\\n\\nFor example, an implementation that cannot serve both TCP and UDP listeners\\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\\nwould not consider those cases compatible, even though they are distinct.\\n\\n\\nNote that requests SHOULD match at most one Listener. For example, if\\nListeners are defined for \\\"foo.example.com\\\" and \\\"*.example.com\\\", a\\nrequest to \\\"foo.example.com\\\" SHOULD only be routed using routes attached\\nto the \\\"foo.example.com\\\" Listener (and not the \\\"*.example.com\\\" Listener).\\nThis concept is known as \\\"Listener Isolation\\\". Implementations that do\\nnot support Listener Isolation MUST clearly document this.\\n\\n\\nImplementations MAY merge separate Gateways onto a single set of\\nAddresses if all Listeners across all Gateways are compatible.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='listeners', type=d.T.array)]), + withListenersMixin(listeners): { spec+: { listeners+: if std.isArray(v=listeners) then listeners else [listeners] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1/_gen/gateway/v1beta1/gatewayClass.libsonnet b/1.1/_gen/gateway/v1beta1/gatewayClass.libsonnet new file mode 100644 index 0000000..19a38e0 --- /dev/null +++ b/1.1/_gen/gateway/v1beta1/gatewayClass.libsonnet @@ -0,0 +1,72 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gatewayClass', url='', help='"GatewayClass describes a class of Gateways available to the user for creating\\nGateway resources.\\n\\n\\nIt is recommended that this resource be used as a template for Gateways. This\\nmeans that a Gateway is based on the state of the GatewayClass at the time it\\nwas created and changes to the GatewayClass or associated parameters are not\\npropagated down to existing Gateways. This recommendation is intended to\\nlimit the blast radius of changes to GatewayClass or associated parameters.\\nIf implementations choose to propagate GatewayClass changes to existing\\nGateways, that MUST be clearly documented by the implementation.\\n\\n\\nWhenever one or more Gateways are using a GatewayClass, implementations SHOULD\\nadd the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the\\nassociated GatewayClass. This ensures that a GatewayClass associated with a\\nGateway is not deleted while in use.\\n\\n\\nGatewayClass is a Cluster level resource."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of GatewayClass', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'GatewayClass', + } + self.metadata.withName(name=name) + self.metadata.withAnnotations(annotations={ + 'tanka.dev/namespaced': 'false', + }), + '#spec':: d.obj(help='"Spec defines the desired state of GatewayClass."'), + spec: { + '#parametersRef':: d.obj(help="\"ParametersRef is a reference to a resource that contains the configuration\\nparameters corresponding to the GatewayClass. This is optional if the\\ncontroller does not require any additional configuration.\\n\\n\\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\\nor an implementation-specific custom resource. The resource can be\\ncluster-scoped or namespace-scoped.\\n\\n\\nIf the referent cannot be found, the GatewayClass's \\\"InvalidParameters\\\"\\nstatus condition will be true.\\n\\n\\nA Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,\\nthe merging behavior is implementation specific.\\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\\n\\n\\nSupport: Implementation-specific\""), + parametersRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { spec+: { parametersRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is kind of the referent."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { spec+: { parametersRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { parametersRef+: { name: name } } }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent.\\nThis field is required when referring to a Namespace-scoped resource and\\nMUST be unset when referring to a Cluster-scoped resource."', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { parametersRef+: { namespace: namespace } } }, + }, + '#withControllerName':: d.fn(help='"ControllerName is the name of the controller that is managing Gateways of\\nthis class. The value of this field MUST be a domain prefixed path.\\n\\n\\nExample: \\"example.net/gateway-controller\\".\\n\\n\\nThis field is not mutable and cannot be empty.\\n\\n\\nSupport: Core"', args=[d.arg(name='controllerName', type=d.T.string)]), + withControllerName(controllerName): { spec+: { controllerName: controllerName } }, + '#withDescription':: d.fn(help='"Description helps describe a GatewayClass with more details."', args=[d.arg(name='description', type=d.T.string)]), + withDescription(description): { spec+: { description: description } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1/_gen/gateway/v1beta1/httpRoute.libsonnet b/1.1/_gen/gateway/v1beta1/httpRoute.libsonnet new file mode 100644 index 0000000..f975574 --- /dev/null +++ b/1.1/_gen/gateway/v1beta1/httpRoute.libsonnet @@ -0,0 +1,398 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='httpRoute', url='', help='"HTTPRoute provides a way to route HTTP requests. This includes the capability\\nto match requests by hostname, path, header, or query param. Filters can be\\nused to specify additional processing steps. Backends specify where matching\\nrequests should be routed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of HTTPRoute', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'HTTPRoute', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of HTTPRoute."'), + spec: { + '#parentRefs':: d.obj(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\n\\n\\n\\n\\n\\n"'), + parentRefs: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen unspecified, \\"gateway.networking.k8s.io\\" is inferred.\\nTo set the core API group (such as for a \\"Service\\" kind referent),\\nGroup must be explicitly set to \\"\\" (empty string).\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is kind of the referent.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nSupport for other resources is Implementation-Specific."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent. When unspecified, this refers\\nto the local namespace of the Route.\\n\\n\\nNote that there are specific rules for ParentRefs which cross namespace\\nboundaries. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example:\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable any other kind of cross-namespace reference.\\n\\n\\n\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help="\"Port is the network port this Route targets. It can be interpreted\\ndifferently based on the type of parent resource.\\n\\n\\nWhen the parent resource is a Gateway, this targets all listeners\\nlistening on the specified port that also support this kind of Route(and\\nselect this Route). It's not recommended to set `Port` unless the\\nnetworking behaviors specified in a Route must apply to a specific port\\nas opposed to a listener(s) whose port(s) may be changed. When both Port\\nand SectionName are specified, the name and port of the selected listener\\nmust match both specified values.\\n\\n\\n\\n\\n\\nImplementations MAY choose to support other parent resources.\\nImplementations supporting other types of parent resources MUST clearly\\ndocument how/if Port is interpreted.\\n\\n\\nFor the purpose of status, an attachment is considered successful as\\nlong as the parent resource accepts it partially. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\\nfrom the referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route,\\nthe Route MUST be considered detached from the Gateway.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withSectionName':: d.fn(help='"SectionName is the name of a section within the target resource. In the\\nfollowing resources, SectionName is interpreted as the following:\\n\\n\\n* Gateway: Listener name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n* Service: Port name. When both Port (experimental) and SectionName\\nare specified, the name and port of the selected listener must match\\nboth specified values.\\n\\n\\nImplementations MAY choose to support attaching Routes to other resources.\\nIf that is the case, they MUST clearly document how SectionName is\\ninterpreted.\\n\\n\\nWhen unspecified (empty string), this will reference the entire resource.\\nFor the purpose of status, an attachment is considered successful if at\\nleast one section in the parent resource accepts it. For example, Gateway\\nlisteners can restrict which Routes can attach to them by Route kind,\\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\\nthe referencing Route, the Route MUST be considered successfully\\nattached. If no Gateway listeners accept attachment from this Route, the\\nRoute MUST be considered detached from the Gateway.\\n\\n\\nSupport: Core"', args=[d.arg(name='sectionName', type=d.T.string)]), + withSectionName(sectionName): { sectionName: sectionName }, + }, + '#rules':: d.obj(help='"Rules are a list of HTTP matchers, filters and actions."'), + rules: { + '#backendRefs':: d.obj(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive a 500 status code.\\n\\n\\nSee the HTTPBackendRef definition for the rules about what makes a single\\nHTTPBackendRef invalid.\\n\\n\\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive a 500 status code.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic must receive a 500. Implementations may\\nchoose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"'), + backendRefs: { + '#filters':: d.obj(help='"Filters defined at this level should be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in HTTPRouteRule.)"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nThis filter can be used multiple times within the same rule.\\n\\n\\nSupport: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the\\nrequest with an HTTP redirection.\\n\\n\\nSupport: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request.\\nThe modified path is then used to construct the `Location` header. When\\nempty, the request path is used as-is.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location`\\nheader in the response.\\nWhen empty, the hostname in the `Host` header of the request is used.\\n\\n\\nSupport: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location`\\nheader in the response.\\n\\n\\nIf no port is specified, the redirect port MUST be derived using the\\nfollowing rules:\\n\\n\\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\\n port associated with the redirect scheme. Specifically \\\"http\\\" to port 80\\n and \\\"https\\\" to port 443. If the redirect scheme does not have a\\n well-known port, the listener port of the Gateway SHOULD be used.\\n* If redirect scheme is empty, the redirect port MUST be the Gateway\\n Listener port.\\n\\n\\nImplementations SHOULD NOT add the port number in the 'Location'\\nheader in the following cases:\\n\\n\\n* A Location header that will use HTTP (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 80.\\n* A Location header that will use HTTPS (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 443.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in\\nthe response. When empty, the scheme of the request is used.\\n\\n\\nScheme redirects can affect the port of the redirect, for more information,\\nrefer to the documentation for the port field of this filter.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding.\\n\\n\\nSupport: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during\\nforwarding.\\n\\n\\nSupport: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations must support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by\\n specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` should be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#withFilters':: d.fn(help='"Filters defined at this level should be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in HTTPRouteRule.)"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters defined at this level should be executed if and only if the\\nrequest is being forwarded to the backend defined here.\\n\\n\\nSupport: Implementation-specific (For broader support of filters, use the\\nFilters field in HTTPRouteRule.)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight specifies the proportion of requests forwarded to the referenced\\nbackend. This is computed as weight/(sum of all weights in this\\nBackendRefs list). For non-zero values, there may be some epsilon from\\nthe exact proportion defined here depending on the precision an\\nimplementation supports. Weight is not a percentage and the sum of\\nweights does not need to equal 100.\\n\\n\\nIf only one backend is specified and it has a weight greater than 0, 100%\\nof the traffic is forwarded to that backend. If weight is set to 0, no\\ntraffic should be forwarded for this entry. If unspecified, weight\\ndefaults to 1.\\n\\n\\nSupport for this field varies based on the context where used."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#filters':: d.obj(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nWherever possible, implementations SHOULD implement filters in the order\\nthey are specified.\\n\\n\\nImplementations MAY choose to implement this ordering strictly, rejecting\\nany combination or order of filters that can not be supported. If implementations\\nchoose a strict interpretation of filter ordering, they MUST clearly document\\nthat behavior.\\n\\n\\nTo reject an invalid combination or order of filters, implementations SHOULD\\nconsider the Route Rules with this configuration invalid. If all Route Rules\\nin a Route are invalid, the entire Route would be considered invalid. If only\\na portion of Route Rules are invalid, implementations MUST set the\\n\\"PartiallyInvalid\\" condition for the Route.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nAll filters are expected to be compatible with each other except for the\\nURLRewrite and RequestRedirect filters, which may not be combined. If an\\nimplementation can not support other combinations of filters, they must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"'), + filters: { + '#extensionRef':: d.obj(help='"ExtensionRef is an optional, implementation-specific extension to the\\n\\"filter\\" behavior. For example, resource \\"myroutefilter\\" in group\\n\\"networking.example.net\\"). ExtensionRef MUST NOT be used for core and\\nextended filters.\\n\\n\\nThis filter can be used multiple times within the same rule.\\n\\n\\nSupport: Implementation-specific"'), + extensionRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { extensionRef+: { group: group } }, + '#withKind':: d.fn(help='"Kind is kind of the referent. For example \\"HTTPRoute\\" or \\"Service\\"."', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { extensionRef+: { kind: kind } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { extensionRef+: { name: name } }, + }, + '#requestHeaderModifier':: d.obj(help='"RequestHeaderModifier defines a schema for a filter that modifies request\\nheaders.\\n\\n\\nSupport: Core"'), + requestHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { requestHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { requestHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestMirror':: d.obj(help='"RequestMirror defines a schema for a filter that mirrors requests.\\nRequests are sent to the specified destination, but responses from\\nthat destination are ignored.\\n\\n\\nThis filter can be used multiple times within the same rule. Note that\\nnot all implementations will be able to support mirroring to multiple\\nbackends.\\n\\n\\nSupport: Extended"'), + requestMirror: { + '#backendRef':: d.obj(help='"BackendRef references a resource where mirrored requests are sent.\\n\\n\\nMirrored requests must be sent only to a single destination endpoint\\nwithin this BackendRef, irrespective of how many endpoints are present\\nwithin this BackendRef.\\n\\n\\nIf the referent cannot be found, this BackendRef is invalid and must be\\ndropped from the Gateway. The controller must ensure the \\"ResolvedRefs\\"\\ncondition on the Route status is set to `status: False` and not configure\\nthis backend in the underlying implementation.\\n\\n\\nIf there is a cross-namespace reference to an *existing* object\\nthat is not allowed by a ReferenceGrant, the controller must ensure the\\n\\"ResolvedRefs\\" condition on the Route is set to `status: False`,\\nwith the \\"RefNotPermitted\\" reason and not configure this backend in the\\nunderlying implementation.\\n\\n\\nIn either error case, the Message of the `ResolvedRefs` Condition\\nshould be used to provide more detail about the problem.\\n\\n\\nSupport: Extended for Kubernetes Service\\n\\n\\nSupport: Implementation-specific for any other resource"'), + backendRef: { + '#withGroup':: d.fn(help='"Group is the group of the referent. For example, \\"gateway.networking.k8s.io\\".\\nWhen unspecified or empty string, core API group is inferred."', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { requestMirror+: { backendRef+: { group: group } } }, + '#withKind':: d.fn(help='"Kind is the Kubernetes resource kind of the referent. For example\\n\\"Service\\".\\n\\n\\nDefaults to \\"Service\\" when not specified.\\n\\n\\nExternalName services can refer to CNAME DNS records that may live\\noutside of the cluster and as such are difficult to reason about in\\nterms of conformance. They also may not be safe to forward to (see\\nCVE-2021-25740 for more information). Implementations SHOULD NOT\\nsupport ExternalName Services.\\n\\n\\nSupport: Core (Services with a type other than ExternalName)\\n\\n\\nSupport: Implementation-specific (Services with type ExternalName)"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { requestMirror+: { backendRef+: { kind: kind } } }, + '#withName':: d.fn(help='"Name is the name of the referent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { requestMirror+: { backendRef+: { name: name } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of the backend. When unspecified, the local\\nnamespace is inferred.\\n\\n\\nNote that when a namespace different than the local namespace is specified,\\na ReferenceGrant object is required in the referent namespace to allow that\\nnamespace's owner to accept the reference. See the ReferenceGrant\\ndocumentation for details.\\n\\n\\nSupport: Core\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { requestMirror+: { backendRef+: { namespace: namespace } } }, + '#withPort':: d.fn(help='"Port specifies the destination port number to use for this resource.\\nPort is required when the referent is a Kubernetes Service. In this\\ncase, the port number is the service port number, not the target port.\\nFor other resources, destination port might be derived from the referent\\nresource or this field."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestMirror+: { backendRef+: { port: port } } }, + }, + }, + '#requestRedirect':: d.obj(help='"RequestRedirect defines a schema for a filter that responds to the\\nrequest with an HTTP redirection.\\n\\n\\nSupport: Core"'), + requestRedirect: { + '#path':: d.obj(help='"Path defines parameters used to modify the path of the incoming request.\\nThe modified path is then used to construct the `Location` header. When\\nempty, the request path is used as-is.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { requestRedirect+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { requestRedirect+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { requestRedirect+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the hostname to be used in the value of the `Location`\\nheader in the response.\\nWhen empty, the hostname in the `Host` header of the request is used.\\n\\n\\nSupport: Core"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirect+: { hostname: hostname } }, + '#withPort':: d.fn(help="\"Port is the port to be used in the value of the `Location`\\nheader in the response.\\n\\n\\nIf no port is specified, the redirect port MUST be derived using the\\nfollowing rules:\\n\\n\\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\\n port associated with the redirect scheme. Specifically \\\"http\\\" to port 80\\n and \\\"https\\\" to port 443. If the redirect scheme does not have a\\n well-known port, the listener port of the Gateway SHOULD be used.\\n* If redirect scheme is empty, the redirect port MUST be the Gateway\\n Listener port.\\n\\n\\nImplementations SHOULD NOT add the port number in the 'Location'\\nheader in the following cases:\\n\\n\\n* A Location header that will use HTTP (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 80.\\n* A Location header that will use HTTPS (whether that is determined via\\n the Listener protocol or the Scheme field) _and_ use port 443.\\n\\n\\nSupport: Extended\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirect+: { port: port } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location` header in\\nthe response. When empty, the scheme of the request is used.\\n\\n\\nScheme redirects can affect the port of the redirect, for more information,\\nrefer to the documentation for the port field of this filter.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Extended"', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirect+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`.\\n\\n\\nSupport: Core"', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirect+: { statusCode: statusCode } }, + }, + '#responseHeaderModifier':: d.obj(help='"ResponseHeaderModifier defines a schema for a filter that modifies response\\nheaders.\\n\\n\\nSupport: Extended"'), + responseHeaderModifier: { + '#add':: d.obj(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"'), + add: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#set':: d.obj(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"'), + set: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, the first entry with\\nan equivalent name MUST be considered for a match. Subsequent entries\\nwith an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withAdd':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"', args=[d.arg(name='add', type=d.T.array)]), + withAdd(add): { responseHeaderModifier+: { add: if std.isArray(v=add) then add else [add] } }, + '#withAddMixin':: d.fn(help='"Add adds the given header(s) (name, value) to the request\\nbefore the action. It appends to any existing values associated\\nwith the header name.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n add:\\n - name: \\"my-header\\"\\n value: \\"bar,baz\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: foo,bar,baz"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='add', type=d.T.array)]), + withAddMixin(add): { responseHeaderModifier+: { add+: if std.isArray(v=add) then add else [add] } }, + '#withRemove':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeaderModifier+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove the given header(s) from the HTTP request before the action. The\\nvalue of Remove is a list of HTTP header names. Note that the header\\nnames are case-insensitive (see\\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header1: foo\\n my-header2: bar\\n my-header3: baz\\n\\n\\nConfig:\\n remove: [\\"my-header1\\", \\"my-header3\\"]\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header2: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeaderModifier+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeaderModifier+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set overwrites the request with the given header (name, value)\\nbefore the action.\\n\\n\\nInput:\\n GET /foo HTTP/1.1\\n my-header: foo\\n\\n\\nConfig:\\n set:\\n - name: \\"my-header\\"\\n value: \\"bar\\"\\n\\n\\nOutput:\\n GET /foo HTTP/1.1\\n my-header: bar"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeaderModifier+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#urlRewrite':: d.obj(help='"URLRewrite defines a schema for a filter that modifies a request during forwarding.\\n\\n\\nSupport: Extended"'), + urlRewrite: { + '#path':: d.obj(help='"Path defines a path rewrite.\\n\\n\\nSupport: Extended"'), + path: { + '#withReplaceFullPath':: d.fn(help='"ReplaceFullPath specifies the value with which to replace the full path\\nof a request during a rewrite or redirect."', args=[d.arg(name='replaceFullPath', type=d.T.string)]), + withReplaceFullPath(replaceFullPath): { urlRewrite+: { path+: { replaceFullPath: replaceFullPath } } }, + '#withReplacePrefixMatch':: d.fn(help='"ReplacePrefixMatch specifies the value with which to replace the prefix\\nmatch of a request during a rewrite or redirect. For example, a request\\nto \\"/foo/bar\\" with a prefix match of \\"/foo\\" and a ReplacePrefixMatch\\nof \\"/xyz\\" would be modified to \\"/xyz/bar\\".\\n\\n\\nNote that this matches the behavior of the PathPrefix match type. This\\nmatches full path elements. A path element refers to the list of labels\\nin the path split by the `/` separator. When specified, a trailing `/` is\\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\\nmatch the prefix `/abc`, but the path `/abcd` would not.\\n\\n\\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\\nthe implementation setting the Accepted Condition for the Route to `status: False`.\\n\\n\\nRequest Path | Prefix Match | Replace Prefix | Modified Path\\n-------------|--------------|----------------|----------\\n/foo/bar | /foo | /xyz | /xyz/bar\\n/foo/bar | /foo | /xyz/ | /xyz/bar\\n/foo/bar | /foo/ | /xyz | /xyz/bar\\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\\n/foo | /foo | /xyz | /xyz\\n/foo/ | /foo | /xyz | /xyz/\\n/foo/bar | /foo | | /bar\\n/foo/ | /foo | | /\\n/foo | /foo | | /\\n/foo/ | /foo | / | /\\n/foo | /foo | / | /"', args=[d.arg(name='replacePrefixMatch', type=d.T.string)]), + withReplacePrefixMatch(replacePrefixMatch): { urlRewrite+: { path+: { replacePrefixMatch: replacePrefixMatch } } }, + '#withType':: d.fn(help='"Type defines the type of path modifier. Additional types may be\\nadded in a future release of the API.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { urlRewrite+: { path+: { type: type } } }, + }, + '#withHostname':: d.fn(help='"Hostname is the value to be used to replace the Host header value during\\nforwarding.\\n\\n\\nSupport: Extended"', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { urlRewrite+: { hostname: hostname } }, + }, + '#withType':: d.fn(help='"Type identifies the type of filter to apply. As with other API fields,\\ntypes are classified into three conformance levels:\\n\\n\\n- Core: Filter types and their corresponding configuration defined by\\n \\"Support: Core\\" in this package, e.g. \\"RequestHeaderModifier\\". All\\n implementations must support core filters.\\n\\n\\n- Extended: Filter types and their corresponding configuration defined by\\n \\"Support: Extended\\" in this package, e.g. \\"RequestMirror\\". Implementers\\n are encouraged to support extended filters.\\n\\n\\n- Implementation-specific: Filters that are defined and supported by\\n specific vendors.\\n In the future, filters showing convergence in behavior across multiple\\n implementations will be considered for inclusion in extended or core\\n conformance levels. Filter-specific configuration for such filters\\n is specified using the ExtensionRef field. `Type` should be set to\\n \\"ExtensionRef\\" for custom filters.\\n\\n\\nImplementers are encouraged to define custom implementation types to\\nextend the core API with implementation-specific behavior.\\n\\n\\nIf a reference to a custom filter type cannot be resolved, the filter\\nMUST NOT be skipped. Instead, requests that would have been processed by\\nthat filter MUST receive a HTTP error response.\\n\\n\\nNote that values may be added to this enum, implementations\\nmust ensure that unknown values will not cause a crash.\\n\\n\\nUnknown values here must result in the implementation setting the\\nAccepted Condition for the Route to `status: False`, with a\\nReason of `UnsupportedValue`."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + }, + '#matches':: d.obj(help='"Matches define conditions used for matching the rule against incoming\\nHTTP requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- path:\\n value: \\"/foo\\"\\n headers:\\n - name: \\"version\\"\\n value: \\"v2\\"\\n- path:\\n value: \\"/v2/foo\\"\\n```\\n\\n\\nFor a request to match against this rule, a request must satisfy\\nEITHER of the two conditions:\\n\\n\\n- path prefixed with `/foo` AND contains the header `version: v2`\\n- path prefix of `/v2/foo`\\n\\n\\nSee the documentation for HTTPRouteMatch on how to specify multiple\\nmatch conditions that should be ANDed together.\\n\\n\\nIf no matches are specified, the default is a prefix\\npath match on \\"/\\", which has the effect of matching every\\nHTTP request.\\n\\n\\nProxy or Load Balancer routing configuration generated from HTTPRoutes\\nMUST prioritize matches based on the following criteria, continuing on\\nties. Across all rules specified on applicable Routes, precedence must be\\ngiven to the match having:\\n\\n\\n* \\"Exact\\" path match.\\n* \\"Prefix\\" path match with largest number of characters.\\n* Method match.\\n* Largest number of header matches.\\n* Largest number of query param matches.\\n\\n\\nNote: The precedence of RegularExpression path matches are implementation-specific.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\\nto the FIRST matching rule (in list order) with a match meeting the above\\ncriteria.\\n\\n\\nWhen no rules matching a request have been successfully attached to the\\nparent a request is coming from, a HTTP 404 status code MUST be returned."'), + matches: { + '#headers':: d.obj(help='"Headers specifies HTTP request header matchers. Multiple match values are\\nANDed together, meaning, a request must match all the specified headers\\nto select the route."'), + headers: { + '#withName':: d.fn(help='"Name is the name of the HTTP Header to be matched. Name matching MUST be\\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\\n\\n\\nIf multiple entries specify equivalent header names, only the first\\nentry with an equivalent name MUST be considered for a match. Subsequent\\nentries with an equivalent header name MUST be ignored. Due to the\\ncase-insensitivity of header names, \\"foo\\" and \\"Foo\\" are considered\\nequivalent.\\n\\n\\nWhen a header is repeated in an HTTP request, it is\\nimplementation-specific behavior as to how this is represented.\\nGenerally, proxies should follow the guidance from the RFC:\\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\\nprocessing a repeated header, with special handling for \\"Set-Cookie\\"."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the header.\\n\\n\\nSupport: Core (Exact)\\n\\n\\nSupport: Implementation-specific (RegularExpression)\\n\\n\\nSince RegularExpression HeaderMatchType has implementation-specific\\nconformance, implementations can support POSIX, PCRE or any other dialects\\nof regular expressions. Please read the implementation's documentation to\\ndetermine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP Header to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#path':: d.obj(help='"Path specifies a HTTP request path matcher. If this field is not\\nspecified, a default prefix match on the \\"/\\" path is provided."'), + path: { + '#withType':: d.fn(help='"Type specifies how to match against the path Value.\\n\\n\\nSupport: Core (Exact, PathPrefix)\\n\\n\\nSupport: Implementation-specific (RegularExpression)"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { path+: { type: type } }, + '#withValue':: d.fn(help='"Value of the HTTP path to match against."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { path+: { value: value } }, + }, + '#queryParams':: d.obj(help='"QueryParams specifies HTTP query parameter matchers. Multiple match\\nvalues are ANDed together, meaning, a request must match all the\\nspecified query parameters to select the route.\\n\\n\\nSupport: Extended"'), + queryParams: { + '#withName':: d.fn(help='"Name is the name of the HTTP query param to be matched. This must be an\\nexact string match. (See\\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\\n\\n\\nIf multiple entries specify equivalent query param names, only the first\\nentry with an equivalent name MUST be considered for a match. Subsequent\\nentries with an equivalent query param name MUST be ignored.\\n\\n\\nIf a query param is repeated in an HTTP request, the behavior is\\npurposely left undefined, since different data planes have different\\ncapabilities. However, it is *recommended* that implementations should\\nmatch against the first value of the param if the data plane supports it,\\nas this behavior is expected in other load balancing contexts outside of\\nthe Gateway API.\\n\\n\\nUsers SHOULD NOT route traffic based on repeated query params to guard\\nthemselves against potential differences in the implementations."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withType':: d.fn(help="\"Type specifies how to match against the value of the query parameter.\\n\\n\\nSupport: Extended (Exact)\\n\\n\\nSupport: Implementation-specific (RegularExpression)\\n\\n\\nSince RegularExpression QueryParamMatchType has Implementation-specific\\nconformance, implementations can support POSIX, PCRE or any other\\ndialects of regular expressions. Please read the implementation's\\ndocumentation to determine the supported dialect.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { type: type }, + '#withValue':: d.fn(help='"Value is the value of HTTP query param to be matched."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withHeaders':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are\\nANDed together, meaning, a request must match all the specified headers\\nto select the route."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { headers: if std.isArray(v=headers) then headers else [headers] }, + '#withHeadersMixin':: d.fn(help='"Headers specifies HTTP request header matchers. Multiple match values are\\nANDed together, meaning, a request must match all the specified headers\\nto select the route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { headers+: if std.isArray(v=headers) then headers else [headers] }, + '#withMethod':: d.fn(help='"Method specifies HTTP method matcher.\\nWhen specified, this route will be matched only if the request has the\\nspecified method.\\n\\n\\nSupport: Extended"', args=[d.arg(name='method', type=d.T.string)]), + withMethod(method): { method: method }, + '#withQueryParams':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match\\nvalues are ANDed together, meaning, a request must match all the\\nspecified query parameters to select the route.\\n\\n\\nSupport: Extended"', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParams(queryParams): { queryParams: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + '#withQueryParamsMixin':: d.fn(help='"QueryParams specifies HTTP query parameter matchers. Multiple match\\nvalues are ANDed together, meaning, a request must match all the\\nspecified query parameters to select the route.\\n\\n\\nSupport: Extended"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='queryParams', type=d.T.array)]), + withQueryParamsMixin(queryParams): { queryParams+: if std.isArray(v=queryParams) then queryParams else [queryParams] }, + }, + '#withBackendRefs':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive a 500 status code.\\n\\n\\nSee the HTTPBackendRef definition for the rules about what makes a single\\nHTTPBackendRef invalid.\\n\\n\\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive a 500 status code.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic must receive a 500. Implementations may\\nchoose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefs(backendRefs): { backendRefs: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withBackendRefsMixin':: d.fn(help='"BackendRefs defines the backend(s) where matching requests should be\\nsent.\\n\\n\\nFailure behavior here depends on how many BackendRefs are specified and\\nhow many are invalid.\\n\\n\\nIf *all* entries in BackendRefs are invalid, and there are also no filters\\nspecified in this route rule, *all* traffic which matches this rule MUST\\nreceive a 500 status code.\\n\\n\\nSee the HTTPBackendRef definition for the rules about what makes a single\\nHTTPBackendRef invalid.\\n\\n\\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\\nrequests that would have otherwise been routed to an invalid backend. If\\nmultiple backends are specified, and some are invalid, the proportion of\\nrequests that would otherwise have been routed to an invalid backend\\nMUST receive a 500 status code.\\n\\n\\nFor example, if two backends are specified with equal weights, and one is\\ninvalid, 50 percent of traffic must receive a 500. Implementations may\\nchoose how that 50 percent is determined.\\n\\n\\nSupport: Core for Kubernetes Service\\n\\n\\nSupport: Extended for Kubernetes ServiceImport\\n\\n\\nSupport: Implementation-specific for any other resource\\n\\n\\nSupport for weight: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='backendRefs', type=d.T.array)]), + withBackendRefsMixin(backendRefs): { backendRefs+: if std.isArray(v=backendRefs) then backendRefs else [backendRefs] }, + '#withFilters':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nWherever possible, implementations SHOULD implement filters in the order\\nthey are specified.\\n\\n\\nImplementations MAY choose to implement this ordering strictly, rejecting\\nany combination or order of filters that can not be supported. If implementations\\nchoose a strict interpretation of filter ordering, they MUST clearly document\\nthat behavior.\\n\\n\\nTo reject an invalid combination or order of filters, implementations SHOULD\\nconsider the Route Rules with this configuration invalid. If all Route Rules\\nin a Route are invalid, the entire Route would be considered invalid. If only\\na portion of Route Rules are invalid, implementations MUST set the\\n\\"PartiallyInvalid\\" condition for the Route.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nAll filters are expected to be compatible with each other except for the\\nURLRewrite and RequestRedirect filters, which may not be combined. If an\\nimplementation can not support other combinations of filters, they must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"', args=[d.arg(name='filters', type=d.T.array)]), + withFilters(filters): { filters: if std.isArray(v=filters) then filters else [filters] }, + '#withFiltersMixin':: d.fn(help='"Filters define the filters that are applied to requests that match\\nthis rule.\\n\\n\\nWherever possible, implementations SHOULD implement filters in the order\\nthey are specified.\\n\\n\\nImplementations MAY choose to implement this ordering strictly, rejecting\\nany combination or order of filters that can not be supported. If implementations\\nchoose a strict interpretation of filter ordering, they MUST clearly document\\nthat behavior.\\n\\n\\nTo reject an invalid combination or order of filters, implementations SHOULD\\nconsider the Route Rules with this configuration invalid. If all Route Rules\\nin a Route are invalid, the entire Route would be considered invalid. If only\\na portion of Route Rules are invalid, implementations MUST set the\\n\\"PartiallyInvalid\\" condition for the Route.\\n\\n\\nConformance-levels at this level are defined based on the type of filter:\\n\\n\\n- ALL core filters MUST be supported by all implementations.\\n- Implementers are encouraged to support extended filters.\\n- Implementation-specific custom filters have no API guarantees across\\n implementations.\\n\\n\\nSpecifying the same filter multiple times is not supported unless explicitly\\nindicated in the filter.\\n\\n\\nAll filters are expected to be compatible with each other except for the\\nURLRewrite and RequestRedirect filters, which may not be combined. If an\\nimplementation can not support other combinations of filters, they must clearly\\ndocument that limitation. In cases where incompatible or unsupported\\nfilters are specified and cause the `Accepted` condition to be set to status\\n`False`, implementations may use the `IncompatibleFilters` reason to specify\\nthis configuration error.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='filters', type=d.T.array)]), + withFiltersMixin(filters): { filters+: if std.isArray(v=filters) then filters else [filters] }, + '#withMatches':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\nHTTP requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- path:\\n value: \\"/foo\\"\\n headers:\\n - name: \\"version\\"\\n value: \\"v2\\"\\n- path:\\n value: \\"/v2/foo\\"\\n```\\n\\n\\nFor a request to match against this rule, a request must satisfy\\nEITHER of the two conditions:\\n\\n\\n- path prefixed with `/foo` AND contains the header `version: v2`\\n- path prefix of `/v2/foo`\\n\\n\\nSee the documentation for HTTPRouteMatch on how to specify multiple\\nmatch conditions that should be ANDed together.\\n\\n\\nIf no matches are specified, the default is a prefix\\npath match on \\"/\\", which has the effect of matching every\\nHTTP request.\\n\\n\\nProxy or Load Balancer routing configuration generated from HTTPRoutes\\nMUST prioritize matches based on the following criteria, continuing on\\nties. Across all rules specified on applicable Routes, precedence must be\\ngiven to the match having:\\n\\n\\n* \\"Exact\\" path match.\\n* \\"Prefix\\" path match with largest number of characters.\\n* Method match.\\n* Largest number of header matches.\\n* Largest number of query param matches.\\n\\n\\nNote: The precedence of RegularExpression path matches are implementation-specific.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\\nto the FIRST matching rule (in list order) with a match meeting the above\\ncriteria.\\n\\n\\nWhen no rules matching a request have been successfully attached to the\\nparent a request is coming from, a HTTP 404 status code MUST be returned."', args=[d.arg(name='matches', type=d.T.array)]), + withMatches(matches): { matches: if std.isArray(v=matches) then matches else [matches] }, + '#withMatchesMixin':: d.fn(help='"Matches define conditions used for matching the rule against incoming\\nHTTP requests. Each match is independent, i.e. this rule will be matched\\nif **any** one of the matches is satisfied.\\n\\n\\nFor example, take the following matches configuration:\\n\\n\\n```\\nmatches:\\n- path:\\n value: \\"/foo\\"\\n headers:\\n - name: \\"version\\"\\n value: \\"v2\\"\\n- path:\\n value: \\"/v2/foo\\"\\n```\\n\\n\\nFor a request to match against this rule, a request must satisfy\\nEITHER of the two conditions:\\n\\n\\n- path prefixed with `/foo` AND contains the header `version: v2`\\n- path prefix of `/v2/foo`\\n\\n\\nSee the documentation for HTTPRouteMatch on how to specify multiple\\nmatch conditions that should be ANDed together.\\n\\n\\nIf no matches are specified, the default is a prefix\\npath match on \\"/\\", which has the effect of matching every\\nHTTP request.\\n\\n\\nProxy or Load Balancer routing configuration generated from HTTPRoutes\\nMUST prioritize matches based on the following criteria, continuing on\\nties. Across all rules specified on applicable Routes, precedence must be\\ngiven to the match having:\\n\\n\\n* \\"Exact\\" path match.\\n* \\"Prefix\\" path match with largest number of characters.\\n* Method match.\\n* Largest number of header matches.\\n* Largest number of query param matches.\\n\\n\\nNote: The precedence of RegularExpression path matches are implementation-specific.\\n\\n\\nIf ties still exist across multiple Routes, matching precedence MUST be\\ndetermined in order of the following criteria, continuing on ties:\\n\\n\\n* The oldest Route based on creation timestamp.\\n* The Route appearing first in alphabetical order by\\n \\"{namespace}/{name}\\".\\n\\n\\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\\nto the FIRST matching rule (in list order) with a match meeting the above\\ncriteria.\\n\\n\\nWhen no rules matching a request have been successfully attached to the\\nparent a request is coming from, a HTTP 404 status code MUST be returned."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matches', type=d.T.array)]), + withMatchesMixin(matches): { matches+: if std.isArray(v=matches) then matches else [matches] }, + }, + '#withHostnames':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host\\nheader to select a HTTPRoute used to process the request. Implementations\\nMUST ignore any port value specified in the HTTP Host header while\\nperforming a match and (absent of any applicable header modification\\nconfiguration) MUST forward this header unmodified to the backend.\\n\\n\\nValid values for Hostnames are determined by RFC 1123 definition of a\\nhostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label must appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and HTTPRoute, there\\nmust be at least one intersecting hostname for the HTTPRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\\n all match. On the other hand, `example.com` and `test.example.net` would\\n not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, any\\nHTTPRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nHTTPRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` must not be considered for a match.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, and none\\nmatch with the criteria above, then the HTTPRoute is not accepted. The\\nimplementation must raise an 'Accepted' Condition with a status of\\n`False` in the corresponding RouteParentStatus.\\n\\n\\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\\noverlapping wildcard matching and exact matching hostnames), precedence must\\nbe given to rules from the HTTPRoute with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n\\n\\nIf ties exist across multiple Routes, the matching precedence rules for\\nHTTPRouteMatches takes over.\\n\\n\\nSupport: Core\"", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnames(hostnames): { spec+: { hostnames: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withHostnamesMixin':: d.fn(help="\"Hostnames defines a set of hostnames that should match against the HTTP Host\\nheader to select a HTTPRoute used to process the request. Implementations\\nMUST ignore any port value specified in the HTTP Host header while\\nperforming a match and (absent of any applicable header modification\\nconfiguration) MUST forward this header unmodified to the backend.\\n\\n\\nValid values for Hostnames are determined by RFC 1123 definition of a\\nhostname with 2 notable exceptions:\\n\\n\\n1. IPs are not allowed.\\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\\n label must appear by itself as the first label.\\n\\n\\nIf a hostname is specified by both the Listener and HTTPRoute, there\\nmust be at least one intersecting hostname for the HTTPRoute to be\\nattached to the Listener. For example:\\n\\n\\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames, or have specified at\\n least one of `test.example.com` or `*.example.com`.\\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\\n that have either not specified any hostnames or have specified at least\\n one hostname that matches the Listener hostname. For example,\\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\\n all match. On the other hand, `example.com` and `test.example.net` would\\n not match.\\n\\n\\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\\nas a suffix match. That means that a match for `*.example.com` would match\\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, any\\nHTTPRoute hostnames that do not match the Listener hostname MUST be\\nignored. For example, if a Listener specified `*.example.com`, and the\\nHTTPRoute specified `test.example.com` and `test.example.net`,\\n`test.example.net` must not be considered for a match.\\n\\n\\nIf both the Listener and HTTPRoute have specified hostnames, and none\\nmatch with the criteria above, then the HTTPRoute is not accepted. The\\nimplementation must raise an 'Accepted' Condition with a status of\\n`False` in the corresponding RouteParentStatus.\\n\\n\\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\\noverlapping wildcard matching and exact matching hostnames), precedence must\\nbe given to rules from the HTTPRoute with the largest number of:\\n\\n\\n* Characters in a matching non-wildcard hostname.\\n* Characters in a matching hostname.\\n\\n\\nIf ties exist across multiple Routes, the matching precedence rules for\\nHTTPRouteMatches takes over.\\n\\n\\nSupport: Core\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='hostnames', type=d.T.array)]), + withHostnamesMixin(hostnames): { spec+: { hostnames+: if std.isArray(v=hostnames) then hostnames else [hostnames] } }, + '#withParentRefs':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\n\\n\\n\\n\\n\\n"', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefs(parentRefs): { spec+: { parentRefs: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withParentRefsMixin':: d.fn(help='"ParentRefs references the resources (usually Gateways) that a Route wants\\nto be attached to. Note that the referenced parent resource needs to\\nallow this for the attachment to be complete. For Gateways, that means\\nthe Gateway needs to allow attachment from Routes of this kind and\\nnamespace. For Services, that means the Service must either be in the same\\nnamespace for a \\"producer\\" route, or the mesh implementation must support\\nand allow \\"consumer\\" routes for the referenced Service. ReferenceGrant is\\nnot applicable for governing ParentRefs to Services - it is not possible to\\ncreate a \\"producer\\" route for a Service in a different namespace from the\\nRoute.\\n\\n\\nThere are two kinds of parent resources with \\"Core\\" support:\\n\\n\\n* Gateway (Gateway conformance profile)\\n* Service (Mesh conformance profile, ClusterIP Services only)\\n\\n\\nThis API may be extended in the future to support additional kinds of parent\\nresources.\\n\\n\\nParentRefs must be _distinct_. This means either that:\\n\\n\\n* They select different objects. If this is the case, then parentRef\\n entries are distinct. In terms of fields, this means that the\\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\\n be unique across all parentRef entries in the Route.\\n* They do not select different objects, but for each optional field used,\\n each ParentRef that selects the same object must set the same set of\\n optional fields to different values. If one ParentRef sets a\\n combination of optional fields, all must set the same combination.\\n\\n\\nSome examples:\\n\\n\\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\\n same object must also set `sectionName`.\\n* If one ParentRef sets `port`, all ParentRefs referencing the same\\n object must also set `port`.\\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\\n referencing the same object must also set `sectionName` and `port`.\\n\\n\\nIt is possible to separately reference multiple distinct objects that may\\nbe collapsed by an implementation. For example, some implementations may\\nchoose to merge compatible Gateway Listeners together. If that is the\\ncase, the list of routes attached to those resources should also be\\nmerged.\\n\\n\\nNote that for ParentRefs that cross namespace boundaries, there are specific\\nrules. Cross-namespace references are only valid if they are explicitly\\nallowed by something in the namespace they are referring to. For example,\\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\\ngeneric way to enable other kinds of cross-namespace reference.\\n\\n\\n\\n\\n\\n\\n\\n\\n"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='parentRefs', type=d.T.array)]), + withParentRefsMixin(parentRefs): { spec+: { parentRefs+: if std.isArray(v=parentRefs) then parentRefs else [parentRefs] } }, + '#withRules':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."', args=[d.arg(name='rules', type=d.T.array)]), + withRules(rules): { spec+: { rules: if std.isArray(v=rules) then rules else [rules] } }, + '#withRulesMixin':: d.fn(help='"Rules are a list of HTTP matchers, filters and actions."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rules', type=d.T.array)]), + withRulesMixin(rules): { spec+: { rules+: if std.isArray(v=rules) then rules else [rules] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1/_gen/gateway/v1beta1/main.libsonnet b/1.1/_gen/gateway/v1beta1/main.libsonnet new file mode 100644 index 0000000..e6189e7 --- /dev/null +++ b/1.1/_gen/gateway/v1beta1/main.libsonnet @@ -0,0 +1,8 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1beta1', url='', help=''), + gateway: (import 'gateway.libsonnet'), + gatewayClass: (import 'gatewayClass.libsonnet'), + httpRoute: (import 'httpRoute.libsonnet'), + referenceGrant: (import 'referenceGrant.libsonnet'), +} diff --git a/1.1/_gen/gateway/v1beta1/referenceGrant.libsonnet b/1.1/_gen/gateway/v1beta1/referenceGrant.libsonnet new file mode 100644 index 0000000..4abba69 --- /dev/null +++ b/1.1/_gen/gateway/v1beta1/referenceGrant.libsonnet @@ -0,0 +1,81 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='referenceGrant', url='', help='"ReferenceGrant identifies kinds of resources in other namespaces that are\\ntrusted to reference the specified kinds of resources in the same namespace\\nas the policy.\\n\\n\\nEach ReferenceGrant can be used to represent a unique trust relationship.\\nAdditional Reference Grants can be used to add to the set of trusted\\nsources of inbound references for the namespace they are defined within.\\n\\n\\nAll cross-namespace references in Gateway API (with the exception of cross-namespace\\nGateway-route attachment) require a ReferenceGrant.\\n\\n\\nReferenceGrant is a form of runtime verification allowing users to assert\\nwhich cross-namespace object references are permitted. Implementations that\\nsupport ReferenceGrant MUST NOT permit cross-namespace references which have\\nno grant, and MUST respond to the removal of a grant by revoking the access\\nthat the grant allowed."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of ReferenceGrant', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'gateway.networking.k8s.io/v1beta1', + kind: 'ReferenceGrant', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"Spec defines the desired state of ReferenceGrant."'), + spec: { + '#from':: d.obj(help='"From describes the trusted namespaces and kinds that can reference the\\nresources described in \\"To\\". Each entry in this list MUST be considered\\nto be an additional place that references can be valid from, or to put\\nthis another way, entries MUST be combined using OR.\\n\\n\\nSupport: Core"'), + from: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen empty, the Kubernetes core API group is inferred.\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support\\nadditional resources, the following types are part of the \\"Core\\"\\nsupport level for this field.\\n\\n\\nWhen used to permit a SecretObjectReference:\\n\\n\\n* Gateway\\n\\n\\nWhen used to permit a BackendObjectReference:\\n\\n\\n* GRPCRoute\\n* HTTPRoute\\n* TCPRoute\\n* TLSRoute\\n* UDPRoute"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withNamespace':: d.fn(help='"Namespace is the namespace of the referent.\\n\\n\\nSupport: Core"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#to':: d.obj(help='"To describes the resources that may be referenced by the resources\\ndescribed in \\"From\\". Each entry in this list MUST be considered to be an\\nadditional place that references can be valid to, or to put this another\\nway, entries MUST be combined using OR.\\n\\n\\nSupport: Core"'), + to: { + '#withGroup':: d.fn(help='"Group is the group of the referent.\\nWhen empty, the Kubernetes core API group is inferred.\\n\\n\\nSupport: Core"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { group: group }, + '#withKind':: d.fn(help='"Kind is the kind of the referent. Although implementations may support\\nadditional resources, the following types are part of the \\"Core\\"\\nsupport level for this field:\\n\\n\\n* Secret when used to permit a SecretObjectReference\\n* Service when used to permit a BackendObjectReference"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { kind: kind }, + '#withName':: d.fn(help='"Name is the name of the referent. When unspecified, this policy\\nrefers to all resources of the specified Group and Kind in the local\\nnamespace."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withFrom':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the\\nresources described in \\"To\\". Each entry in this list MUST be considered\\nto be an additional place that references can be valid from, or to put\\nthis another way, entries MUST be combined using OR.\\n\\n\\nSupport: Core"', args=[d.arg(name='from', type=d.T.array)]), + withFrom(from): { spec+: { from: if std.isArray(v=from) then from else [from] } }, + '#withFromMixin':: d.fn(help='"From describes the trusted namespaces and kinds that can reference the\\nresources described in \\"To\\". Each entry in this list MUST be considered\\nto be an additional place that references can be valid from, or to put\\nthis another way, entries MUST be combined using OR.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='from', type=d.T.array)]), + withFromMixin(from): { spec+: { from+: if std.isArray(v=from) then from else [from] } }, + '#withTo':: d.fn(help='"To describes the resources that may be referenced by the resources\\ndescribed in \\"From\\". Each entry in this list MUST be considered to be an\\nadditional place that references can be valid to, or to put this another\\nway, entries MUST be combined using OR.\\n\\n\\nSupport: Core"', args=[d.arg(name='to', type=d.T.array)]), + withTo(to): { spec+: { to: if std.isArray(v=to) then to else [to] } }, + '#withToMixin':: d.fn(help='"To describes the resources that may be referenced by the resources\\ndescribed in \\"From\\". Each entry in this list MUST be considered to be an\\nadditional place that references can be valid to, or to put this another\\nway, entries MUST be combined using OR.\\n\\n\\nSupport: Core"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='to', type=d.T.array)]), + withToMixin(to): { spec+: { to+: if std.isArray(v=to) then to else [to] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.1/gen.libsonnet b/1.1/gen.libsonnet new file mode 100644 index 0000000..8bfcc80 --- /dev/null +++ b/1.1/gen.libsonnet @@ -0,0 +1,5 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='gateway-api', url='github.com/jsonnet-libs/gateway-api-libsonnet/1.1/main.libsonnet', help=''), + gateway:: (import '_gen/gateway/main.libsonnet'), +} diff --git a/1.1/main.libsonnet b/1.1/main.libsonnet new file mode 100644 index 0000000..f5597a5 --- /dev/null +++ b/1.1/main.libsonnet @@ -0,0 +1 @@ +(import 'gen.libsonnet') diff --git a/docs/0.7-experimental/README.md b/docs/0.7-experimental/README.md new file mode 100644 index 0000000..1805f8b --- /dev/null +++ b/docs/0.7-experimental/README.md @@ -0,0 +1,13 @@ +--- +permalink: /0.7-experimental/ +--- + +# gateway-api + +```jsonnet +local gateway-api = import "github.com/jsonnet-libs/gateway-api-libsonnet/0.7-experimental/main.libsonnet" +``` + + + +* [gateway](gateway/index.md) \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/index.md b/docs/0.7-experimental/gateway/index.md new file mode 100644 index 0000000..b391d29 --- /dev/null +++ b/docs/0.7-experimental/gateway/index.md @@ -0,0 +1,10 @@ +--- +permalink: /0.7-experimental/gateway/ +--- + +# gateway + + + +* [v1alpha2](v1alpha2/index.md) +* [v1beta1](v1beta1/index.md) \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/v1alpha2/gateway.md b/docs/0.7-experimental/gateway/v1alpha2/gateway.md new file mode 100644 index 0000000..f817fd3 --- /dev/null +++ b/docs/0.7-experimental/gateway/v1alpha2/gateway.md @@ -0,0 +1,568 @@ +--- +permalink: /0.7-experimental/gateway/v1alpha2/gateway/ +--- + +# gateway.v1alpha2.gateway + +"Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withAddresses(addresses)`](#fn-specwithaddresses) + * [`fn withAddressesMixin(addresses)`](#fn-specwithaddressesmixin) + * [`fn withGatewayClassName(gatewayClassName)`](#fn-specwithgatewayclassname) + * [`fn withListeners(listeners)`](#fn-specwithlisteners) + * [`fn withListenersMixin(listeners)`](#fn-specwithlistenersmixin) + * [`obj spec.addresses`](#obj-specaddresses) + * [`fn withType(type)`](#fn-specaddresseswithtype) + * [`fn withValue(value)`](#fn-specaddresseswithvalue) + * [`obj spec.listeners`](#obj-speclisteners) + * [`fn withHostname(hostname)`](#fn-speclistenerswithhostname) + * [`fn withName(name)`](#fn-speclistenerswithname) + * [`fn withPort(port)`](#fn-speclistenerswithport) + * [`fn withProtocol(protocol)`](#fn-speclistenerswithprotocol) + * [`obj spec.listeners.allowedRoutes`](#obj-speclistenersallowedroutes) + * [`fn withKinds(kinds)`](#fn-speclistenersallowedrouteswithkinds) + * [`fn withKindsMixin(kinds)`](#fn-speclistenersallowedrouteswithkindsmixin) + * [`obj spec.listeners.allowedRoutes.kinds`](#obj-speclistenersallowedrouteskinds) + * [`fn withGroup(group)`](#fn-speclistenersallowedrouteskindswithgroup) + * [`fn withKind(kind)`](#fn-speclistenersallowedrouteskindswithkind) + * [`obj spec.listeners.allowedRoutes.namespaces`](#obj-speclistenersallowedroutesnamespaces) + * [`fn withFrom(from)`](#fn-speclistenersallowedroutesnamespaceswithfrom) + * [`obj spec.listeners.allowedRoutes.namespaces.selector`](#obj-speclistenersallowedroutesnamespacesselector) + * [`fn withMatchExpressions(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressions) + * [`fn withMatchExpressionsMixin(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressionsmixin) + * [`fn withMatchLabels(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabels) + * [`fn withMatchLabelsMixin(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabelsmixin) + * [`obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions`](#obj-speclistenersallowedroutesnamespacesselectormatchexpressions) + * [`fn withKey(key)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithkey) + * [`fn withOperator(operator)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithoperator) + * [`fn withValues(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvalues) + * [`fn withValuesMixin(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvaluesmixin) + * [`obj spec.listeners.tls`](#obj-speclistenerstls) + * [`fn withCertificateRefs(certificateRefs)`](#fn-speclistenerstlswithcertificaterefs) + * [`fn withCertificateRefsMixin(certificateRefs)`](#fn-speclistenerstlswithcertificaterefsmixin) + * [`fn withMode(mode)`](#fn-speclistenerstlswithmode) + * [`fn withOptions(options)`](#fn-speclistenerstlswithoptions) + * [`fn withOptionsMixin(options)`](#fn-speclistenerstlswithoptionsmixin) + * [`obj spec.listeners.tls.certificateRefs`](#obj-speclistenerstlscertificaterefs) + * [`fn withGroup(group)`](#fn-speclistenerstlscertificaterefswithgroup) + * [`fn withKind(kind)`](#fn-speclistenerstlscertificaterefswithkind) + * [`fn withName(name)`](#fn-speclistenerstlscertificaterefswithname) + * [`fn withNamespace(namespace)`](#fn-speclistenerstlscertificaterefswithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of Gateway + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of Gateway." + +### fn spec.withAddresses + +```ts +withAddresses(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended" + +### fn spec.withAddressesMixin + +```ts +withAddressesMixin(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended" + +**Note:** This function appends passed data to existing values + +### fn spec.withGatewayClassName + +```ts +withGatewayClassName(gatewayClassName) +``` + +"GatewayClassName used for this Gateway. This is the name of a GatewayClass resource." + +### fn spec.withListeners + +```ts +withListeners(listeners) +``` + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \"compatible\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \n 1. Either each Listener within the group specifies the \"HTTP\" Protocol or each Listener within the group specifies either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener within the group specifies a Hostname that is unique within the group. \n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \"Conflicted\" condition in the Listener status. \n Support: Core" + +### fn spec.withListenersMixin + +```ts +withListenersMixin(listeners) +``` + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \"compatible\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \n 1. Either each Listener within the group specifies the \"HTTP\" Protocol or each Listener within the group specifies either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener within the group specifies a Hostname that is unique within the group. \n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \"Conflicted\" condition in the Listener status. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.addresses + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended" + +### fn spec.addresses.withType + +```ts +withType(type) +``` + +"Type of the address." + +### fn spec.addresses.withValue + +```ts +withValue(value) +``` + +"Value of the address. The validity of the values will depend on the type and support by the controller. \n Examples: `1.2.3.4`, `128::1`, `my-ip-address`." + +## obj spec.listeners + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \"compatible\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \n 1. Either each Listener within the group specifies the \"HTTP\" Protocol or each Listener within the group specifies either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener within the group specifies a Hostname that is unique within the group. \n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \"Conflicted\" condition in the Listener status. \n Support: Core" + +### fn spec.listeners.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. This field is ignored for protocols that don't require hostname based matching. \n Implementations MUST apply Hostname matching appropriately for each of the following protocols: \n * TLS: The Listener Hostname MUST match the SNI. * HTTP: The Listener Hostname MUST match the Host header of the request. * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP protocol layers as described above. If an implementation does not ensure that both the SNI and Host header match the Listener hostname, it MUST clearly document that. \n For HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` array. When both listener and route specify hostnames, there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n Support: Core" + +### fn spec.listeners.withName + +```ts +withName(name) +``` + +"Name is the name of the Listener. This name MUST be unique within a Gateway. \n Support: Core" + +### fn spec.listeners.withPort + +```ts +withPort(port) +``` + +"Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. \n Support: Core" + +### fn spec.listeners.withProtocol + +```ts +withProtocol(protocol) +``` + +"Protocol specifies the network protocol this listener expects to receive. \n Support: Core" + +## obj spec.listeners.allowedRoutes + +"AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present. \n Although a client request may match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria: \n * The most specific match as defined by the Route type. * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over a Route with a creation timestamp of \"2020-09-08 01:02:04\". * If everything else is equivalent, the Route appearing first in alphabetical order (namespace/name) should be given precedence. For example, foo/bar is given precedence over foo/baz. \n All valid rules within a Route attached to this Listener should be implemented. Invalid Route rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from valid to invalid, support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported. \n Support: Core" + +### fn spec.listeners.allowedRoutes.withKinds + +```ts +withKinds(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +### fn spec.listeners.allowedRoutes.withKindsMixin + +```ts +withKindsMixin(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.kinds + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +### fn spec.listeners.allowedRoutes.kinds.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the Route." + +### fn spec.listeners.allowedRoutes.kinds.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the Route." + +## obj spec.listeners.allowedRoutes.namespaces + +"Namespaces indicates namespaces from which Routes may be attached to this Listener. This is restricted to the namespace of this Gateway by default. \n Support: Core" + +### fn spec.listeners.allowedRoutes.namespaces.withFrom + +```ts +withFrom(from) +``` + +"From indicates where Routes will be selected for this Gateway. Possible values are: * All: Routes in all namespaces may be used by this Gateway. * Selector: Routes in namespaces selected by the selector may be used by this Gateway. * Same: Only Routes in the same namespace may be used by this Gateway. \n Support: Core" + +## obj spec.listeners.allowedRoutes.namespaces.selector + +"Selector must be specified when From is set to \"Selector\". In that case, only Routes in Namespaces matching this Selector will be selected by this Gateway. This field is ignored for other values of \"From\". \n Support: Core" + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressions + +```ts +withMatchExpressions(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressionsMixin + +```ts +withMatchExpressionsMixin(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabels + +```ts +withMatchLabels(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabelsMixin + +```ts +withMatchLabelsMixin(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withKey + +```ts +withKey(key) +``` + +"key is the label key that the selector applies to." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withOperator + +```ts +withOperator(operator) +``` + +"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValues + +```ts +withValues(values) +``` + +"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValuesMixin + +```ts +withValuesMixin(values) +``` + +"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls + +"TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field if the Protocol field is \"HTTP\", \"TCP\", or \"UDP\". \n The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener. \n The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. \n Support: Core" + +### fn spec.listeners.tls.withCertificateRefs + +```ts +withCertificateRefs(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.withCertificateRefsMixin + +```ts +withCertificateRefsMixin(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.tls.withMode + +```ts +withMode(mode) +``` + +"Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: \n - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificateRefs to be set and contain at least one element. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRefs field is ignored in this mode. \n Support: Core" + +### fn spec.listeners.tls.withOptions + +```ts +withOptions(options) +``` + +"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \n Support: Implementation-specific" + +### fn spec.listeners.tls.withOptionsMixin + +```ts +withOptionsMixin(options) +``` + +"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \n Support: Implementation-specific" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls.certificateRefs + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.certificateRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.listeners.tls.certificateRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"Secret\"." + +### fn spec.listeners.tls.certificateRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.listeners.tls.certificateRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/v1alpha2/gatewayClass.md b/docs/0.7-experimental/gateway/v1alpha2/gatewayClass.md new file mode 100644 index 0000000..643eea3 --- /dev/null +++ b/docs/0.7-experimental/gateway/v1alpha2/gatewayClass.md @@ -0,0 +1,269 @@ +--- +permalink: /0.7-experimental/gateway/v1alpha2/gatewayClass/ +--- + +# gateway.v1alpha2.gatewayClass + +"GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \n It is recommended that this resource be used as a template for Gateways. This means that a Gateway is based on the state of the GatewayClass at the time it was created and changes to the GatewayClass or associated parameters are not propagated down to existing Gateways. This recommendation is intended to limit the blast radius of changes to GatewayClass or associated parameters. If implementations choose to propagate GatewayClass changes to existing Gateways, that MUST be clearly documented by the implementation. \n Whenever one or more Gateways are using a GatewayClass, implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the associated GatewayClass. This ensures that a GatewayClass associated with a Gateway is not deleted while in use. \n GatewayClass is a Cluster level resource." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withControllerName(controllerName)`](#fn-specwithcontrollername) + * [`fn withDescription(description)`](#fn-specwithdescription) + * [`obj spec.parametersRef`](#obj-specparametersref) + * [`fn withGroup(group)`](#fn-specparametersrefwithgroup) + * [`fn withKind(kind)`](#fn-specparametersrefwithkind) + * [`fn withName(name)`](#fn-specparametersrefwithname) + * [`fn withNamespace(namespace)`](#fn-specparametersrefwithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GatewayClass + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GatewayClass." + +### fn spec.withControllerName + +```ts +withControllerName(controllerName) +``` + +"ControllerName is the name of the controller that is managing Gateways of this class. The value of this field MUST be a domain prefixed path. \n Example: \"example.net/gateway-controller\". \n This field is not mutable and cannot be empty. \n Support: Core" + +### fn spec.withDescription + +```ts +withDescription(description) +``` + +"Description helps describe a GatewayClass with more details." + +## obj spec.parametersRef + +"ParametersRef is a reference to a resource that contains the configuration parameters corresponding to the GatewayClass. This is optional if the controller does not require any additional configuration. \n ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, or an implementation-specific custom resource. The resource can be cluster-scoped or namespace-scoped. \n If the referent cannot be found, the GatewayClass's \"InvalidParameters\" status condition will be true. \n Support: Implementation-specific" + +### fn spec.parametersRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent." + +### fn spec.parametersRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent." + +### fn spec.parametersRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.parametersRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. This field is required when referring to a Namespace-scoped resource and MUST be unset when referring to a Cluster-scoped resource." \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/v1alpha2/grpcRoute.md b/docs/0.7-experimental/gateway/v1alpha2/grpcRoute.md new file mode 100644 index 0000000..4c26181 --- /dev/null +++ b/docs/0.7-experimental/gateway/v1alpha2/grpcRoute.md @@ -0,0 +1,1208 @@ +--- +permalink: /0.7-experimental/gateway/v1alpha2/grpcRoute/ +--- + +# gateway.v1alpha2.grpcRoute + +"GRPCRoute provides a way to route gRPC requests. This includes the capability to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. Filters can be used to specify additional processing steps. Backends specify where matching requests will be routed. \n GRPCRoute falls under extended support within the Gateway API. Within the following specification, the word \"MUST\" indicates that an implementation supporting GRPCRoute must conform to the indicated requirement, but an implementation not supporting this route type need not follow the requirement unless explicitly indicated. \n Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via ALPN. If the implementation does not support this, then it MUST set the \"Accepted\" condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1. \n Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST support HTTP/2 over cleartext TCP (h2c, https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial upgrade from HTTP/1.1, i.e. with prior knowledge (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation does not support this, then it MUST set the \"Accepted\" condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1, i.e. without prior knowledge. \n Support: Extended" + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.method`](#obj-specrulesmatchesmethod) + * [`fn withMethod(method)`](#fn-specrulesmatchesmethodwithmethod) + * [`fn withService(service)`](#fn-specrulesmatchesmethodwithservice) + * [`fn withType(type)`](#fn-specrulesmatchesmethodwithtype) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GRPCRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GRPCRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. \n If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the GRPCRoute specified `test.example.com` and `test.example.net`, `test.example.net` MUST NOT be considered for a match. \n If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. \n Support: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. \n If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the GRPCRoute specified `test.example.com` and `test.example.net`, `test.example.net` MUST NOT be considered for a match. \n If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of GRPC matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of GRPC matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)" + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of GRPC matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or implementation-specific conformance. Support: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or implementation-specific conformance. Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \n If no matches are specified, the implementation MUST match every gRPC request. \n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \n If no matches are specified, the implementation MUST match every gRPC request. \n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations supporting GRPCRoute MUST support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n " + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific" + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or implementation-specific conformance. Support: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations supporting GRPCRoute MUST support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n " + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific" + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n Support: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \n If no matches are specified, the implementation MUST match every gRPC request. \n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the gRPC Header to be matched. \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of the gRPC Header to be matched." + +## obj spec.rules.matches.method + +"Method specifies a gRPC request service/method matcher. If this field is not specified, all services and methods will match." + +### fn spec.rules.matches.method.withMethod + +```ts +withMethod(method) +``` + +"Value of the method to match against. If left empty or omitted, will match all services. \n At least one of Service and Method MUST be a non-empty string." + +### fn spec.rules.matches.method.withService + +```ts +withService(service) +``` + +"Value of the service to match against. If left empty or omitted, will match any service. \n At least one of Service and Method MUST be a non-empty string." + +### fn spec.rules.matches.method.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the service and/or method. Support: Core (Exact with service and method specified) \n Support: Implementation-specific (Exact with method specified but no service specified) \n Support: Implementation-specific (RegularExpression)" \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/v1alpha2/httpRoute.md b/docs/0.7-experimental/gateway/v1alpha2/httpRoute.md new file mode 100644 index 0000000..4cba56e --- /dev/null +++ b/docs/0.7-experimental/gateway/v1alpha2/httpRoute.md @@ -0,0 +1,1498 @@ +--- +permalink: /0.7-experimental/gateway/v1alpha2/httpRoute/ +--- + +# gateway.v1alpha2.httpRoute + +"HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.requestRedirect`](#obj-specrulesbackendrefsfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesbackendrefsfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesbackendrefsfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.backendRefs.filters.requestRedirect.path`](#obj-specrulesbackendrefsfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithtype) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.urlRewrite`](#obj-specrulesbackendrefsfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersurlrewritewithhostname) + * [`obj spec.rules.backendRefs.filters.urlRewrite.path`](#obj-specrulesbackendrefsfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithtype) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.requestRedirect`](#obj-specrulesfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.filters.requestRedirect.path`](#obj-specrulesfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersrequestredirectpathwithtype) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters.urlRewrite`](#obj-specrulesfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersurlrewritewithhostname) + * [`obj spec.rules.filters.urlRewrite.path`](#obj-specrulesfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersurlrewritepathwithtype) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`fn withMethod(method)`](#fn-specrulesmatcheswithmethod) + * [`fn withQueryParams(queryParams)`](#fn-specrulesmatcheswithqueryparams) + * [`fn withQueryParamsMixin(queryParams)`](#fn-specrulesmatcheswithqueryparamsmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.path`](#obj-specrulesmatchespath) + * [`fn withType(type)`](#fn-specrulesmatchespathwithtype) + * [`fn withValue(value)`](#fn-specrulesmatchespathwithvalue) + * [`obj spec.rules.matches.queryParams`](#obj-specrulesmatchesqueryparams) + * [`fn withName(name)`](#fn-specrulesmatchesqueryparamswithname) + * [`fn withType(type)`](#fn-specrulesmatchesqueryparamswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesqueryparamswithvalue) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of HTTPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of HTTPRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match. \n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \n Support: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match. \n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)" + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or implementation-specific conformance. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \n Support: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or implementation-specific conformance. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific" + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.backendRefs.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core" + +## obj spec.rules.backendRefs.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not." + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.urlRewrite.path + +"Path defines a path rewrite. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not." + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or implementation-specific conformance. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \n Support: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific" + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n Support: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core" + +### fn spec.rules.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core" + +### fn spec.rules.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core" + +## obj spec.rules.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not." + +### fn spec.rules.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended" + +### fn spec.rules.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended" + +## obj spec.rules.filters.urlRewrite.path + +"Path defines a path rewrite. \n Support: Extended" + +### fn spec.rules.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not." + +### fn spec.rules.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +**Note:** This function appends passed data to existing values + +### fn spec.rules.matches.withMethod + +```ts +withMethod(method) +``` + +"Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \n Support: Extended" + +### fn spec.rules.matches.withQueryParams + +```ts +withQueryParams(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +### fn spec.rules.matches.withQueryParamsMixin + +```ts +withQueryParamsMixin(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent. \n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \"Set-Cookie\"." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header. \n Support: Core (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches.path + +"Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the \"/\" path is provided." + +### fn spec.rules.matches.path.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the path Value. \n Support: Core (Exact, PathPrefix) \n Support: Implementation-specific (RegularExpression)" + +### fn spec.rules.matches.path.withValue + +```ts +withValue(value) +``` + +"Value of the HTTP path to match against." + +## obj spec.rules.matches.queryParams + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +### fn spec.rules.matches.queryParams.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). \n If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. \n If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is *recommended* that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. \n Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations." + +### fn spec.rules.matches.queryParams.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the query parameter. \n Support: Extended (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect." + +### fn spec.rules.matches.queryParams.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP query param to be matched." \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/v1alpha2/index.md b/docs/0.7-experimental/gateway/v1alpha2/index.md new file mode 100644 index 0000000..8c53ac6 --- /dev/null +++ b/docs/0.7-experimental/gateway/v1alpha2/index.md @@ -0,0 +1,16 @@ +--- +permalink: /0.7-experimental/gateway/v1alpha2/ +--- + +# gateway.v1alpha2 + + + +* [gateway](gateway.md) +* [gatewayClass](gatewayClass.md) +* [grpcRoute](grpcRoute.md) +* [httpRoute](httpRoute.md) +* [referenceGrant](referenceGrant.md) +* [tcpRoute](tcpRoute.md) +* [tlsRoute](tlsRoute.md) +* [udpRoute](udpRoute.md) \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/v1alpha2/referenceGrant.md b/docs/0.7-experimental/gateway/v1alpha2/referenceGrant.md new file mode 100644 index 0000000..d91cdb8 --- /dev/null +++ b/docs/0.7-experimental/gateway/v1alpha2/referenceGrant.md @@ -0,0 +1,314 @@ +--- +permalink: /0.7-experimental/gateway/v1alpha2/referenceGrant/ +--- + +# gateway.v1alpha2.referenceGrant + +"ReferenceGrant identifies kinds of resources in other namespaces that are trusted to reference the specified kinds of resources in the same namespace as the policy. \n Each ReferenceGrant can be used to represent a unique trust relationship. Additional Reference Grants can be used to add to the set of trusted sources of inbound references for the namespace they are defined within. \n All cross-namespace references in Gateway API (with the exception of cross-namespace Gateway-route attachment) require a ReferenceGrant. \n ReferenceGrant is a form of runtime verification allowing users to assert which cross-namespace object references are permitted. Implementations that support ReferenceGrant MUST NOT permit cross-namespace references which have no grant, and MUST respond to the removal of a grant by revoking the access that the grant allowed. \n Support: Core" + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withFrom(from)`](#fn-specwithfrom) + * [`fn withFromMixin(from)`](#fn-specwithfrommixin) + * [`fn withTo(to)`](#fn-specwithto) + * [`fn withToMixin(to)`](#fn-specwithtomixin) + * [`obj spec.from`](#obj-specfrom) + * [`fn withGroup(group)`](#fn-specfromwithgroup) + * [`fn withKind(kind)`](#fn-specfromwithkind) + * [`fn withNamespace(namespace)`](#fn-specfromwithnamespace) + * [`obj spec.to`](#obj-specto) + * [`fn withGroup(group)`](#fn-spectowithgroup) + * [`fn withKind(kind)`](#fn-spectowithkind) + * [`fn withName(name)`](#fn-spectowithname) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of ReferenceGrant + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of ReferenceGrant." + +### fn spec.withFrom + +```ts +withFrom(from) +``` + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.withFromMixin + +```ts +withFromMixin(from) +``` + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withTo + +```ts +withTo(to) +``` + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.withToMixin + +```ts +withToMixin(to) +``` + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.from + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.from.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \n Support: Core" + +### fn spec.from.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \"Core\" support level for this field. \n When used to permit a SecretObjectReference: \n * Gateway \n When used to permit a BackendObjectReference: \n * GRPCRoute * HTTPRoute * TCPRoute * TLSRoute * UDPRoute" + +### fn spec.from.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. \n Support: Core" + +## obj spec.to + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.to.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \n Support: Core" + +### fn spec.to.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \"Core\" support level for this field: \n * Secret when used to permit a SecretObjectReference * Service when used to permit a BackendObjectReference" + +### fn spec.to.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. When unspecified, this policy refers to all resources of the specified Group and Kind in the local namespace." \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/v1alpha2/tcpRoute.md b/docs/0.7-experimental/gateway/v1alpha2/tcpRoute.md new file mode 100644 index 0000000..fd9085a --- /dev/null +++ b/docs/0.7-experimental/gateway/v1alpha2/tcpRoute.md @@ -0,0 +1,393 @@ +--- +permalink: /0.7-experimental/gateway/v1alpha2/tcpRoute/ +--- + +# gateway.v1alpha2.tcpRoute + +"TCPRoute provides a way to route TCP requests. When combined with a Gateway listener, it can be used to forward connections on the port specified by the listener to a set of backends specified by the TCPRoute." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of TCPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of TCPRoute." + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of TCP matchers and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of TCP matchers and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)" + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of TCP matchers and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/v1alpha2/tlsRoute.md b/docs/0.7-experimental/gateway/v1alpha2/tlsRoute.md new file mode 100644 index 0000000..ed0716a --- /dev/null +++ b/docs/0.7-experimental/gateway/v1alpha2/tlsRoute.md @@ -0,0 +1,413 @@ +--- +permalink: /0.7-experimental/gateway/v1alpha2/tlsRoute/ +--- + +# gateway.v1alpha2.tlsRoute + +"The TLSRoute resource is similar to TCPRoute, but can be configured to match against TLS-specific metadata. This allows more flexibility in matching streams for a given TLS listener. \n If you need to forward traffic to a single target for a TLS listener, you could choose to use a TCPRoute with a TLS listener." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of TLSRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of TLSRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed in SNI names per RFC 6066. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and TLSRoute, there must be at least one intersecting hostname for the TLSRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n If both the Listener and TLSRoute have specified hostnames, any TLSRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the TLSRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and TLSRoute have specified hostnames, and none match with the criteria above, then the TLSRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n Support: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed in SNI names per RFC 6066. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and TLSRoute, there must be at least one intersecting hostname for the TLSRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n If both the Listener and TLSRoute have specified hostnames, any TLSRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the TLSRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and TLSRoute have specified hostnames, and none match with the criteria above, then the TLSRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of TLS matchers and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of TLS matchers and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)" + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of TLS matchers and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/v1alpha2/udpRoute.md b/docs/0.7-experimental/gateway/v1alpha2/udpRoute.md new file mode 100644 index 0000000..fb2b004 --- /dev/null +++ b/docs/0.7-experimental/gateway/v1alpha2/udpRoute.md @@ -0,0 +1,393 @@ +--- +permalink: /0.7-experimental/gateway/v1alpha2/udpRoute/ +--- + +# gateway.v1alpha2.udpRoute + +"UDPRoute provides a way to route UDP traffic. When combined with a Gateway listener, it can be used to forward traffic on the port specified by the listener to a set of backends specified by the UDPRoute." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of UDPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of UDPRoute." + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of UDP matchers and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of UDP matchers and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)" + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of UDP matchers and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/v1beta1/gateway.md b/docs/0.7-experimental/gateway/v1beta1/gateway.md new file mode 100644 index 0000000..836b14f --- /dev/null +++ b/docs/0.7-experimental/gateway/v1beta1/gateway.md @@ -0,0 +1,568 @@ +--- +permalink: /0.7-experimental/gateway/v1beta1/gateway/ +--- + +# gateway.v1beta1.gateway + +"Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withAddresses(addresses)`](#fn-specwithaddresses) + * [`fn withAddressesMixin(addresses)`](#fn-specwithaddressesmixin) + * [`fn withGatewayClassName(gatewayClassName)`](#fn-specwithgatewayclassname) + * [`fn withListeners(listeners)`](#fn-specwithlisteners) + * [`fn withListenersMixin(listeners)`](#fn-specwithlistenersmixin) + * [`obj spec.addresses`](#obj-specaddresses) + * [`fn withType(type)`](#fn-specaddresseswithtype) + * [`fn withValue(value)`](#fn-specaddresseswithvalue) + * [`obj spec.listeners`](#obj-speclisteners) + * [`fn withHostname(hostname)`](#fn-speclistenerswithhostname) + * [`fn withName(name)`](#fn-speclistenerswithname) + * [`fn withPort(port)`](#fn-speclistenerswithport) + * [`fn withProtocol(protocol)`](#fn-speclistenerswithprotocol) + * [`obj spec.listeners.allowedRoutes`](#obj-speclistenersallowedroutes) + * [`fn withKinds(kinds)`](#fn-speclistenersallowedrouteswithkinds) + * [`fn withKindsMixin(kinds)`](#fn-speclistenersallowedrouteswithkindsmixin) + * [`obj spec.listeners.allowedRoutes.kinds`](#obj-speclistenersallowedrouteskinds) + * [`fn withGroup(group)`](#fn-speclistenersallowedrouteskindswithgroup) + * [`fn withKind(kind)`](#fn-speclistenersallowedrouteskindswithkind) + * [`obj spec.listeners.allowedRoutes.namespaces`](#obj-speclistenersallowedroutesnamespaces) + * [`fn withFrom(from)`](#fn-speclistenersallowedroutesnamespaceswithfrom) + * [`obj spec.listeners.allowedRoutes.namespaces.selector`](#obj-speclistenersallowedroutesnamespacesselector) + * [`fn withMatchExpressions(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressions) + * [`fn withMatchExpressionsMixin(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressionsmixin) + * [`fn withMatchLabels(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabels) + * [`fn withMatchLabelsMixin(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabelsmixin) + * [`obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions`](#obj-speclistenersallowedroutesnamespacesselectormatchexpressions) + * [`fn withKey(key)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithkey) + * [`fn withOperator(operator)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithoperator) + * [`fn withValues(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvalues) + * [`fn withValuesMixin(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvaluesmixin) + * [`obj spec.listeners.tls`](#obj-speclistenerstls) + * [`fn withCertificateRefs(certificateRefs)`](#fn-speclistenerstlswithcertificaterefs) + * [`fn withCertificateRefsMixin(certificateRefs)`](#fn-speclistenerstlswithcertificaterefsmixin) + * [`fn withMode(mode)`](#fn-speclistenerstlswithmode) + * [`fn withOptions(options)`](#fn-speclistenerstlswithoptions) + * [`fn withOptionsMixin(options)`](#fn-speclistenerstlswithoptionsmixin) + * [`obj spec.listeners.tls.certificateRefs`](#obj-speclistenerstlscertificaterefs) + * [`fn withGroup(group)`](#fn-speclistenerstlscertificaterefswithgroup) + * [`fn withKind(kind)`](#fn-speclistenerstlscertificaterefswithkind) + * [`fn withName(name)`](#fn-speclistenerstlscertificaterefswithname) + * [`fn withNamespace(namespace)`](#fn-speclistenerstlscertificaterefswithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of Gateway + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of Gateway." + +### fn spec.withAddresses + +```ts +withAddresses(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended" + +### fn spec.withAddressesMixin + +```ts +withAddressesMixin(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended" + +**Note:** This function appends passed data to existing values + +### fn spec.withGatewayClassName + +```ts +withGatewayClassName(gatewayClassName) +``` + +"GatewayClassName used for this Gateway. This is the name of a GatewayClass resource." + +### fn spec.withListeners + +```ts +withListeners(listeners) +``` + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \"compatible\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \n 1. Either each Listener within the group specifies the \"HTTP\" Protocol or each Listener within the group specifies either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener within the group specifies a Hostname that is unique within the group. \n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \"Conflicted\" condition in the Listener status. \n Support: Core" + +### fn spec.withListenersMixin + +```ts +withListenersMixin(listeners) +``` + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \"compatible\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \n 1. Either each Listener within the group specifies the \"HTTP\" Protocol or each Listener within the group specifies either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener within the group specifies a Hostname that is unique within the group. \n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \"Conflicted\" condition in the Listener status. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.addresses + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended" + +### fn spec.addresses.withType + +```ts +withType(type) +``` + +"Type of the address." + +### fn spec.addresses.withValue + +```ts +withValue(value) +``` + +"Value of the address. The validity of the values will depend on the type and support by the controller. \n Examples: `1.2.3.4`, `128::1`, `my-ip-address`." + +## obj spec.listeners + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \"compatible\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \n 1. Either each Listener within the group specifies the \"HTTP\" Protocol or each Listener within the group specifies either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener within the group specifies a Hostname that is unique within the group. \n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \"Conflicted\" condition in the Listener status. \n Support: Core" + +### fn spec.listeners.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. This field is ignored for protocols that don't require hostname based matching. \n Implementations MUST apply Hostname matching appropriately for each of the following protocols: \n * TLS: The Listener Hostname MUST match the SNI. * HTTP: The Listener Hostname MUST match the Host header of the request. * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP protocol layers as described above. If an implementation does not ensure that both the SNI and Host header match the Listener hostname, it MUST clearly document that. \n For HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` array. When both listener and route specify hostnames, there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n Support: Core" + +### fn spec.listeners.withName + +```ts +withName(name) +``` + +"Name is the name of the Listener. This name MUST be unique within a Gateway. \n Support: Core" + +### fn spec.listeners.withPort + +```ts +withPort(port) +``` + +"Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. \n Support: Core" + +### fn spec.listeners.withProtocol + +```ts +withProtocol(protocol) +``` + +"Protocol specifies the network protocol this listener expects to receive. \n Support: Core" + +## obj spec.listeners.allowedRoutes + +"AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present. \n Although a client request may match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria: \n * The most specific match as defined by the Route type. * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over a Route with a creation timestamp of \"2020-09-08 01:02:04\". * If everything else is equivalent, the Route appearing first in alphabetical order (namespace/name) should be given precedence. For example, foo/bar is given precedence over foo/baz. \n All valid rules within a Route attached to this Listener should be implemented. Invalid Route rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from valid to invalid, support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported. \n Support: Core" + +### fn spec.listeners.allowedRoutes.withKinds + +```ts +withKinds(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +### fn spec.listeners.allowedRoutes.withKindsMixin + +```ts +withKindsMixin(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.kinds + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +### fn spec.listeners.allowedRoutes.kinds.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the Route." + +### fn spec.listeners.allowedRoutes.kinds.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the Route." + +## obj spec.listeners.allowedRoutes.namespaces + +"Namespaces indicates namespaces from which Routes may be attached to this Listener. This is restricted to the namespace of this Gateway by default. \n Support: Core" + +### fn spec.listeners.allowedRoutes.namespaces.withFrom + +```ts +withFrom(from) +``` + +"From indicates where Routes will be selected for this Gateway. Possible values are: * All: Routes in all namespaces may be used by this Gateway. * Selector: Routes in namespaces selected by the selector may be used by this Gateway. * Same: Only Routes in the same namespace may be used by this Gateway. \n Support: Core" + +## obj spec.listeners.allowedRoutes.namespaces.selector + +"Selector must be specified when From is set to \"Selector\". In that case, only Routes in Namespaces matching this Selector will be selected by this Gateway. This field is ignored for other values of \"From\". \n Support: Core" + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressions + +```ts +withMatchExpressions(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressionsMixin + +```ts +withMatchExpressionsMixin(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabels + +```ts +withMatchLabels(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabelsMixin + +```ts +withMatchLabelsMixin(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withKey + +```ts +withKey(key) +``` + +"key is the label key that the selector applies to." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withOperator + +```ts +withOperator(operator) +``` + +"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValues + +```ts +withValues(values) +``` + +"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValuesMixin + +```ts +withValuesMixin(values) +``` + +"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls + +"TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field if the Protocol field is \"HTTP\", \"TCP\", or \"UDP\". \n The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener. \n The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. \n Support: Core" + +### fn spec.listeners.tls.withCertificateRefs + +```ts +withCertificateRefs(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.withCertificateRefsMixin + +```ts +withCertificateRefsMixin(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.tls.withMode + +```ts +withMode(mode) +``` + +"Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: \n - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificateRefs to be set and contain at least one element. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRefs field is ignored in this mode. \n Support: Core" + +### fn spec.listeners.tls.withOptions + +```ts +withOptions(options) +``` + +"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \n Support: Implementation-specific" + +### fn spec.listeners.tls.withOptionsMixin + +```ts +withOptionsMixin(options) +``` + +"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \n Support: Implementation-specific" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls.certificateRefs + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.certificateRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.listeners.tls.certificateRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"Secret\"." + +### fn spec.listeners.tls.certificateRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.listeners.tls.certificateRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/v1beta1/gatewayClass.md b/docs/0.7-experimental/gateway/v1beta1/gatewayClass.md new file mode 100644 index 0000000..900c8c7 --- /dev/null +++ b/docs/0.7-experimental/gateway/v1beta1/gatewayClass.md @@ -0,0 +1,269 @@ +--- +permalink: /0.7-experimental/gateway/v1beta1/gatewayClass/ +--- + +# gateway.v1beta1.gatewayClass + +"GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \n It is recommended that this resource be used as a template for Gateways. This means that a Gateway is based on the state of the GatewayClass at the time it was created and changes to the GatewayClass or associated parameters are not propagated down to existing Gateways. This recommendation is intended to limit the blast radius of changes to GatewayClass or associated parameters. If implementations choose to propagate GatewayClass changes to existing Gateways, that MUST be clearly documented by the implementation. \n Whenever one or more Gateways are using a GatewayClass, implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the associated GatewayClass. This ensures that a GatewayClass associated with a Gateway is not deleted while in use. \n GatewayClass is a Cluster level resource." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withControllerName(controllerName)`](#fn-specwithcontrollername) + * [`fn withDescription(description)`](#fn-specwithdescription) + * [`obj spec.parametersRef`](#obj-specparametersref) + * [`fn withGroup(group)`](#fn-specparametersrefwithgroup) + * [`fn withKind(kind)`](#fn-specparametersrefwithkind) + * [`fn withName(name)`](#fn-specparametersrefwithname) + * [`fn withNamespace(namespace)`](#fn-specparametersrefwithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GatewayClass + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GatewayClass." + +### fn spec.withControllerName + +```ts +withControllerName(controllerName) +``` + +"ControllerName is the name of the controller that is managing Gateways of this class. The value of this field MUST be a domain prefixed path. \n Example: \"example.net/gateway-controller\". \n This field is not mutable and cannot be empty. \n Support: Core" + +### fn spec.withDescription + +```ts +withDescription(description) +``` + +"Description helps describe a GatewayClass with more details." + +## obj spec.parametersRef + +"ParametersRef is a reference to a resource that contains the configuration parameters corresponding to the GatewayClass. This is optional if the controller does not require any additional configuration. \n ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, or an implementation-specific custom resource. The resource can be cluster-scoped or namespace-scoped. \n If the referent cannot be found, the GatewayClass's \"InvalidParameters\" status condition will be true. \n Support: Implementation-specific" + +### fn spec.parametersRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent." + +### fn spec.parametersRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent." + +### fn spec.parametersRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.parametersRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. This field is required when referring to a Namespace-scoped resource and MUST be unset when referring to a Cluster-scoped resource." \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/v1beta1/httpRoute.md b/docs/0.7-experimental/gateway/v1beta1/httpRoute.md new file mode 100644 index 0000000..bfad508 --- /dev/null +++ b/docs/0.7-experimental/gateway/v1beta1/httpRoute.md @@ -0,0 +1,1498 @@ +--- +permalink: /0.7-experimental/gateway/v1beta1/httpRoute/ +--- + +# gateway.v1beta1.httpRoute + +"HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.requestRedirect`](#obj-specrulesbackendrefsfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesbackendrefsfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesbackendrefsfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.backendRefs.filters.requestRedirect.path`](#obj-specrulesbackendrefsfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithtype) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.urlRewrite`](#obj-specrulesbackendrefsfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersurlrewritewithhostname) + * [`obj spec.rules.backendRefs.filters.urlRewrite.path`](#obj-specrulesbackendrefsfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithtype) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.requestRedirect`](#obj-specrulesfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.filters.requestRedirect.path`](#obj-specrulesfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersrequestredirectpathwithtype) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters.urlRewrite`](#obj-specrulesfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersurlrewritewithhostname) + * [`obj spec.rules.filters.urlRewrite.path`](#obj-specrulesfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersurlrewritepathwithtype) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`fn withMethod(method)`](#fn-specrulesmatcheswithmethod) + * [`fn withQueryParams(queryParams)`](#fn-specrulesmatcheswithqueryparams) + * [`fn withQueryParamsMixin(queryParams)`](#fn-specrulesmatcheswithqueryparamsmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.path`](#obj-specrulesmatchespath) + * [`fn withType(type)`](#fn-specrulesmatchespathwithtype) + * [`fn withValue(value)`](#fn-specrulesmatchespathwithvalue) + * [`obj spec.rules.matches.queryParams`](#obj-specrulesmatchesqueryparams) + * [`fn withName(name)`](#fn-specrulesmatchesqueryparamswithname) + * [`fn withType(type)`](#fn-specrulesmatchesqueryparamswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesqueryparamswithvalue) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of HTTPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of HTTPRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match. \n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \n Support: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match. \n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference." + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)" + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or implementation-specific conformance. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \n Support: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or implementation-specific conformance. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific" + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.backendRefs.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core" + +## obj spec.rules.backendRefs.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not." + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.urlRewrite.path + +"Path defines a path rewrite. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not." + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or implementation-specific conformance. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \n Support: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific" + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n Support: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core" + +### fn spec.rules.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core" + +### fn spec.rules.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core" + +## obj spec.rules.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not." + +### fn spec.rules.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended" + +### fn spec.rules.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended" + +## obj spec.rules.filters.urlRewrite.path + +"Path defines a path rewrite. \n Support: Extended" + +### fn spec.rules.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not." + +### fn spec.rules.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +**Note:** This function appends passed data to existing values + +### fn spec.rules.matches.withMethod + +```ts +withMethod(method) +``` + +"Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \n Support: Extended" + +### fn spec.rules.matches.withQueryParams + +```ts +withQueryParams(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +### fn spec.rules.matches.withQueryParamsMixin + +```ts +withQueryParamsMixin(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent. \n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \"Set-Cookie\"." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header. \n Support: Core (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches.path + +"Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the \"/\" path is provided." + +### fn spec.rules.matches.path.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the path Value. \n Support: Core (Exact, PathPrefix) \n Support: Implementation-specific (RegularExpression)" + +### fn spec.rules.matches.path.withValue + +```ts +withValue(value) +``` + +"Value of the HTTP path to match against." + +## obj spec.rules.matches.queryParams + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +### fn spec.rules.matches.queryParams.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). \n If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. \n If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is *recommended* that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. \n Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations." + +### fn spec.rules.matches.queryParams.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the query parameter. \n Support: Extended (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect." + +### fn spec.rules.matches.queryParams.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP query param to be matched." \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/v1beta1/index.md b/docs/0.7-experimental/gateway/v1beta1/index.md new file mode 100644 index 0000000..7ddd1dd --- /dev/null +++ b/docs/0.7-experimental/gateway/v1beta1/index.md @@ -0,0 +1,12 @@ +--- +permalink: /0.7-experimental/gateway/v1beta1/ +--- + +# gateway.v1beta1 + + + +* [gateway](gateway.md) +* [gatewayClass](gatewayClass.md) +* [httpRoute](httpRoute.md) +* [referenceGrant](referenceGrant.md) \ No newline at end of file diff --git a/docs/0.7-experimental/gateway/v1beta1/referenceGrant.md b/docs/0.7-experimental/gateway/v1beta1/referenceGrant.md new file mode 100644 index 0000000..db44267 --- /dev/null +++ b/docs/0.7-experimental/gateway/v1beta1/referenceGrant.md @@ -0,0 +1,314 @@ +--- +permalink: /0.7-experimental/gateway/v1beta1/referenceGrant/ +--- + +# gateway.v1beta1.referenceGrant + +"ReferenceGrant identifies kinds of resources in other namespaces that are trusted to reference the specified kinds of resources in the same namespace as the policy. \n Each ReferenceGrant can be used to represent a unique trust relationship. Additional Reference Grants can be used to add to the set of trusted sources of inbound references for the namespace they are defined within. \n All cross-namespace references in Gateway API (with the exception of cross-namespace Gateway-route attachment) require a ReferenceGrant. \n ReferenceGrant is a form of runtime verification allowing users to assert which cross-namespace object references are permitted. Implementations that support ReferenceGrant MUST NOT permit cross-namespace references which have no grant, and MUST respond to the removal of a grant by revoking the access that the grant allowed. \n Support: Core" + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withFrom(from)`](#fn-specwithfrom) + * [`fn withFromMixin(from)`](#fn-specwithfrommixin) + * [`fn withTo(to)`](#fn-specwithto) + * [`fn withToMixin(to)`](#fn-specwithtomixin) + * [`obj spec.from`](#obj-specfrom) + * [`fn withGroup(group)`](#fn-specfromwithgroup) + * [`fn withKind(kind)`](#fn-specfromwithkind) + * [`fn withNamespace(namespace)`](#fn-specfromwithnamespace) + * [`obj spec.to`](#obj-specto) + * [`fn withGroup(group)`](#fn-spectowithgroup) + * [`fn withKind(kind)`](#fn-spectowithkind) + * [`fn withName(name)`](#fn-spectowithname) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of ReferenceGrant + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of ReferenceGrant." + +### fn spec.withFrom + +```ts +withFrom(from) +``` + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.withFromMixin + +```ts +withFromMixin(from) +``` + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withTo + +```ts +withTo(to) +``` + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.withToMixin + +```ts +withToMixin(to) +``` + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.from + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.from.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \n Support: Core" + +### fn spec.from.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \"Core\" support level for this field. \n When used to permit a SecretObjectReference: \n * Gateway \n When used to permit a BackendObjectReference: \n * GRPCRoute * HTTPRoute * TCPRoute * TLSRoute * UDPRoute" + +### fn spec.from.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. \n Support: Core" + +## obj spec.to + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.to.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \n Support: Core" + +### fn spec.to.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \"Core\" support level for this field: \n * Secret when used to permit a SecretObjectReference * Service when used to permit a BackendObjectReference" + +### fn spec.to.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. When unspecified, this policy refers to all resources of the specified Group and Kind in the local namespace." \ No newline at end of file diff --git a/docs/0.8-experimental/README.md b/docs/0.8-experimental/README.md new file mode 100644 index 0000000..20caeb6 --- /dev/null +++ b/docs/0.8-experimental/README.md @@ -0,0 +1,13 @@ +--- +permalink: /0.8-experimental/ +--- + +# gateway-api + +```jsonnet +local gateway-api = import "github.com/jsonnet-libs/gateway-api-libsonnet/0.8-experimental/main.libsonnet" +``` + + + +* [gateway](gateway/index.md) \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/index.md b/docs/0.8-experimental/gateway/index.md new file mode 100644 index 0000000..253e44c --- /dev/null +++ b/docs/0.8-experimental/gateway/index.md @@ -0,0 +1,10 @@ +--- +permalink: /0.8-experimental/gateway/ +--- + +# gateway + + + +* [v1alpha2](v1alpha2/index.md) +* [v1beta1](v1beta1/index.md) \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/v1alpha2/gateway.md b/docs/0.8-experimental/gateway/v1alpha2/gateway.md new file mode 100644 index 0000000..3fca759 --- /dev/null +++ b/docs/0.8-experimental/gateway/v1alpha2/gateway.md @@ -0,0 +1,568 @@ +--- +permalink: /0.8-experimental/gateway/v1alpha2/gateway/ +--- + +# gateway.v1alpha2.gateway + +"Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withAddresses(addresses)`](#fn-specwithaddresses) + * [`fn withAddressesMixin(addresses)`](#fn-specwithaddressesmixin) + * [`fn withGatewayClassName(gatewayClassName)`](#fn-specwithgatewayclassname) + * [`fn withListeners(listeners)`](#fn-specwithlisteners) + * [`fn withListenersMixin(listeners)`](#fn-specwithlistenersmixin) + * [`obj spec.addresses`](#obj-specaddresses) + * [`fn withType(type)`](#fn-specaddresseswithtype) + * [`fn withValue(value)`](#fn-specaddresseswithvalue) + * [`obj spec.listeners`](#obj-speclisteners) + * [`fn withHostname(hostname)`](#fn-speclistenerswithhostname) + * [`fn withName(name)`](#fn-speclistenerswithname) + * [`fn withPort(port)`](#fn-speclistenerswithport) + * [`fn withProtocol(protocol)`](#fn-speclistenerswithprotocol) + * [`obj spec.listeners.allowedRoutes`](#obj-speclistenersallowedroutes) + * [`fn withKinds(kinds)`](#fn-speclistenersallowedrouteswithkinds) + * [`fn withKindsMixin(kinds)`](#fn-speclistenersallowedrouteswithkindsmixin) + * [`obj spec.listeners.allowedRoutes.kinds`](#obj-speclistenersallowedrouteskinds) + * [`fn withGroup(group)`](#fn-speclistenersallowedrouteskindswithgroup) + * [`fn withKind(kind)`](#fn-speclistenersallowedrouteskindswithkind) + * [`obj spec.listeners.allowedRoutes.namespaces`](#obj-speclistenersallowedroutesnamespaces) + * [`fn withFrom(from)`](#fn-speclistenersallowedroutesnamespaceswithfrom) + * [`obj spec.listeners.allowedRoutes.namespaces.selector`](#obj-speclistenersallowedroutesnamespacesselector) + * [`fn withMatchExpressions(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressions) + * [`fn withMatchExpressionsMixin(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressionsmixin) + * [`fn withMatchLabels(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabels) + * [`fn withMatchLabelsMixin(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabelsmixin) + * [`obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions`](#obj-speclistenersallowedroutesnamespacesselectormatchexpressions) + * [`fn withKey(key)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithkey) + * [`fn withOperator(operator)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithoperator) + * [`fn withValues(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvalues) + * [`fn withValuesMixin(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvaluesmixin) + * [`obj spec.listeners.tls`](#obj-speclistenerstls) + * [`fn withCertificateRefs(certificateRefs)`](#fn-speclistenerstlswithcertificaterefs) + * [`fn withCertificateRefsMixin(certificateRefs)`](#fn-speclistenerstlswithcertificaterefsmixin) + * [`fn withMode(mode)`](#fn-speclistenerstlswithmode) + * [`fn withOptions(options)`](#fn-speclistenerstlswithoptions) + * [`fn withOptionsMixin(options)`](#fn-speclistenerstlswithoptionsmixin) + * [`obj spec.listeners.tls.certificateRefs`](#obj-speclistenerstlscertificaterefs) + * [`fn withGroup(group)`](#fn-speclistenerstlscertificaterefswithgroup) + * [`fn withKind(kind)`](#fn-speclistenerstlscertificaterefswithkind) + * [`fn withName(name)`](#fn-speclistenerstlscertificaterefswithname) + * [`fn withNamespace(namespace)`](#fn-speclistenerstlscertificaterefswithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of Gateway + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of Gateway." + +### fn spec.withAddresses + +```ts +withAddresses(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended \n " + +### fn spec.withAddressesMixin + +```ts +withAddressesMixin(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withGatewayClassName + +```ts +withGatewayClassName(gatewayClassName) +``` + +"GatewayClassName used for this Gateway. This is the name of a GatewayClass resource." + +### fn spec.withListeners + +```ts +withListeners(listeners) +``` + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \n Within the HTTP Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \n 1. Port: 80, Protocol: HTTP 2. Port: 443, Protocol: HTTPS \n Within the TLS Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \n 1. Port: 443, Protocol: TLS \n Port and protocol combinations not listed above are considered Extended. \n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \"compatible\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \n 1. Either each Listener within the group specifies the \"HTTP\" Protocol or each Listener within the group specifies either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener within the group specifies a Hostname that is unique within the group. \n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \"Conflicted\" condition in the Listener status. \n Support: Core" + +### fn spec.withListenersMixin + +```ts +withListenersMixin(listeners) +``` + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \n Within the HTTP Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \n 1. Port: 80, Protocol: HTTP 2. Port: 443, Protocol: HTTPS \n Within the TLS Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \n 1. Port: 443, Protocol: TLS \n Port and protocol combinations not listed above are considered Extended. \n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \"compatible\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \n 1. Either each Listener within the group specifies the \"HTTP\" Protocol or each Listener within the group specifies either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener within the group specifies a Hostname that is unique within the group. \n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \"Conflicted\" condition in the Listener status. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.addresses + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended \n " + +### fn spec.addresses.withType + +```ts +withType(type) +``` + +"Type of the address." + +### fn spec.addresses.withValue + +```ts +withValue(value) +``` + +"Value of the address. The validity of the values will depend on the type and support by the controller. \n Examples: `1.2.3.4`, `128::1`, `my-ip-address`." + +## obj spec.listeners + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \n Within the HTTP Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \n 1. Port: 80, Protocol: HTTP 2. Port: 443, Protocol: HTTPS \n Within the TLS Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \n 1. Port: 443, Protocol: TLS \n Port and protocol combinations not listed above are considered Extended. \n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \"compatible\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \n 1. Either each Listener within the group specifies the \"HTTP\" Protocol or each Listener within the group specifies either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener within the group specifies a Hostname that is unique within the group. \n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \"Conflicted\" condition in the Listener status. \n Support: Core" + +### fn spec.listeners.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. This field is ignored for protocols that don't require hostname based matching. \n Implementations MUST apply Hostname matching appropriately for each of the following protocols: \n * TLS: The Listener Hostname MUST match the SNI. * HTTP: The Listener Hostname MUST match the Host header of the request. * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP protocol layers as described above. If an implementation does not ensure that both the SNI and Host header match the Listener hostname, it MUST clearly document that. \n For HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` array. When both listener and route specify hostnames, there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n Support: Core" + +### fn spec.listeners.withName + +```ts +withName(name) +``` + +"Name is the name of the Listener. This name MUST be unique within a Gateway. \n Support: Core" + +### fn spec.listeners.withPort + +```ts +withPort(port) +``` + +"Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. \n Support: Core" + +### fn spec.listeners.withProtocol + +```ts +withProtocol(protocol) +``` + +"Protocol specifies the network protocol this listener expects to receive. \n Support: Core" + +## obj spec.listeners.allowedRoutes + +"AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present. \n Although a client request may match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria: \n * The most specific match as defined by the Route type. * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over a Route with a creation timestamp of \"2020-09-08 01:02:04\". * If everything else is equivalent, the Route appearing first in alphabetical order (namespace/name) should be given precedence. For example, foo/bar is given precedence over foo/baz. \n All valid rules within a Route attached to this Listener should be implemented. Invalid Route rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from valid to invalid, support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported. \n Support: Core" + +### fn spec.listeners.allowedRoutes.withKinds + +```ts +withKinds(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +### fn spec.listeners.allowedRoutes.withKindsMixin + +```ts +withKindsMixin(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.kinds + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +### fn spec.listeners.allowedRoutes.kinds.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the Route." + +### fn spec.listeners.allowedRoutes.kinds.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the Route." + +## obj spec.listeners.allowedRoutes.namespaces + +"Namespaces indicates namespaces from which Routes may be attached to this Listener. This is restricted to the namespace of this Gateway by default. \n Support: Core" + +### fn spec.listeners.allowedRoutes.namespaces.withFrom + +```ts +withFrom(from) +``` + +"From indicates where Routes will be selected for this Gateway. Possible values are: \n * All: Routes in all namespaces may be used by this Gateway. * Selector: Routes in namespaces selected by the selector may be used by this Gateway. * Same: Only Routes in the same namespace may be used by this Gateway. \n Support: Core" + +## obj spec.listeners.allowedRoutes.namespaces.selector + +"Selector must be specified when From is set to \"Selector\". In that case, only Routes in Namespaces matching this Selector will be selected by this Gateway. This field is ignored for other values of \"From\". \n Support: Core" + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressions + +```ts +withMatchExpressions(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressionsMixin + +```ts +withMatchExpressionsMixin(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabels + +```ts +withMatchLabels(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabelsMixin + +```ts +withMatchLabelsMixin(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withKey + +```ts +withKey(key) +``` + +"key is the label key that the selector applies to." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withOperator + +```ts +withOperator(operator) +``` + +"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValues + +```ts +withValues(values) +``` + +"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValuesMixin + +```ts +withValuesMixin(values) +``` + +"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls + +"TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field if the Protocol field is \"HTTP\", \"TCP\", or \"UDP\". \n The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener. \n The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. \n Support: Core" + +### fn spec.listeners.tls.withCertificateRefs + +```ts +withCertificateRefs(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.withCertificateRefsMixin + +```ts +withCertificateRefsMixin(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.tls.withMode + +```ts +withMode(mode) +``` + +"Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: \n - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificateRefs to be set and contain at least one element. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRefs field is ignored in this mode. \n Support: Core" + +### fn spec.listeners.tls.withOptions + +```ts +withOptions(options) +``` + +"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \n Support: Implementation-specific" + +### fn spec.listeners.tls.withOptionsMixin + +```ts +withOptionsMixin(options) +``` + +"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \n Support: Implementation-specific" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls.certificateRefs + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.certificateRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.listeners.tls.certificateRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"Secret\"." + +### fn spec.listeners.tls.certificateRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.listeners.tls.certificateRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/v1alpha2/gatewayClass.md b/docs/0.8-experimental/gateway/v1alpha2/gatewayClass.md new file mode 100644 index 0000000..9abb720 --- /dev/null +++ b/docs/0.8-experimental/gateway/v1alpha2/gatewayClass.md @@ -0,0 +1,269 @@ +--- +permalink: /0.8-experimental/gateway/v1alpha2/gatewayClass/ +--- + +# gateway.v1alpha2.gatewayClass + +"GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \n It is recommended that this resource be used as a template for Gateways. This means that a Gateway is based on the state of the GatewayClass at the time it was created and changes to the GatewayClass or associated parameters are not propagated down to existing Gateways. This recommendation is intended to limit the blast radius of changes to GatewayClass or associated parameters. If implementations choose to propagate GatewayClass changes to existing Gateways, that MUST be clearly documented by the implementation. \n Whenever one or more Gateways are using a GatewayClass, implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the associated GatewayClass. This ensures that a GatewayClass associated with a Gateway is not deleted while in use. \n GatewayClass is a Cluster level resource." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withControllerName(controllerName)`](#fn-specwithcontrollername) + * [`fn withDescription(description)`](#fn-specwithdescription) + * [`obj spec.parametersRef`](#obj-specparametersref) + * [`fn withGroup(group)`](#fn-specparametersrefwithgroup) + * [`fn withKind(kind)`](#fn-specparametersrefwithkind) + * [`fn withName(name)`](#fn-specparametersrefwithname) + * [`fn withNamespace(namespace)`](#fn-specparametersrefwithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GatewayClass + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GatewayClass." + +### fn spec.withControllerName + +```ts +withControllerName(controllerName) +``` + +"ControllerName is the name of the controller that is managing Gateways of this class. The value of this field MUST be a domain prefixed path. \n Example: \"example.net/gateway-controller\". \n This field is not mutable and cannot be empty. \n Support: Core" + +### fn spec.withDescription + +```ts +withDescription(description) +``` + +"Description helps describe a GatewayClass with more details." + +## obj spec.parametersRef + +"ParametersRef is a reference to a resource that contains the configuration parameters corresponding to the GatewayClass. This is optional if the controller does not require any additional configuration. \n ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, or an implementation-specific custom resource. The resource can be cluster-scoped or namespace-scoped. \n If the referent cannot be found, the GatewayClass's \"InvalidParameters\" status condition will be true. \n Support: Implementation-specific" + +### fn spec.parametersRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent." + +### fn spec.parametersRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent." + +### fn spec.parametersRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.parametersRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. This field is required when referring to a Namespace-scoped resource and MUST be unset when referring to a Cluster-scoped resource." \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/v1alpha2/grpcRoute.md b/docs/0.8-experimental/gateway/v1alpha2/grpcRoute.md new file mode 100644 index 0000000..de04972 --- /dev/null +++ b/docs/0.8-experimental/gateway/v1alpha2/grpcRoute.md @@ -0,0 +1,1208 @@ +--- +permalink: /0.8-experimental/gateway/v1alpha2/grpcRoute/ +--- + +# gateway.v1alpha2.grpcRoute + +"GRPCRoute provides a way to route gRPC requests. This includes the capability to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. Filters can be used to specify additional processing steps. Backends specify where matching requests will be routed. \n GRPCRoute falls under extended support within the Gateway API. Within the following specification, the word \"MUST\" indicates that an implementation supporting GRPCRoute must conform to the indicated requirement, but an implementation not supporting this route type need not follow the requirement unless explicitly indicated. \n Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via ALPN. If the implementation does not support this, then it MUST set the \"Accepted\" condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1. \n Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST support HTTP/2 over cleartext TCP (h2c, https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial upgrade from HTTP/1.1, i.e. with prior knowledge (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation does not support this, then it MUST set the \"Accepted\" condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1, i.e. without prior knowledge." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.method`](#obj-specrulesmatchesmethod) + * [`fn withMethod(method)`](#fn-specrulesmatchesmethodwithmethod) + * [`fn withService(service)`](#fn-specrulesmatchesmethodwithservice) + * [`fn withType(type)`](#fn-specrulesmatchesmethodwithtype) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GRPCRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GRPCRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. \n If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the GRPCRoute specified `test.example.com` and `test.example.net`, `test.example.net` MUST NOT be considered for a match. \n If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. \n Support: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. \n If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the GRPCRoute specified `test.example.com` and `test.example.net`, `test.example.net` MUST NOT be considered for a match. \n If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of GRPC matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of GRPC matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of GRPC matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \n If no matches are specified, the implementation MUST match every gRPC request. \n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \n If no matches are specified, the implementation MUST match every gRPC request. \n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations supporting GRPCRoute MUST support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n " + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific \n This filter can be used multiple times within the same rule." + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations supporting GRPCRoute MUST support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n " + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific \n This filter can be used multiple times within the same rule." + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \n Support: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \n If no matches are specified, the implementation MUST match every gRPC request. \n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the gRPC Header to be matched. \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of the gRPC Header to be matched." + +## obj spec.rules.matches.method + +"Method specifies a gRPC request service/method matcher. If this field is not specified, all services and methods will match." + +### fn spec.rules.matches.method.withMethod + +```ts +withMethod(method) +``` + +"Value of the method to match against. If left empty or omitted, will match all services. \n At least one of Service and Method MUST be a non-empty string." + +### fn spec.rules.matches.method.withService + +```ts +withService(service) +``` + +"Value of the service to match against. If left empty or omitted, will match any service. \n At least one of Service and Method MUST be a non-empty string." + +### fn spec.rules.matches.method.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the service and/or method. Support: Core (Exact with service and method specified) \n Support: Implementation-specific (Exact with method specified but no service specified) \n Support: Implementation-specific (RegularExpression)" \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/v1alpha2/httpRoute.md b/docs/0.8-experimental/gateway/v1alpha2/httpRoute.md new file mode 100644 index 0000000..1cf0992 --- /dev/null +++ b/docs/0.8-experimental/gateway/v1alpha2/httpRoute.md @@ -0,0 +1,1498 @@ +--- +permalink: /0.8-experimental/gateway/v1alpha2/httpRoute/ +--- + +# gateway.v1alpha2.httpRoute + +"HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.requestRedirect`](#obj-specrulesbackendrefsfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesbackendrefsfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesbackendrefsfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.backendRefs.filters.requestRedirect.path`](#obj-specrulesbackendrefsfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithtype) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.urlRewrite`](#obj-specrulesbackendrefsfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersurlrewritewithhostname) + * [`obj spec.rules.backendRefs.filters.urlRewrite.path`](#obj-specrulesbackendrefsfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithtype) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.requestRedirect`](#obj-specrulesfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.filters.requestRedirect.path`](#obj-specrulesfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersrequestredirectpathwithtype) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters.urlRewrite`](#obj-specrulesfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersurlrewritewithhostname) + * [`obj spec.rules.filters.urlRewrite.path`](#obj-specrulesfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersurlrewritepathwithtype) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`fn withMethod(method)`](#fn-specrulesmatcheswithmethod) + * [`fn withQueryParams(queryParams)`](#fn-specrulesmatcheswithqueryparams) + * [`fn withQueryParamsMixin(queryParams)`](#fn-specrulesmatcheswithqueryparamsmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.path`](#obj-specrulesmatchespath) + * [`fn withType(type)`](#fn-specrulesmatchespathwithtype) + * [`fn withValue(value)`](#fn-specrulesmatchespathwithvalue) + * [`obj spec.rules.matches.queryParams`](#obj-specrulesmatchesqueryparams) + * [`fn withName(name)`](#fn-specrulesmatchesqueryparamswithname) + * [`fn withType(type)`](#fn-specrulesmatchesqueryparamswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesqueryparamswithvalue) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of HTTPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of HTTPRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \n Support: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n This filter can be used multiple times within the same rule. \n Support: Implementation-specific" + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.backendRefs.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core" + +## obj spec.rules.backendRefs.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.urlRewrite.path + +"Path defines a path rewrite. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n This filter can be used multiple times within the same rule. \n Support: Implementation-specific" + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \n Support: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core" + +### fn spec.rules.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core" + +### fn spec.rules.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core" + +## obj spec.rules.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended" + +### fn spec.rules.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended" + +## obj spec.rules.filters.urlRewrite.path + +"Path defines a path rewrite. \n Support: Extended" + +### fn spec.rules.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +**Note:** This function appends passed data to existing values + +### fn spec.rules.matches.withMethod + +```ts +withMethod(method) +``` + +"Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \n Support: Extended" + +### fn spec.rules.matches.withQueryParams + +```ts +withQueryParams(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +### fn spec.rules.matches.withQueryParamsMixin + +```ts +withQueryParamsMixin(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent. \n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \"Set-Cookie\"." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header. \n Support: Core (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches.path + +"Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the \"/\" path is provided." + +### fn spec.rules.matches.path.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the path Value. \n Support: Core (Exact, PathPrefix) \n Support: Implementation-specific (RegularExpression)" + +### fn spec.rules.matches.path.withValue + +```ts +withValue(value) +``` + +"Value of the HTTP path to match against." + +## obj spec.rules.matches.queryParams + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +### fn spec.rules.matches.queryParams.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). \n If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. \n If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is *recommended* that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. \n Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations." + +### fn spec.rules.matches.queryParams.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the query parameter. \n Support: Extended (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect." + +### fn spec.rules.matches.queryParams.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP query param to be matched." \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/v1alpha2/index.md b/docs/0.8-experimental/gateway/v1alpha2/index.md new file mode 100644 index 0000000..e190fcc --- /dev/null +++ b/docs/0.8-experimental/gateway/v1alpha2/index.md @@ -0,0 +1,16 @@ +--- +permalink: /0.8-experimental/gateway/v1alpha2/ +--- + +# gateway.v1alpha2 + + + +* [gateway](gateway.md) +* [gatewayClass](gatewayClass.md) +* [grpcRoute](grpcRoute.md) +* [httpRoute](httpRoute.md) +* [referenceGrant](referenceGrant.md) +* [tcpRoute](tcpRoute.md) +* [tlsRoute](tlsRoute.md) +* [udpRoute](udpRoute.md) \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/v1alpha2/referenceGrant.md b/docs/0.8-experimental/gateway/v1alpha2/referenceGrant.md new file mode 100644 index 0000000..bc44f46 --- /dev/null +++ b/docs/0.8-experimental/gateway/v1alpha2/referenceGrant.md @@ -0,0 +1,314 @@ +--- +permalink: /0.8-experimental/gateway/v1alpha2/referenceGrant/ +--- + +# gateway.v1alpha2.referenceGrant + +"ReferenceGrant identifies kinds of resources in other namespaces that are trusted to reference the specified kinds of resources in the same namespace as the policy. \n Each ReferenceGrant can be used to represent a unique trust relationship. Additional Reference Grants can be used to add to the set of trusted sources of inbound references for the namespace they are defined within. \n A ReferenceGrant is required for all cross-namespace references in Gateway API (with the exception of cross-namespace Route-Gateway attachment, which is governed by the AllowedRoutes configuration on the Gateway, and cross-namespace Service ParentRefs on a \"consumer\" mesh Route, which defines routing rules applicable only to workloads in the Route namespace). ReferenceGrants allowing a reference from a Route to a Service are only applicable to BackendRefs. \n ReferenceGrant is a form of runtime verification allowing users to assert which cross-namespace object references are permitted. Implementations that support ReferenceGrant MUST NOT permit cross-namespace references which have no grant, and MUST respond to the removal of a grant by revoking the access that the grant allowed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withFrom(from)`](#fn-specwithfrom) + * [`fn withFromMixin(from)`](#fn-specwithfrommixin) + * [`fn withTo(to)`](#fn-specwithto) + * [`fn withToMixin(to)`](#fn-specwithtomixin) + * [`obj spec.from`](#obj-specfrom) + * [`fn withGroup(group)`](#fn-specfromwithgroup) + * [`fn withKind(kind)`](#fn-specfromwithkind) + * [`fn withNamespace(namespace)`](#fn-specfromwithnamespace) + * [`obj spec.to`](#obj-specto) + * [`fn withGroup(group)`](#fn-spectowithgroup) + * [`fn withKind(kind)`](#fn-spectowithkind) + * [`fn withName(name)`](#fn-spectowithname) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of ReferenceGrant + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of ReferenceGrant." + +### fn spec.withFrom + +```ts +withFrom(from) +``` + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.withFromMixin + +```ts +withFromMixin(from) +``` + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withTo + +```ts +withTo(to) +``` + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.withToMixin + +```ts +withToMixin(to) +``` + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.from + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.from.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \n Support: Core" + +### fn spec.from.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \"Core\" support level for this field. \n When used to permit a SecretObjectReference: \n * Gateway \n When used to permit a BackendObjectReference: \n * GRPCRoute * HTTPRoute * TCPRoute * TLSRoute * UDPRoute" + +### fn spec.from.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. \n Support: Core" + +## obj spec.to + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.to.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \n Support: Core" + +### fn spec.to.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \"Core\" support level for this field: \n * Secret when used to permit a SecretObjectReference * Service when used to permit a BackendObjectReference" + +### fn spec.to.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. When unspecified, this policy refers to all resources of the specified Group and Kind in the local namespace." \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/v1alpha2/tcpRoute.md b/docs/0.8-experimental/gateway/v1alpha2/tcpRoute.md new file mode 100644 index 0000000..99a265f --- /dev/null +++ b/docs/0.8-experimental/gateway/v1alpha2/tcpRoute.md @@ -0,0 +1,393 @@ +--- +permalink: /0.8-experimental/gateway/v1alpha2/tcpRoute/ +--- + +# gateway.v1alpha2.tcpRoute + +"TCPRoute provides a way to route TCP requests. When combined with a Gateway listener, it can be used to forward connections on the port specified by the listener to a set of backends specified by the TCPRoute." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of TCPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of TCPRoute." + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of TCP matchers and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of TCP matchers and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of TCP matchers and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/v1alpha2/tlsRoute.md b/docs/0.8-experimental/gateway/v1alpha2/tlsRoute.md new file mode 100644 index 0000000..98ef896 --- /dev/null +++ b/docs/0.8-experimental/gateway/v1alpha2/tlsRoute.md @@ -0,0 +1,413 @@ +--- +permalink: /0.8-experimental/gateway/v1alpha2/tlsRoute/ +--- + +# gateway.v1alpha2.tlsRoute + +"The TLSRoute resource is similar to TCPRoute, but can be configured to match against TLS-specific metadata. This allows more flexibility in matching streams for a given TLS listener. \n If you need to forward traffic to a single target for a TLS listener, you could choose to use a TCPRoute with a TLS listener." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of TLSRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of TLSRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed in SNI names per RFC 6066. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and TLSRoute, there must be at least one intersecting hostname for the TLSRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n If both the Listener and TLSRoute have specified hostnames, any TLSRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the TLSRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and TLSRoute have specified hostnames, and none match with the criteria above, then the TLSRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n Support: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed in SNI names per RFC 6066. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and TLSRoute, there must be at least one intersecting hostname for the TLSRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n If both the Listener and TLSRoute have specified hostnames, any TLSRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the TLSRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and TLSRoute have specified hostnames, and none match with the criteria above, then the TLSRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of TLS matchers and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of TLS matchers and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of TLS matchers and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/v1alpha2/udpRoute.md b/docs/0.8-experimental/gateway/v1alpha2/udpRoute.md new file mode 100644 index 0000000..aa06e51 --- /dev/null +++ b/docs/0.8-experimental/gateway/v1alpha2/udpRoute.md @@ -0,0 +1,393 @@ +--- +permalink: /0.8-experimental/gateway/v1alpha2/udpRoute/ +--- + +# gateway.v1alpha2.udpRoute + +"UDPRoute provides a way to route UDP traffic. When combined with a Gateway listener, it can be used to forward traffic on the port specified by the listener to a set of backends specified by the UDPRoute." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of UDPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of UDPRoute." + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of UDP matchers and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of UDP matchers and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of UDP matchers and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/v1beta1/gateway.md b/docs/0.8-experimental/gateway/v1beta1/gateway.md new file mode 100644 index 0000000..9c1de80 --- /dev/null +++ b/docs/0.8-experimental/gateway/v1beta1/gateway.md @@ -0,0 +1,568 @@ +--- +permalink: /0.8-experimental/gateway/v1beta1/gateway/ +--- + +# gateway.v1beta1.gateway + +"Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withAddresses(addresses)`](#fn-specwithaddresses) + * [`fn withAddressesMixin(addresses)`](#fn-specwithaddressesmixin) + * [`fn withGatewayClassName(gatewayClassName)`](#fn-specwithgatewayclassname) + * [`fn withListeners(listeners)`](#fn-specwithlisteners) + * [`fn withListenersMixin(listeners)`](#fn-specwithlistenersmixin) + * [`obj spec.addresses`](#obj-specaddresses) + * [`fn withType(type)`](#fn-specaddresseswithtype) + * [`fn withValue(value)`](#fn-specaddresseswithvalue) + * [`obj spec.listeners`](#obj-speclisteners) + * [`fn withHostname(hostname)`](#fn-speclistenerswithhostname) + * [`fn withName(name)`](#fn-speclistenerswithname) + * [`fn withPort(port)`](#fn-speclistenerswithport) + * [`fn withProtocol(protocol)`](#fn-speclistenerswithprotocol) + * [`obj spec.listeners.allowedRoutes`](#obj-speclistenersallowedroutes) + * [`fn withKinds(kinds)`](#fn-speclistenersallowedrouteswithkinds) + * [`fn withKindsMixin(kinds)`](#fn-speclistenersallowedrouteswithkindsmixin) + * [`obj spec.listeners.allowedRoutes.kinds`](#obj-speclistenersallowedrouteskinds) + * [`fn withGroup(group)`](#fn-speclistenersallowedrouteskindswithgroup) + * [`fn withKind(kind)`](#fn-speclistenersallowedrouteskindswithkind) + * [`obj spec.listeners.allowedRoutes.namespaces`](#obj-speclistenersallowedroutesnamespaces) + * [`fn withFrom(from)`](#fn-speclistenersallowedroutesnamespaceswithfrom) + * [`obj spec.listeners.allowedRoutes.namespaces.selector`](#obj-speclistenersallowedroutesnamespacesselector) + * [`fn withMatchExpressions(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressions) + * [`fn withMatchExpressionsMixin(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressionsmixin) + * [`fn withMatchLabels(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabels) + * [`fn withMatchLabelsMixin(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabelsmixin) + * [`obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions`](#obj-speclistenersallowedroutesnamespacesselectormatchexpressions) + * [`fn withKey(key)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithkey) + * [`fn withOperator(operator)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithoperator) + * [`fn withValues(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvalues) + * [`fn withValuesMixin(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvaluesmixin) + * [`obj spec.listeners.tls`](#obj-speclistenerstls) + * [`fn withCertificateRefs(certificateRefs)`](#fn-speclistenerstlswithcertificaterefs) + * [`fn withCertificateRefsMixin(certificateRefs)`](#fn-speclistenerstlswithcertificaterefsmixin) + * [`fn withMode(mode)`](#fn-speclistenerstlswithmode) + * [`fn withOptions(options)`](#fn-speclistenerstlswithoptions) + * [`fn withOptionsMixin(options)`](#fn-speclistenerstlswithoptionsmixin) + * [`obj spec.listeners.tls.certificateRefs`](#obj-speclistenerstlscertificaterefs) + * [`fn withGroup(group)`](#fn-speclistenerstlscertificaterefswithgroup) + * [`fn withKind(kind)`](#fn-speclistenerstlscertificaterefswithkind) + * [`fn withName(name)`](#fn-speclistenerstlscertificaterefswithname) + * [`fn withNamespace(namespace)`](#fn-speclistenerstlscertificaterefswithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of Gateway + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of Gateway." + +### fn spec.withAddresses + +```ts +withAddresses(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended \n " + +### fn spec.withAddressesMixin + +```ts +withAddressesMixin(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withGatewayClassName + +```ts +withGatewayClassName(gatewayClassName) +``` + +"GatewayClassName used for this Gateway. This is the name of a GatewayClass resource." + +### fn spec.withListeners + +```ts +withListeners(listeners) +``` + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \n Within the HTTP Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \n 1. Port: 80, Protocol: HTTP 2. Port: 443, Protocol: HTTPS \n Within the TLS Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \n 1. Port: 443, Protocol: TLS \n Port and protocol combinations not listed above are considered Extended. \n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \"compatible\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \n 1. Either each Listener within the group specifies the \"HTTP\" Protocol or each Listener within the group specifies either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener within the group specifies a Hostname that is unique within the group. \n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \"Conflicted\" condition in the Listener status. \n Support: Core" + +### fn spec.withListenersMixin + +```ts +withListenersMixin(listeners) +``` + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \n Within the HTTP Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \n 1. Port: 80, Protocol: HTTP 2. Port: 443, Protocol: HTTPS \n Within the TLS Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \n 1. Port: 443, Protocol: TLS \n Port and protocol combinations not listed above are considered Extended. \n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \"compatible\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \n 1. Either each Listener within the group specifies the \"HTTP\" Protocol or each Listener within the group specifies either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener within the group specifies a Hostname that is unique within the group. \n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \"Conflicted\" condition in the Listener status. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.addresses + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended \n " + +### fn spec.addresses.withType + +```ts +withType(type) +``` + +"Type of the address." + +### fn spec.addresses.withValue + +```ts +withValue(value) +``` + +"Value of the address. The validity of the values will depend on the type and support by the controller. \n Examples: `1.2.3.4`, `128::1`, `my-ip-address`." + +## obj spec.listeners + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. \n Within the HTTP Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \n 1. Port: 80, Protocol: HTTP 2. Port: 443, Protocol: HTTPS \n Within the TLS Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported: \n 1. Port: 443, Protocol: TLS \n Port and protocol combinations not listed above are considered Extended. \n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \"compatible\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \n 1. Either each Listener within the group specifies the \"HTTP\" Protocol or each Listener within the group specifies either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener within the group specifies a Hostname that is unique within the group. \n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \"Conflicted\" condition in the Listener status. \n Support: Core" + +### fn spec.listeners.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. This field is ignored for protocols that don't require hostname based matching. \n Implementations MUST apply Hostname matching appropriately for each of the following protocols: \n * TLS: The Listener Hostname MUST match the SNI. * HTTP: The Listener Hostname MUST match the Host header of the request. * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP protocol layers as described above. If an implementation does not ensure that both the SNI and Host header match the Listener hostname, it MUST clearly document that. \n For HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` array. When both listener and route specify hostnames, there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n Support: Core" + +### fn spec.listeners.withName + +```ts +withName(name) +``` + +"Name is the name of the Listener. This name MUST be unique within a Gateway. \n Support: Core" + +### fn spec.listeners.withPort + +```ts +withPort(port) +``` + +"Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. \n Support: Core" + +### fn spec.listeners.withProtocol + +```ts +withProtocol(protocol) +``` + +"Protocol specifies the network protocol this listener expects to receive. \n Support: Core" + +## obj spec.listeners.allowedRoutes + +"AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present. \n Although a client request may match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria: \n * The most specific match as defined by the Route type. * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over a Route with a creation timestamp of \"2020-09-08 01:02:04\". * If everything else is equivalent, the Route appearing first in alphabetical order (namespace/name) should be given precedence. For example, foo/bar is given precedence over foo/baz. \n All valid rules within a Route attached to this Listener should be implemented. Invalid Route rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from valid to invalid, support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported. \n Support: Core" + +### fn spec.listeners.allowedRoutes.withKinds + +```ts +withKinds(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +### fn spec.listeners.allowedRoutes.withKindsMixin + +```ts +withKindsMixin(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.kinds + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +### fn spec.listeners.allowedRoutes.kinds.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the Route." + +### fn spec.listeners.allowedRoutes.kinds.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the Route." + +## obj spec.listeners.allowedRoutes.namespaces + +"Namespaces indicates namespaces from which Routes may be attached to this Listener. This is restricted to the namespace of this Gateway by default. \n Support: Core" + +### fn spec.listeners.allowedRoutes.namespaces.withFrom + +```ts +withFrom(from) +``` + +"From indicates where Routes will be selected for this Gateway. Possible values are: \n * All: Routes in all namespaces may be used by this Gateway. * Selector: Routes in namespaces selected by the selector may be used by this Gateway. * Same: Only Routes in the same namespace may be used by this Gateway. \n Support: Core" + +## obj spec.listeners.allowedRoutes.namespaces.selector + +"Selector must be specified when From is set to \"Selector\". In that case, only Routes in Namespaces matching this Selector will be selected by this Gateway. This field is ignored for other values of \"From\". \n Support: Core" + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressions + +```ts +withMatchExpressions(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressionsMixin + +```ts +withMatchExpressionsMixin(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabels + +```ts +withMatchLabels(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabelsMixin + +```ts +withMatchLabelsMixin(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withKey + +```ts +withKey(key) +``` + +"key is the label key that the selector applies to." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withOperator + +```ts +withOperator(operator) +``` + +"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValues + +```ts +withValues(values) +``` + +"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValuesMixin + +```ts +withValuesMixin(values) +``` + +"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls + +"TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field if the Protocol field is \"HTTP\", \"TCP\", or \"UDP\". \n The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener. \n The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. \n Support: Core" + +### fn spec.listeners.tls.withCertificateRefs + +```ts +withCertificateRefs(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.withCertificateRefsMixin + +```ts +withCertificateRefsMixin(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.tls.withMode + +```ts +withMode(mode) +``` + +"Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: \n - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificateRefs to be set and contain at least one element. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRefs field is ignored in this mode. \n Support: Core" + +### fn spec.listeners.tls.withOptions + +```ts +withOptions(options) +``` + +"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \n Support: Implementation-specific" + +### fn spec.listeners.tls.withOptionsMixin + +```ts +withOptionsMixin(options) +``` + +"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \n Support: Implementation-specific" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls.certificateRefs + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.certificateRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.listeners.tls.certificateRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"Secret\"." + +### fn spec.listeners.tls.certificateRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.listeners.tls.certificateRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/v1beta1/gatewayClass.md b/docs/0.8-experimental/gateway/v1beta1/gatewayClass.md new file mode 100644 index 0000000..b477459 --- /dev/null +++ b/docs/0.8-experimental/gateway/v1beta1/gatewayClass.md @@ -0,0 +1,269 @@ +--- +permalink: /0.8-experimental/gateway/v1beta1/gatewayClass/ +--- + +# gateway.v1beta1.gatewayClass + +"GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \n It is recommended that this resource be used as a template for Gateways. This means that a Gateway is based on the state of the GatewayClass at the time it was created and changes to the GatewayClass or associated parameters are not propagated down to existing Gateways. This recommendation is intended to limit the blast radius of changes to GatewayClass or associated parameters. If implementations choose to propagate GatewayClass changes to existing Gateways, that MUST be clearly documented by the implementation. \n Whenever one or more Gateways are using a GatewayClass, implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the associated GatewayClass. This ensures that a GatewayClass associated with a Gateway is not deleted while in use. \n GatewayClass is a Cluster level resource." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withControllerName(controllerName)`](#fn-specwithcontrollername) + * [`fn withDescription(description)`](#fn-specwithdescription) + * [`obj spec.parametersRef`](#obj-specparametersref) + * [`fn withGroup(group)`](#fn-specparametersrefwithgroup) + * [`fn withKind(kind)`](#fn-specparametersrefwithkind) + * [`fn withName(name)`](#fn-specparametersrefwithname) + * [`fn withNamespace(namespace)`](#fn-specparametersrefwithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GatewayClass + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GatewayClass." + +### fn spec.withControllerName + +```ts +withControllerName(controllerName) +``` + +"ControllerName is the name of the controller that is managing Gateways of this class. The value of this field MUST be a domain prefixed path. \n Example: \"example.net/gateway-controller\". \n This field is not mutable and cannot be empty. \n Support: Core" + +### fn spec.withDescription + +```ts +withDescription(description) +``` + +"Description helps describe a GatewayClass with more details." + +## obj spec.parametersRef + +"ParametersRef is a reference to a resource that contains the configuration parameters corresponding to the GatewayClass. This is optional if the controller does not require any additional configuration. \n ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, or an implementation-specific custom resource. The resource can be cluster-scoped or namespace-scoped. \n If the referent cannot be found, the GatewayClass's \"InvalidParameters\" status condition will be true. \n Support: Implementation-specific" + +### fn spec.parametersRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent." + +### fn spec.parametersRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent." + +### fn spec.parametersRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.parametersRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. This field is required when referring to a Namespace-scoped resource and MUST be unset when referring to a Cluster-scoped resource." \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/v1beta1/httpRoute.md b/docs/0.8-experimental/gateway/v1beta1/httpRoute.md new file mode 100644 index 0000000..4e9b6b2 --- /dev/null +++ b/docs/0.8-experimental/gateway/v1beta1/httpRoute.md @@ -0,0 +1,1498 @@ +--- +permalink: /0.8-experimental/gateway/v1beta1/httpRoute/ +--- + +# gateway.v1beta1.httpRoute + +"HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.requestRedirect`](#obj-specrulesbackendrefsfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesbackendrefsfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesbackendrefsfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.backendRefs.filters.requestRedirect.path`](#obj-specrulesbackendrefsfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithtype) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.urlRewrite`](#obj-specrulesbackendrefsfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersurlrewritewithhostname) + * [`obj spec.rules.backendRefs.filters.urlRewrite.path`](#obj-specrulesbackendrefsfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithtype) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.requestRedirect`](#obj-specrulesfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.filters.requestRedirect.path`](#obj-specrulesfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersrequestredirectpathwithtype) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters.urlRewrite`](#obj-specrulesfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersurlrewritewithhostname) + * [`obj spec.rules.filters.urlRewrite.path`](#obj-specrulesfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersurlrewritepathwithtype) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`fn withMethod(method)`](#fn-specrulesmatcheswithmethod) + * [`fn withQueryParams(queryParams)`](#fn-specrulesmatcheswithqueryparams) + * [`fn withQueryParamsMixin(queryParams)`](#fn-specrulesmatcheswithqueryparamsmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.path`](#obj-specrulesmatchespath) + * [`fn withType(type)`](#fn-specrulesmatchespathwithtype) + * [`fn withValue(value)`](#fn-specrulesmatchespathwithvalue) + * [`obj spec.rules.matches.queryParams`](#obj-specrulesmatchesqueryparams) + * [`fn withName(name)`](#fn-specrulesmatchesqueryparamswithname) + * [`fn withType(type)`](#fn-specrulesmatchesqueryparamswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesqueryparamswithvalue) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of HTTPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of HTTPRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \n Support: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as two separate Listeners on the same Gateway or two separate ports on the same Service. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n This filter can be used multiple times within the same rule. \n Support: Implementation-specific" + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.backendRefs.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core" + +## obj spec.rules.backendRefs.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.urlRewrite.path + +"Path defines a path rewrite. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n This filter can be used multiple times within the same rule. \n Support: Implementation-specific" + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \n Support: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core" + +### fn spec.rules.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core" + +### fn spec.rules.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core" + +## obj spec.rules.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended" + +### fn spec.rules.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended" + +## obj spec.rules.filters.urlRewrite.path + +"Path defines a path rewrite. \n Support: Extended" + +### fn spec.rules.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +**Note:** This function appends passed data to existing values + +### fn spec.rules.matches.withMethod + +```ts +withMethod(method) +``` + +"Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \n Support: Extended" + +### fn spec.rules.matches.withQueryParams + +```ts +withQueryParams(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +### fn spec.rules.matches.withQueryParamsMixin + +```ts +withQueryParamsMixin(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent. \n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \"Set-Cookie\"." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header. \n Support: Core (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches.path + +"Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the \"/\" path is provided." + +### fn spec.rules.matches.path.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the path Value. \n Support: Core (Exact, PathPrefix) \n Support: Implementation-specific (RegularExpression)" + +### fn spec.rules.matches.path.withValue + +```ts +withValue(value) +``` + +"Value of the HTTP path to match against." + +## obj spec.rules.matches.queryParams + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +### fn spec.rules.matches.queryParams.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). \n If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. \n If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is *recommended* that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. \n Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations." + +### fn spec.rules.matches.queryParams.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the query parameter. \n Support: Extended (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect." + +### fn spec.rules.matches.queryParams.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP query param to be matched." \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/v1beta1/index.md b/docs/0.8-experimental/gateway/v1beta1/index.md new file mode 100644 index 0000000..89eca2b --- /dev/null +++ b/docs/0.8-experimental/gateway/v1beta1/index.md @@ -0,0 +1,12 @@ +--- +permalink: /0.8-experimental/gateway/v1beta1/ +--- + +# gateway.v1beta1 + + + +* [gateway](gateway.md) +* [gatewayClass](gatewayClass.md) +* [httpRoute](httpRoute.md) +* [referenceGrant](referenceGrant.md) \ No newline at end of file diff --git a/docs/0.8-experimental/gateway/v1beta1/referenceGrant.md b/docs/0.8-experimental/gateway/v1beta1/referenceGrant.md new file mode 100644 index 0000000..15582fd --- /dev/null +++ b/docs/0.8-experimental/gateway/v1beta1/referenceGrant.md @@ -0,0 +1,314 @@ +--- +permalink: /0.8-experimental/gateway/v1beta1/referenceGrant/ +--- + +# gateway.v1beta1.referenceGrant + +"ReferenceGrant identifies kinds of resources in other namespaces that are trusted to reference the specified kinds of resources in the same namespace as the policy. \n Each ReferenceGrant can be used to represent a unique trust relationship. Additional Reference Grants can be used to add to the set of trusted sources of inbound references for the namespace they are defined within. \n All cross-namespace references in Gateway API (with the exception of cross-namespace Gateway-route attachment) require a ReferenceGrant. \n ReferenceGrant is a form of runtime verification allowing users to assert which cross-namespace object references are permitted. Implementations that support ReferenceGrant MUST NOT permit cross-namespace references which have no grant, and MUST respond to the removal of a grant by revoking the access that the grant allowed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withFrom(from)`](#fn-specwithfrom) + * [`fn withFromMixin(from)`](#fn-specwithfrommixin) + * [`fn withTo(to)`](#fn-specwithto) + * [`fn withToMixin(to)`](#fn-specwithtomixin) + * [`obj spec.from`](#obj-specfrom) + * [`fn withGroup(group)`](#fn-specfromwithgroup) + * [`fn withKind(kind)`](#fn-specfromwithkind) + * [`fn withNamespace(namespace)`](#fn-specfromwithnamespace) + * [`obj spec.to`](#obj-specto) + * [`fn withGroup(group)`](#fn-spectowithgroup) + * [`fn withKind(kind)`](#fn-spectowithkind) + * [`fn withName(name)`](#fn-spectowithname) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of ReferenceGrant + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of ReferenceGrant." + +### fn spec.withFrom + +```ts +withFrom(from) +``` + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.withFromMixin + +```ts +withFromMixin(from) +``` + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withTo + +```ts +withTo(to) +``` + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.withToMixin + +```ts +withToMixin(to) +``` + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.from + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.from.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \n Support: Core" + +### fn spec.from.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \"Core\" support level for this field. \n When used to permit a SecretObjectReference: \n * Gateway \n When used to permit a BackendObjectReference: \n * GRPCRoute * HTTPRoute * TCPRoute * TLSRoute * UDPRoute" + +### fn spec.from.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. \n Support: Core" + +## obj spec.to + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.to.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \n Support: Core" + +### fn spec.to.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \"Core\" support level for this field: \n * Secret when used to permit a SecretObjectReference * Service when used to permit a BackendObjectReference" + +### fn spec.to.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. When unspecified, this policy refers to all resources of the specified Group and Kind in the local namespace." \ No newline at end of file diff --git a/docs/1.0-experimental/README.md b/docs/1.0-experimental/README.md new file mode 100644 index 0000000..94d94f8 --- /dev/null +++ b/docs/1.0-experimental/README.md @@ -0,0 +1,13 @@ +--- +permalink: /1.0-experimental/ +--- + +# gateway-api + +```jsonnet +local gateway-api = import "github.com/jsonnet-libs/gateway-api-libsonnet/1.0-experimental/main.libsonnet" +``` + + + +* [gateway](gateway/index.md) \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/index.md b/docs/1.0-experimental/gateway/index.md new file mode 100644 index 0000000..2762bf1 --- /dev/null +++ b/docs/1.0-experimental/gateway/index.md @@ -0,0 +1,11 @@ +--- +permalink: /1.0-experimental/gateway/ +--- + +# gateway + + + +* [v1](v1/index.md) +* [v1alpha2](v1alpha2/index.md) +* [v1beta1](v1beta1/index.md) \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1/gateway.md b/docs/1.0-experimental/gateway/v1/gateway.md new file mode 100644 index 0000000..800e4f0 --- /dev/null +++ b/docs/1.0-experimental/gateway/v1/gateway.md @@ -0,0 +1,613 @@ +--- +permalink: /1.0-experimental/gateway/v1/gateway/ +--- + +# gateway.v1.gateway + +"Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withAddresses(addresses)`](#fn-specwithaddresses) + * [`fn withAddressesMixin(addresses)`](#fn-specwithaddressesmixin) + * [`fn withGatewayClassName(gatewayClassName)`](#fn-specwithgatewayclassname) + * [`fn withListeners(listeners)`](#fn-specwithlisteners) + * [`fn withListenersMixin(listeners)`](#fn-specwithlistenersmixin) + * [`obj spec.addresses`](#obj-specaddresses) + * [`fn withType(type)`](#fn-specaddresseswithtype) + * [`fn withValue(value)`](#fn-specaddresseswithvalue) + * [`obj spec.infrastructure`](#obj-specinfrastructure) + * [`fn withAnnotations(annotations)`](#fn-specinfrastructurewithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-specinfrastructurewithannotationsmixin) + * [`fn withLabels(labels)`](#fn-specinfrastructurewithlabels) + * [`fn withLabelsMixin(labels)`](#fn-specinfrastructurewithlabelsmixin) + * [`obj spec.listeners`](#obj-speclisteners) + * [`fn withHostname(hostname)`](#fn-speclistenerswithhostname) + * [`fn withName(name)`](#fn-speclistenerswithname) + * [`fn withPort(port)`](#fn-speclistenerswithport) + * [`fn withProtocol(protocol)`](#fn-speclistenerswithprotocol) + * [`obj spec.listeners.allowedRoutes`](#obj-speclistenersallowedroutes) + * [`fn withKinds(kinds)`](#fn-speclistenersallowedrouteswithkinds) + * [`fn withKindsMixin(kinds)`](#fn-speclistenersallowedrouteswithkindsmixin) + * [`obj spec.listeners.allowedRoutes.kinds`](#obj-speclistenersallowedrouteskinds) + * [`fn withGroup(group)`](#fn-speclistenersallowedrouteskindswithgroup) + * [`fn withKind(kind)`](#fn-speclistenersallowedrouteskindswithkind) + * [`obj spec.listeners.allowedRoutes.namespaces`](#obj-speclistenersallowedroutesnamespaces) + * [`fn withFrom(from)`](#fn-speclistenersallowedroutesnamespaceswithfrom) + * [`obj spec.listeners.allowedRoutes.namespaces.selector`](#obj-speclistenersallowedroutesnamespacesselector) + * [`fn withMatchExpressions(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressions) + * [`fn withMatchExpressionsMixin(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressionsmixin) + * [`fn withMatchLabels(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabels) + * [`fn withMatchLabelsMixin(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabelsmixin) + * [`obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions`](#obj-speclistenersallowedroutesnamespacesselectormatchexpressions) + * [`fn withKey(key)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithkey) + * [`fn withOperator(operator)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithoperator) + * [`fn withValues(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvalues) + * [`fn withValuesMixin(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvaluesmixin) + * [`obj spec.listeners.tls`](#obj-speclistenerstls) + * [`fn withCertificateRefs(certificateRefs)`](#fn-speclistenerstlswithcertificaterefs) + * [`fn withCertificateRefsMixin(certificateRefs)`](#fn-speclistenerstlswithcertificaterefsmixin) + * [`fn withMode(mode)`](#fn-speclistenerstlswithmode) + * [`fn withOptions(options)`](#fn-speclistenerstlswithoptions) + * [`fn withOptionsMixin(options)`](#fn-speclistenerstlswithoptionsmixin) + * [`obj spec.listeners.tls.certificateRefs`](#obj-speclistenerstlscertificaterefs) + * [`fn withGroup(group)`](#fn-speclistenerstlscertificaterefswithgroup) + * [`fn withKind(kind)`](#fn-speclistenerstlscertificaterefswithkind) + * [`fn withName(name)`](#fn-speclistenerstlscertificaterefswithname) + * [`fn withNamespace(namespace)`](#fn-speclistenerstlscertificaterefswithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of Gateway + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of Gateway." + +### fn spec.withAddresses + +```ts +withAddresses(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended \n " + +### fn spec.withAddressesMixin + +```ts +withAddressesMixin(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withGatewayClassName + +```ts +withGatewayClassName(gatewayClassName) +``` + +"GatewayClassName used for this Gateway. This is the name of a GatewayClass resource." + +### fn spec.withListeners + +```ts +withListeners(listeners) +``` + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses \"set of Listeners\" rather than \"Listeners in a single Gateway\" because implementations MAY merge configuration from multiple Gateways onto a single data plane, and these rules _also_ apply in that case). \n Practically, this means that each listener in a set MUST have a unique combination of Port, Protocol, and, if supported by the protocol, Hostname. \n Some combinations of port, protocol, and TLS settings are considered Core support and MUST be supported by implementations based on their targeted conformance profile: \n HTTP Profile \n 1. HTTPRoute, Port: 80, Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided \n TLS Profile \n 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough \n \"Distinct\" Listeners have the following property: \n The implementation can match inbound requests to a single distinct Listener. When multiple Listeners share values for fields (for example, two Listeners with the same Port value), the implementation can match requests to only one of the Listeners using other Listener fields. \n For example, the following Listener scenarios are distinct: \n 1. Multiple Listeners with the same Port that all use the \"HTTP\" Protocol that all have unique Hostname values. 2. Multiple Listeners with the same Port that use either the \"HTTPS\" or \"TLS\" Protocol that all have unique Hostname values. 3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener with the same Protocol has the same Port value. \n Some fields in the Listener struct have possible values that affect whether the Listener is distinct. Hostname is particularly relevant for HTTP or HTTPS protocols. \n When using the Hostname value to select between same-Port, same-Protocol Listeners, the Hostname value must be different on each Listener for the Listener to be distinct. \n When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from the most specific to least specific Hostname values to choose the correct Listener and its associated set of Routes. \n Exact matches must be processed before wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\"foo.example.com\"` takes precedence over `\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`. \n Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. For example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence. \n The wildcard character will match any number of characters _and dots_ to the left, however, so `\"*.example.com\"` will match both `\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`. \n If a set of Listeners contains Listeners that are not distinct, then those Listeners are Conflicted, and the implementation MUST set the \"Conflicted\" condition in the Listener Status to \"True\". \n Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they only accept the partial Listener set that contains no Conflicted Listeners. To put this another way, implementations may accept a partial Listener set only if they throw out *all* the conflicting Listeners. No picking one of the conflicting listeners as the winner. This also means that the Gateway must have at least one non-conflicting Listener in this case, otherwise it violates the requirement that at least one Listener must be present. \n The implementation MUST set a \"ListenersNotValid\" condition on the Gateway Status when the Gateway contains Conflicted Listeners whether or not they accept the Gateway. That Condition SHOULD clearly indicate in the Message which Listeners are conflicted, and which are Accepted. Additionally, the Listener status for those listeners SHOULD indicate which Listeners are conflicted and not Accepted. \n A Gateway's Listeners are considered \"compatible\" if: \n 1. They are distinct. 2. The implementation can serve them in compliance with the Addresses requirement that all Listeners are available on all assigned addresses. \n Compatible combinations in Extended support are expected to vary across implementations. A combination that is compatible for one implementation may not be compatible for another. \n For example, an implementation that cannot serve both TCP and UDP listeners on the same address, or cannot mix HTTPS and generic TLS listens on the same port would not consider those cases compatible, even though they are distinct. \n Note that requests SHOULD match at most one Listener. For example, if Listeners are defined for \"foo.example.com\" and \"*.example.com\", a request to \"foo.example.com\" SHOULD only be routed using routes attached to the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener). This concept is known as \"Listener Isolation\". Implementations that do not support Listener Isolation MUST clearly document this. \n Implementations MAY merge separate Gateways onto a single set of Addresses if all Listeners across all Gateways are compatible. \n Support: Core" + +### fn spec.withListenersMixin + +```ts +withListenersMixin(listeners) +``` + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses \"set of Listeners\" rather than \"Listeners in a single Gateway\" because implementations MAY merge configuration from multiple Gateways onto a single data plane, and these rules _also_ apply in that case). \n Practically, this means that each listener in a set MUST have a unique combination of Port, Protocol, and, if supported by the protocol, Hostname. \n Some combinations of port, protocol, and TLS settings are considered Core support and MUST be supported by implementations based on their targeted conformance profile: \n HTTP Profile \n 1. HTTPRoute, Port: 80, Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided \n TLS Profile \n 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough \n \"Distinct\" Listeners have the following property: \n The implementation can match inbound requests to a single distinct Listener. When multiple Listeners share values for fields (for example, two Listeners with the same Port value), the implementation can match requests to only one of the Listeners using other Listener fields. \n For example, the following Listener scenarios are distinct: \n 1. Multiple Listeners with the same Port that all use the \"HTTP\" Protocol that all have unique Hostname values. 2. Multiple Listeners with the same Port that use either the \"HTTPS\" or \"TLS\" Protocol that all have unique Hostname values. 3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener with the same Protocol has the same Port value. \n Some fields in the Listener struct have possible values that affect whether the Listener is distinct. Hostname is particularly relevant for HTTP or HTTPS protocols. \n When using the Hostname value to select between same-Port, same-Protocol Listeners, the Hostname value must be different on each Listener for the Listener to be distinct. \n When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from the most specific to least specific Hostname values to choose the correct Listener and its associated set of Routes. \n Exact matches must be processed before wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\"foo.example.com\"` takes precedence over `\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`. \n Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. For example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence. \n The wildcard character will match any number of characters _and dots_ to the left, however, so `\"*.example.com\"` will match both `\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`. \n If a set of Listeners contains Listeners that are not distinct, then those Listeners are Conflicted, and the implementation MUST set the \"Conflicted\" condition in the Listener Status to \"True\". \n Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they only accept the partial Listener set that contains no Conflicted Listeners. To put this another way, implementations may accept a partial Listener set only if they throw out *all* the conflicting Listeners. No picking one of the conflicting listeners as the winner. This also means that the Gateway must have at least one non-conflicting Listener in this case, otherwise it violates the requirement that at least one Listener must be present. \n The implementation MUST set a \"ListenersNotValid\" condition on the Gateway Status when the Gateway contains Conflicted Listeners whether or not they accept the Gateway. That Condition SHOULD clearly indicate in the Message which Listeners are conflicted, and which are Accepted. Additionally, the Listener status for those listeners SHOULD indicate which Listeners are conflicted and not Accepted. \n A Gateway's Listeners are considered \"compatible\" if: \n 1. They are distinct. 2. The implementation can serve them in compliance with the Addresses requirement that all Listeners are available on all assigned addresses. \n Compatible combinations in Extended support are expected to vary across implementations. A combination that is compatible for one implementation may not be compatible for another. \n For example, an implementation that cannot serve both TCP and UDP listeners on the same address, or cannot mix HTTPS and generic TLS listens on the same port would not consider those cases compatible, even though they are distinct. \n Note that requests SHOULD match at most one Listener. For example, if Listeners are defined for \"foo.example.com\" and \"*.example.com\", a request to \"foo.example.com\" SHOULD only be routed using routes attached to the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener). This concept is known as \"Listener Isolation\". Implementations that do not support Listener Isolation MUST clearly document this. \n Implementations MAY merge separate Gateways onto a single set of Addresses if all Listeners across all Gateways are compatible. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.addresses + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended \n " + +### fn spec.addresses.withType + +```ts +withType(type) +``` + +"Type of the address." + +### fn spec.addresses.withValue + +```ts +withValue(value) +``` + +"Value of the address. The validity of the values will depend on the type and support by the controller. \n Examples: `1.2.3.4`, `128::1`, `my-ip-address`." + +## obj spec.infrastructure + +"Infrastructure defines infrastructure level attributes about this Gateway instance. \n Support: Core \n " + +### fn spec.infrastructure.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations that SHOULD be applied to any resources created in response to this Gateway. \n For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources. For other implementations, this refers to any relevant (implementation specific) \"annotations\" concepts. \n An implementation may chose to add additional implementation-specific annotations as they see fit. \n Support: Extended" + +### fn spec.infrastructure.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations that SHOULD be applied to any resources created in response to this Gateway. \n For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources. For other implementations, this refers to any relevant (implementation specific) \"annotations\" concepts. \n An implementation may chose to add additional implementation-specific annotations as they see fit. \n Support: Extended" + +**Note:** This function appends passed data to existing values + +### fn spec.infrastructure.withLabels + +```ts +withLabels(labels) +``` + +"Labels that SHOULD be applied to any resources created in response to this Gateway. \n For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources. For other implementations, this refers to any relevant (implementation specific) \"labels\" concepts. \n An implementation may chose to add additional implementation-specific labels as they see fit. \n Support: Extended" + +### fn spec.infrastructure.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Labels that SHOULD be applied to any resources created in response to this Gateway. \n For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources. For other implementations, this refers to any relevant (implementation specific) \"labels\" concepts. \n An implementation may chose to add additional implementation-specific labels as they see fit. \n Support: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses \"set of Listeners\" rather than \"Listeners in a single Gateway\" because implementations MAY merge configuration from multiple Gateways onto a single data plane, and these rules _also_ apply in that case). \n Practically, this means that each listener in a set MUST have a unique combination of Port, Protocol, and, if supported by the protocol, Hostname. \n Some combinations of port, protocol, and TLS settings are considered Core support and MUST be supported by implementations based on their targeted conformance profile: \n HTTP Profile \n 1. HTTPRoute, Port: 80, Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided \n TLS Profile \n 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough \n \"Distinct\" Listeners have the following property: \n The implementation can match inbound requests to a single distinct Listener. When multiple Listeners share values for fields (for example, two Listeners with the same Port value), the implementation can match requests to only one of the Listeners using other Listener fields. \n For example, the following Listener scenarios are distinct: \n 1. Multiple Listeners with the same Port that all use the \"HTTP\" Protocol that all have unique Hostname values. 2. Multiple Listeners with the same Port that use either the \"HTTPS\" or \"TLS\" Protocol that all have unique Hostname values. 3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener with the same Protocol has the same Port value. \n Some fields in the Listener struct have possible values that affect whether the Listener is distinct. Hostname is particularly relevant for HTTP or HTTPS protocols. \n When using the Hostname value to select between same-Port, same-Protocol Listeners, the Hostname value must be different on each Listener for the Listener to be distinct. \n When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from the most specific to least specific Hostname values to choose the correct Listener and its associated set of Routes. \n Exact matches must be processed before wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\"foo.example.com\"` takes precedence over `\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`. \n Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. For example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence. \n The wildcard character will match any number of characters _and dots_ to the left, however, so `\"*.example.com\"` will match both `\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`. \n If a set of Listeners contains Listeners that are not distinct, then those Listeners are Conflicted, and the implementation MUST set the \"Conflicted\" condition in the Listener Status to \"True\". \n Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they only accept the partial Listener set that contains no Conflicted Listeners. To put this another way, implementations may accept a partial Listener set only if they throw out *all* the conflicting Listeners. No picking one of the conflicting listeners as the winner. This also means that the Gateway must have at least one non-conflicting Listener in this case, otherwise it violates the requirement that at least one Listener must be present. \n The implementation MUST set a \"ListenersNotValid\" condition on the Gateway Status when the Gateway contains Conflicted Listeners whether or not they accept the Gateway. That Condition SHOULD clearly indicate in the Message which Listeners are conflicted, and which are Accepted. Additionally, the Listener status for those listeners SHOULD indicate which Listeners are conflicted and not Accepted. \n A Gateway's Listeners are considered \"compatible\" if: \n 1. They are distinct. 2. The implementation can serve them in compliance with the Addresses requirement that all Listeners are available on all assigned addresses. \n Compatible combinations in Extended support are expected to vary across implementations. A combination that is compatible for one implementation may not be compatible for another. \n For example, an implementation that cannot serve both TCP and UDP listeners on the same address, or cannot mix HTTPS and generic TLS listens on the same port would not consider those cases compatible, even though they are distinct. \n Note that requests SHOULD match at most one Listener. For example, if Listeners are defined for \"foo.example.com\" and \"*.example.com\", a request to \"foo.example.com\" SHOULD only be routed using routes attached to the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener). This concept is known as \"Listener Isolation\". Implementations that do not support Listener Isolation MUST clearly document this. \n Implementations MAY merge separate Gateways onto a single set of Addresses if all Listeners across all Gateways are compatible. \n Support: Core" + +### fn spec.listeners.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. This field is ignored for protocols that don't require hostname based matching. \n Implementations MUST apply Hostname matching appropriately for each of the following protocols: \n * TLS: The Listener Hostname MUST match the SNI. * HTTP: The Listener Hostname MUST match the Host header of the request. * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP protocol layers as described above. If an implementation does not ensure that both the SNI and Host header match the Listener hostname, it MUST clearly document that. \n For HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` array. When both listener and route specify hostnames, there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n Support: Core" + +### fn spec.listeners.withName + +```ts +withName(name) +``` + +"Name is the name of the Listener. This name MUST be unique within a Gateway. \n Support: Core" + +### fn spec.listeners.withPort + +```ts +withPort(port) +``` + +"Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. \n Support: Core" + +### fn spec.listeners.withProtocol + +```ts +withProtocol(protocol) +``` + +"Protocol specifies the network protocol this listener expects to receive. \n Support: Core" + +## obj spec.listeners.allowedRoutes + +"AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present. \n Although a client request may match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria: \n * The most specific match as defined by the Route type. * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over a Route with a creation timestamp of \"2020-09-08 01:02:04\". * If everything else is equivalent, the Route appearing first in alphabetical order (namespace/name) should be given precedence. For example, foo/bar is given precedence over foo/baz. \n All valid rules within a Route attached to this Listener should be implemented. Invalid Route rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from valid to invalid, support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported. \n Support: Core" + +### fn spec.listeners.allowedRoutes.withKinds + +```ts +withKinds(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +### fn spec.listeners.allowedRoutes.withKindsMixin + +```ts +withKindsMixin(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.kinds + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +### fn spec.listeners.allowedRoutes.kinds.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the Route." + +### fn spec.listeners.allowedRoutes.kinds.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the Route." + +## obj spec.listeners.allowedRoutes.namespaces + +"Namespaces indicates namespaces from which Routes may be attached to this Listener. This is restricted to the namespace of this Gateway by default. \n Support: Core" + +### fn spec.listeners.allowedRoutes.namespaces.withFrom + +```ts +withFrom(from) +``` + +"From indicates where Routes will be selected for this Gateway. Possible values are: \n * All: Routes in all namespaces may be used by this Gateway. * Selector: Routes in namespaces selected by the selector may be used by this Gateway. * Same: Only Routes in the same namespace may be used by this Gateway. \n Support: Core" + +## obj spec.listeners.allowedRoutes.namespaces.selector + +"Selector must be specified when From is set to \"Selector\". In that case, only Routes in Namespaces matching this Selector will be selected by this Gateway. This field is ignored for other values of \"From\". \n Support: Core" + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressions + +```ts +withMatchExpressions(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressionsMixin + +```ts +withMatchExpressionsMixin(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabels + +```ts +withMatchLabels(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabelsMixin + +```ts +withMatchLabelsMixin(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withKey + +```ts +withKey(key) +``` + +"key is the label key that the selector applies to." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withOperator + +```ts +withOperator(operator) +``` + +"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValues + +```ts +withValues(values) +``` + +"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValuesMixin + +```ts +withValuesMixin(values) +``` + +"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls + +"TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field if the Protocol field is \"HTTP\", \"TCP\", or \"UDP\". \n The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener. \n The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. \n Support: Core" + +### fn spec.listeners.tls.withCertificateRefs + +```ts +withCertificateRefs(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.withCertificateRefsMixin + +```ts +withCertificateRefsMixin(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.tls.withMode + +```ts +withMode(mode) +``` + +"Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: \n - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificateRefs to be set and contain at least one element. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRefs field is ignored in this mode. \n Support: Core" + +### fn spec.listeners.tls.withOptions + +```ts +withOptions(options) +``` + +"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \n Support: Implementation-specific" + +### fn spec.listeners.tls.withOptionsMixin + +```ts +withOptionsMixin(options) +``` + +"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \n Support: Implementation-specific" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls.certificateRefs + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.certificateRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.listeners.tls.certificateRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"Secret\"." + +### fn spec.listeners.tls.certificateRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.listeners.tls.certificateRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referenced object. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1/gatewayClass.md b/docs/1.0-experimental/gateway/v1/gatewayClass.md new file mode 100644 index 0000000..5fb7827 --- /dev/null +++ b/docs/1.0-experimental/gateway/v1/gatewayClass.md @@ -0,0 +1,269 @@ +--- +permalink: /1.0-experimental/gateway/v1/gatewayClass/ +--- + +# gateway.v1.gatewayClass + +"GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \n It is recommended that this resource be used as a template for Gateways. This means that a Gateway is based on the state of the GatewayClass at the time it was created and changes to the GatewayClass or associated parameters are not propagated down to existing Gateways. This recommendation is intended to limit the blast radius of changes to GatewayClass or associated parameters. If implementations choose to propagate GatewayClass changes to existing Gateways, that MUST be clearly documented by the implementation. \n Whenever one or more Gateways are using a GatewayClass, implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the associated GatewayClass. This ensures that a GatewayClass associated with a Gateway is not deleted while in use. \n GatewayClass is a Cluster level resource." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withControllerName(controllerName)`](#fn-specwithcontrollername) + * [`fn withDescription(description)`](#fn-specwithdescription) + * [`obj spec.parametersRef`](#obj-specparametersref) + * [`fn withGroup(group)`](#fn-specparametersrefwithgroup) + * [`fn withKind(kind)`](#fn-specparametersrefwithkind) + * [`fn withName(name)`](#fn-specparametersrefwithname) + * [`fn withNamespace(namespace)`](#fn-specparametersrefwithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GatewayClass + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GatewayClass." + +### fn spec.withControllerName + +```ts +withControllerName(controllerName) +``` + +"ControllerName is the name of the controller that is managing Gateways of this class. The value of this field MUST be a domain prefixed path. \n Example: \"example.net/gateway-controller\". \n This field is not mutable and cannot be empty. \n Support: Core" + +### fn spec.withDescription + +```ts +withDescription(description) +``` + +"Description helps describe a GatewayClass with more details." + +## obj spec.parametersRef + +"ParametersRef is a reference to a resource that contains the configuration parameters corresponding to the GatewayClass. This is optional if the controller does not require any additional configuration. \n ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, or an implementation-specific custom resource. The resource can be cluster-scoped or namespace-scoped. \n If the referent cannot be found, the GatewayClass's \"InvalidParameters\" status condition will be true. \n Support: Implementation-specific" + +### fn spec.parametersRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent." + +### fn spec.parametersRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent." + +### fn spec.parametersRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.parametersRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. This field is required when referring to a Namespace-scoped resource and MUST be unset when referring to a Cluster-scoped resource." \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1/httpRoute.md b/docs/1.0-experimental/gateway/v1/httpRoute.md new file mode 100644 index 0000000..47283af --- /dev/null +++ b/docs/1.0-experimental/gateway/v1/httpRoute.md @@ -0,0 +1,1521 @@ +--- +permalink: /1.0-experimental/gateway/v1/httpRoute/ +--- + +# gateway.v1.httpRoute + +"HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.requestRedirect`](#obj-specrulesbackendrefsfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesbackendrefsfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesbackendrefsfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.backendRefs.filters.requestRedirect.path`](#obj-specrulesbackendrefsfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithtype) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.urlRewrite`](#obj-specrulesbackendrefsfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersurlrewritewithhostname) + * [`obj spec.rules.backendRefs.filters.urlRewrite.path`](#obj-specrulesbackendrefsfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithtype) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.requestRedirect`](#obj-specrulesfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.filters.requestRedirect.path`](#obj-specrulesfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersrequestredirectpathwithtype) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters.urlRewrite`](#obj-specrulesfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersurlrewritewithhostname) + * [`obj spec.rules.filters.urlRewrite.path`](#obj-specrulesfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersurlrewritepathwithtype) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`fn withMethod(method)`](#fn-specrulesmatcheswithmethod) + * [`fn withQueryParams(queryParams)`](#fn-specrulesmatcheswithqueryparams) + * [`fn withQueryParamsMixin(queryParams)`](#fn-specrulesmatcheswithqueryparamsmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.path`](#obj-specrulesmatchespath) + * [`fn withType(type)`](#fn-specrulesmatchespathwithtype) + * [`fn withValue(value)`](#fn-specrulesmatchespathwithvalue) + * [`obj spec.rules.matches.queryParams`](#obj-specrulesmatchesqueryparams) + * [`fn withName(name)`](#fn-specrulesmatchesqueryparamswithname) + * [`fn withType(type)`](#fn-specrulesmatchesqueryparamswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesqueryparamswithvalue) + * [`obj spec.rules.timeouts`](#obj-specrulestimeouts) + * [`fn withBackendRequest(backendRequest)`](#fn-specrulestimeoutswithbackendrequest) + * [`fn withRequest(request)`](#fn-specrulestimeoutswithrequest) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of HTTPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of HTTPRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \n Support: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n This filter can be used multiple times within the same rule. \n Support: Implementation-specific" + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.backendRefs.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core" + +## obj spec.rules.backendRefs.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.urlRewrite.path + +"Path defines a path rewrite. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n This filter can be used multiple times within the same rule. \n Support: Implementation-specific" + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \n Support: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core" + +### fn spec.rules.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core" + +### fn spec.rules.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core" + +## obj spec.rules.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended" + +### fn spec.rules.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended" + +## obj spec.rules.filters.urlRewrite.path + +"Path defines a path rewrite. \n Support: Extended" + +### fn spec.rules.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +**Note:** This function appends passed data to existing values + +### fn spec.rules.matches.withMethod + +```ts +withMethod(method) +``` + +"Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \n Support: Extended" + +### fn spec.rules.matches.withQueryParams + +```ts +withQueryParams(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +### fn spec.rules.matches.withQueryParamsMixin + +```ts +withQueryParamsMixin(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent. \n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \"Set-Cookie\"." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header. \n Support: Core (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches.path + +"Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the \"/\" path is provided." + +### fn spec.rules.matches.path.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the path Value. \n Support: Core (Exact, PathPrefix) \n Support: Implementation-specific (RegularExpression)" + +### fn spec.rules.matches.path.withValue + +```ts +withValue(value) +``` + +"Value of the HTTP path to match against." + +## obj spec.rules.matches.queryParams + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +### fn spec.rules.matches.queryParams.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). \n If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. \n If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is *recommended* that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. \n Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations." + +### fn spec.rules.matches.queryParams.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the query parameter. \n Support: Extended (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect." + +### fn spec.rules.matches.queryParams.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP query param to be matched." + +## obj spec.rules.timeouts + +"Timeouts defines the timeouts that can be configured for an HTTP request. \n Support: Extended \n " + +### fn spec.rules.timeouts.withBackendRequest + +```ts +withBackendRequest(backendRequest) +``` + +"BackendRequest specifies a timeout for an individual request from the gateway to a backend. This covers the time from when the request first starts being sent from the gateway to when the full response has been received from the backend. \n An entire client HTTP transaction with a gateway, covered by the Request timeout, may result in more than one call from the gateway to the destination backend, for example, if automatic retries are supported. \n Because the Request timeout encompasses the BackendRequest timeout, the value of BackendRequest must be <= the value of Request timeout. \n Support: Extended" + +### fn spec.rules.timeouts.withRequest + +```ts +withRequest(request) +``` + +"Request specifies the maximum duration for a gateway to respond to an HTTP request. If the gateway has not been able to respond before this deadline is met, the gateway MUST return a timeout error. \n For example, setting the `rules.timeouts.request` field to the value `10s` in an `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds to complete. \n This timeout is intended to cover as close to the whole request-response transaction as possible although an implementation MAY choose to start the timeout after the entire request stream has been received instead of immediately after the transaction is initiated by the client. \n When this field is unspecified, request timeout behavior is implementation-specific. \n Support: Extended" \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1/index.md b/docs/1.0-experimental/gateway/v1/index.md new file mode 100644 index 0000000..d2afb56 --- /dev/null +++ b/docs/1.0-experimental/gateway/v1/index.md @@ -0,0 +1,11 @@ +--- +permalink: /1.0-experimental/gateway/v1/ +--- + +# gateway.v1 + + + +* [gateway](gateway.md) +* [gatewayClass](gatewayClass.md) +* [httpRoute](httpRoute.md) \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1alpha2/backendTLSPolicy.md b/docs/1.0-experimental/gateway/v1alpha2/backendTLSPolicy.md new file mode 100644 index 0000000..d958e32 --- /dev/null +++ b/docs/1.0-experimental/gateway/v1alpha2/backendTLSPolicy.md @@ -0,0 +1,335 @@ +--- +permalink: /1.0-experimental/gateway/v1alpha2/backendTLSPolicy/ +--- + +# gateway.v1alpha2.backendTLSPolicy + +"BackendTLSPolicy provides a way to configure how a Gateway connects to a Backend via TLS." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`obj spec.targetRef`](#obj-spectargetref) + * [`fn withGroup(group)`](#fn-spectargetrefwithgroup) + * [`fn withKind(kind)`](#fn-spectargetrefwithkind) + * [`fn withName(name)`](#fn-spectargetrefwithname) + * [`fn withNamespace(namespace)`](#fn-spectargetrefwithnamespace) + * [`fn withSectionName(sectionName)`](#fn-spectargetrefwithsectionname) + * [`obj spec.tls`](#obj-spectls) + * [`fn withCaCertRefs(caCertRefs)`](#fn-spectlswithcacertrefs) + * [`fn withCaCertRefsMixin(caCertRefs)`](#fn-spectlswithcacertrefsmixin) + * [`fn withHostname(hostname)`](#fn-spectlswithhostname) + * [`fn withWellKnownCACerts(wellKnownCACerts)`](#fn-spectlswithwellknowncacerts) + * [`obj spec.tls.caCertRefs`](#obj-spectlscacertrefs) + * [`fn withGroup(group)`](#fn-spectlscacertrefswithgroup) + * [`fn withKind(kind)`](#fn-spectlscacertrefswithkind) + * [`fn withName(name)`](#fn-spectlscacertrefswithname) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of BackendTLSPolicy + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of BackendTLSPolicy." + +## obj spec.targetRef + +"TargetRef identifies an API object to apply the policy to. Only Services have Extended support. Implementations MAY support additional objects, with Implementation Specific support. Note that this config applies to the entire referenced resource by default, but this default may change in the future to provide a more granular application of the policy. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.targetRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the target resource." + +### fn spec.targetRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the target resource." + +### fn spec.targetRef.withName + +```ts +withName(name) +``` + +"Name is the name of the target resource." + +### fn spec.targetRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, the local namespace is inferred. Even when policy targets a resource in a different namespace, it MUST only apply to traffic originating from the same namespace as the policy." + +### fn spec.targetRef.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. When unspecified, this targetRef targets the entire resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name * Service: Port Name \n If a SectionName is specified, but does not exist on the targeted object, the Policy must fail to attach, and the policy implementation should record a `ResolvedRefs` or similar Condition in the Policy's status." + +## obj spec.tls + +"TLS contains backend TLS policy configuration." + +### fn spec.tls.withCaCertRefs + +```ts +withCaCertRefs(caCertRefs) +``` + +"CACertRefs contains one or more references to Kubernetes objects that contain a PEM-encoded TLS CA certificate bundle, which is used to validate a TLS handshake between the Gateway and backend Pod. \n If CACertRefs is empty or unspecified, then WellKnownCACerts must be specified. Only one of CACertRefs or WellKnownCACerts may be specified, not both. If CACertRefs is empty or unspecified, the configuration for WellKnownCACerts MUST be honored instead. \n References to a resource in a different namespace are invalid for the moment, although we will revisit this in the future. \n A single CACertRef to a Kubernetes ConfigMap kind has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a backend, but this behavior is implementation-specific. \n Support: Core - An optional single reference to a Kubernetes ConfigMap, with the CA certificate in a key named `ca.crt`. \n Support: Implementation-specific (More than one reference, or other kinds of resources)." + +### fn spec.tls.withCaCertRefsMixin + +```ts +withCaCertRefsMixin(caCertRefs) +``` + +"CACertRefs contains one or more references to Kubernetes objects that contain a PEM-encoded TLS CA certificate bundle, which is used to validate a TLS handshake between the Gateway and backend Pod. \n If CACertRefs is empty or unspecified, then WellKnownCACerts must be specified. Only one of CACertRefs or WellKnownCACerts may be specified, not both. If CACertRefs is empty or unspecified, the configuration for WellKnownCACerts MUST be honored instead. \n References to a resource in a different namespace are invalid for the moment, although we will revisit this in the future. \n A single CACertRef to a Kubernetes ConfigMap kind has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a backend, but this behavior is implementation-specific. \n Support: Core - An optional single reference to a Kubernetes ConfigMap, with the CA certificate in a key named `ca.crt`. \n Support: Implementation-specific (More than one reference, or other kinds of resources)." + +**Note:** This function appends passed data to existing values + +### fn spec.tls.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is used for two purposes in the connection between Gateways and backends: \n 1. Hostname MUST be used as the SNI to connect to the backend (RFC 6066). 2. Hostname MUST be used for authentication and MUST match the certificate served by the matching backend. \n Support: Core" + +### fn spec.tls.withWellKnownCACerts + +```ts +withWellKnownCACerts(wellKnownCACerts) +``` + +"WellKnownCACerts specifies whether system CA certificates may be used in the TLS handshake between the gateway and backend pod. \n If WellKnownCACerts is unspecified or empty (\"\"), then CACertRefs must be specified with at least one entry for a valid configuration. Only one of CACertRefs or WellKnownCACerts may be specified, not both. \n Support: Core for \"System\ + +## obj spec.tls.caCertRefs + +"CACertRefs contains one or more references to Kubernetes objects that contain a PEM-encoded TLS CA certificate bundle, which is used to validate a TLS handshake between the Gateway and backend Pod. \n If CACertRefs is empty or unspecified, then WellKnownCACerts must be specified. Only one of CACertRefs or WellKnownCACerts may be specified, not both. If CACertRefs is empty or unspecified, the configuration for WellKnownCACerts MUST be honored instead. \n References to a resource in a different namespace are invalid for the moment, although we will revisit this in the future. \n A single CACertRef to a Kubernetes ConfigMap kind has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a backend, but this behavior is implementation-specific. \n Support: Core - An optional single reference to a Kubernetes ConfigMap, with the CA certificate in a key named `ca.crt`. \n Support: Implementation-specific (More than one reference, or other kinds of resources)." + +### fn spec.tls.caCertRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.tls.caCertRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.tls.caCertRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1alpha2/grpcRoute.md b/docs/1.0-experimental/gateway/v1alpha2/grpcRoute.md new file mode 100644 index 0000000..9dd152d --- /dev/null +++ b/docs/1.0-experimental/gateway/v1alpha2/grpcRoute.md @@ -0,0 +1,1208 @@ +--- +permalink: /1.0-experimental/gateway/v1alpha2/grpcRoute/ +--- + +# gateway.v1alpha2.grpcRoute + +"GRPCRoute provides a way to route gRPC requests. This includes the capability to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. Filters can be used to specify additional processing steps. Backends specify where matching requests will be routed. \n GRPCRoute falls under extended support within the Gateway API. Within the following specification, the word \"MUST\" indicates that an implementation supporting GRPCRoute must conform to the indicated requirement, but an implementation not supporting this route type need not follow the requirement unless explicitly indicated. \n Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via ALPN. If the implementation does not support this, then it MUST set the \"Accepted\" condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1. \n Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST support HTTP/2 over cleartext TCP (h2c, https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial upgrade from HTTP/1.1, i.e. with prior knowledge (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation does not support this, then it MUST set the \"Accepted\" condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1, i.e. without prior knowledge." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.method`](#obj-specrulesmatchesmethod) + * [`fn withMethod(method)`](#fn-specrulesmatchesmethodwithmethod) + * [`fn withService(service)`](#fn-specrulesmatchesmethodwithservice) + * [`fn withType(type)`](#fn-specrulesmatchesmethodwithtype) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GRPCRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GRPCRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. \n If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the GRPCRoute specified `test.example.com` and `test.example.net`, `test.example.net` MUST NOT be considered for a match. \n If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. \n Support: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. \n If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the GRPCRoute specified `test.example.com` and `test.example.net`, `test.example.net` MUST NOT be considered for a match. \n If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of GRPC matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of GRPC matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of GRPC matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \n If no matches are specified, the implementation MUST match every gRPC request. \n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \n If no matches are specified, the implementation MUST match every gRPC request. \n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations supporting GRPCRoute MUST support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n " + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific \n This filter can be used multiple times within the same rule." + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations supporting GRPCRoute MUST support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n " + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific \n This filter can be used multiple times within the same rule." + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \n Support: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \n If no matches are specified, the implementation MUST match every gRPC request. \n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the gRPC Header to be matched. \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of the gRPC Header to be matched." + +## obj spec.rules.matches.method + +"Method specifies a gRPC request service/method matcher. If this field is not specified, all services and methods will match." + +### fn spec.rules.matches.method.withMethod + +```ts +withMethod(method) +``` + +"Value of the method to match against. If left empty or omitted, will match all services. \n At least one of Service and Method MUST be a non-empty string." + +### fn spec.rules.matches.method.withService + +```ts +withService(service) +``` + +"Value of the service to match against. If left empty or omitted, will match any service. \n At least one of Service and Method MUST be a non-empty string." + +### fn spec.rules.matches.method.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the service and/or method. Support: Core (Exact with service and method specified) \n Support: Implementation-specific (Exact with method specified but no service specified) \n Support: Implementation-specific (RegularExpression)" \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1alpha2/index.md b/docs/1.0-experimental/gateway/v1alpha2/index.md new file mode 100644 index 0000000..afb12ae --- /dev/null +++ b/docs/1.0-experimental/gateway/v1alpha2/index.md @@ -0,0 +1,14 @@ +--- +permalink: /1.0-experimental/gateway/v1alpha2/ +--- + +# gateway.v1alpha2 + + + +* [backendTLSPolicy](backendTLSPolicy.md) +* [grpcRoute](grpcRoute.md) +* [referenceGrant](referenceGrant.md) +* [tcpRoute](tcpRoute.md) +* [tlsRoute](tlsRoute.md) +* [udpRoute](udpRoute.md) \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1alpha2/referenceGrant.md b/docs/1.0-experimental/gateway/v1alpha2/referenceGrant.md new file mode 100644 index 0000000..310af95 --- /dev/null +++ b/docs/1.0-experimental/gateway/v1alpha2/referenceGrant.md @@ -0,0 +1,314 @@ +--- +permalink: /1.0-experimental/gateway/v1alpha2/referenceGrant/ +--- + +# gateway.v1alpha2.referenceGrant + +"ReferenceGrant identifies kinds of resources in other namespaces that are trusted to reference the specified kinds of resources in the same namespace as the policy. \n Each ReferenceGrant can be used to represent a unique trust relationship. Additional Reference Grants can be used to add to the set of trusted sources of inbound references for the namespace they are defined within. \n A ReferenceGrant is required for all cross-namespace references in Gateway API (with the exception of cross-namespace Route-Gateway attachment, which is governed by the AllowedRoutes configuration on the Gateway, and cross-namespace Service ParentRefs on a \"consumer\" mesh Route, which defines routing rules applicable only to workloads in the Route namespace). ReferenceGrants allowing a reference from a Route to a Service are only applicable to BackendRefs. \n ReferenceGrant is a form of runtime verification allowing users to assert which cross-namespace object references are permitted. Implementations that support ReferenceGrant MUST NOT permit cross-namespace references which have no grant, and MUST respond to the removal of a grant by revoking the access that the grant allowed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withFrom(from)`](#fn-specwithfrom) + * [`fn withFromMixin(from)`](#fn-specwithfrommixin) + * [`fn withTo(to)`](#fn-specwithto) + * [`fn withToMixin(to)`](#fn-specwithtomixin) + * [`obj spec.from`](#obj-specfrom) + * [`fn withGroup(group)`](#fn-specfromwithgroup) + * [`fn withKind(kind)`](#fn-specfromwithkind) + * [`fn withNamespace(namespace)`](#fn-specfromwithnamespace) + * [`obj spec.to`](#obj-specto) + * [`fn withGroup(group)`](#fn-spectowithgroup) + * [`fn withKind(kind)`](#fn-spectowithkind) + * [`fn withName(name)`](#fn-spectowithname) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of ReferenceGrant + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of ReferenceGrant." + +### fn spec.withFrom + +```ts +withFrom(from) +``` + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.withFromMixin + +```ts +withFromMixin(from) +``` + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withTo + +```ts +withTo(to) +``` + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.withToMixin + +```ts +withToMixin(to) +``` + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.from + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.from.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \n Support: Core" + +### fn spec.from.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \"Core\" support level for this field. \n When used to permit a SecretObjectReference: \n * Gateway \n When used to permit a BackendObjectReference: \n * GRPCRoute * HTTPRoute * TCPRoute * TLSRoute * UDPRoute" + +### fn spec.from.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. \n Support: Core" + +## obj spec.to + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.to.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \n Support: Core" + +### fn spec.to.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \"Core\" support level for this field: \n * Secret when used to permit a SecretObjectReference * Service when used to permit a BackendObjectReference" + +### fn spec.to.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. When unspecified, this policy refers to all resources of the specified Group and Kind in the local namespace." \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1alpha2/tcpRoute.md b/docs/1.0-experimental/gateway/v1alpha2/tcpRoute.md new file mode 100644 index 0000000..dd32b6a --- /dev/null +++ b/docs/1.0-experimental/gateway/v1alpha2/tcpRoute.md @@ -0,0 +1,393 @@ +--- +permalink: /1.0-experimental/gateway/v1alpha2/tcpRoute/ +--- + +# gateway.v1alpha2.tcpRoute + +"TCPRoute provides a way to route TCP requests. When combined with a Gateway listener, it can be used to forward connections on the port specified by the listener to a set of backends specified by the TCPRoute." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of TCPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of TCPRoute." + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of TCP matchers and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of TCP matchers and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of TCP matchers and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1alpha2/tlsRoute.md b/docs/1.0-experimental/gateway/v1alpha2/tlsRoute.md new file mode 100644 index 0000000..a34c008 --- /dev/null +++ b/docs/1.0-experimental/gateway/v1alpha2/tlsRoute.md @@ -0,0 +1,413 @@ +--- +permalink: /1.0-experimental/gateway/v1alpha2/tlsRoute/ +--- + +# gateway.v1alpha2.tlsRoute + +"The TLSRoute resource is similar to TCPRoute, but can be configured to match against TLS-specific metadata. This allows more flexibility in matching streams for a given TLS listener. \n If you need to forward traffic to a single target for a TLS listener, you could choose to use a TCPRoute with a TLS listener." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of TLSRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of TLSRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed in SNI names per RFC 6066. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and TLSRoute, there must be at least one intersecting hostname for the TLSRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n If both the Listener and TLSRoute have specified hostnames, any TLSRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the TLSRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and TLSRoute have specified hostnames, and none match with the criteria above, then the TLSRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n Support: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed in SNI names per RFC 6066. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and TLSRoute, there must be at least one intersecting hostname for the TLSRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n If both the Listener and TLSRoute have specified hostnames, any TLSRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the TLSRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and TLSRoute have specified hostnames, and none match with the criteria above, then the TLSRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of TLS matchers and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of TLS matchers and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of TLS matchers and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1alpha2/udpRoute.md b/docs/1.0-experimental/gateway/v1alpha2/udpRoute.md new file mode 100644 index 0000000..cf8cb55 --- /dev/null +++ b/docs/1.0-experimental/gateway/v1alpha2/udpRoute.md @@ -0,0 +1,393 @@ +--- +permalink: /1.0-experimental/gateway/v1alpha2/udpRoute/ +--- + +# gateway.v1alpha2.udpRoute + +"UDPRoute provides a way to route UDP traffic. When combined with a Gateway listener, it can be used to forward traffic on the port specified by the listener to a set of backends specified by the UDPRoute." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of UDPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of UDPRoute." + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of UDP matchers and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of UDP matchers and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of UDP matchers and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1beta1/gateway.md b/docs/1.0-experimental/gateway/v1beta1/gateway.md new file mode 100644 index 0000000..dcbf1f8 --- /dev/null +++ b/docs/1.0-experimental/gateway/v1beta1/gateway.md @@ -0,0 +1,613 @@ +--- +permalink: /1.0-experimental/gateway/v1beta1/gateway/ +--- + +# gateway.v1beta1.gateway + +"Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withAddresses(addresses)`](#fn-specwithaddresses) + * [`fn withAddressesMixin(addresses)`](#fn-specwithaddressesmixin) + * [`fn withGatewayClassName(gatewayClassName)`](#fn-specwithgatewayclassname) + * [`fn withListeners(listeners)`](#fn-specwithlisteners) + * [`fn withListenersMixin(listeners)`](#fn-specwithlistenersmixin) + * [`obj spec.addresses`](#obj-specaddresses) + * [`fn withType(type)`](#fn-specaddresseswithtype) + * [`fn withValue(value)`](#fn-specaddresseswithvalue) + * [`obj spec.infrastructure`](#obj-specinfrastructure) + * [`fn withAnnotations(annotations)`](#fn-specinfrastructurewithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-specinfrastructurewithannotationsmixin) + * [`fn withLabels(labels)`](#fn-specinfrastructurewithlabels) + * [`fn withLabelsMixin(labels)`](#fn-specinfrastructurewithlabelsmixin) + * [`obj spec.listeners`](#obj-speclisteners) + * [`fn withHostname(hostname)`](#fn-speclistenerswithhostname) + * [`fn withName(name)`](#fn-speclistenerswithname) + * [`fn withPort(port)`](#fn-speclistenerswithport) + * [`fn withProtocol(protocol)`](#fn-speclistenerswithprotocol) + * [`obj spec.listeners.allowedRoutes`](#obj-speclistenersallowedroutes) + * [`fn withKinds(kinds)`](#fn-speclistenersallowedrouteswithkinds) + * [`fn withKindsMixin(kinds)`](#fn-speclistenersallowedrouteswithkindsmixin) + * [`obj spec.listeners.allowedRoutes.kinds`](#obj-speclistenersallowedrouteskinds) + * [`fn withGroup(group)`](#fn-speclistenersallowedrouteskindswithgroup) + * [`fn withKind(kind)`](#fn-speclistenersallowedrouteskindswithkind) + * [`obj spec.listeners.allowedRoutes.namespaces`](#obj-speclistenersallowedroutesnamespaces) + * [`fn withFrom(from)`](#fn-speclistenersallowedroutesnamespaceswithfrom) + * [`obj spec.listeners.allowedRoutes.namespaces.selector`](#obj-speclistenersallowedroutesnamespacesselector) + * [`fn withMatchExpressions(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressions) + * [`fn withMatchExpressionsMixin(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressionsmixin) + * [`fn withMatchLabels(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabels) + * [`fn withMatchLabelsMixin(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabelsmixin) + * [`obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions`](#obj-speclistenersallowedroutesnamespacesselectormatchexpressions) + * [`fn withKey(key)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithkey) + * [`fn withOperator(operator)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithoperator) + * [`fn withValues(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvalues) + * [`fn withValuesMixin(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvaluesmixin) + * [`obj spec.listeners.tls`](#obj-speclistenerstls) + * [`fn withCertificateRefs(certificateRefs)`](#fn-speclistenerstlswithcertificaterefs) + * [`fn withCertificateRefsMixin(certificateRefs)`](#fn-speclistenerstlswithcertificaterefsmixin) + * [`fn withMode(mode)`](#fn-speclistenerstlswithmode) + * [`fn withOptions(options)`](#fn-speclistenerstlswithoptions) + * [`fn withOptionsMixin(options)`](#fn-speclistenerstlswithoptionsmixin) + * [`obj spec.listeners.tls.certificateRefs`](#obj-speclistenerstlscertificaterefs) + * [`fn withGroup(group)`](#fn-speclistenerstlscertificaterefswithgroup) + * [`fn withKind(kind)`](#fn-speclistenerstlscertificaterefswithkind) + * [`fn withName(name)`](#fn-speclistenerstlscertificaterefswithname) + * [`fn withNamespace(namespace)`](#fn-speclistenerstlscertificaterefswithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of Gateway + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of Gateway." + +### fn spec.withAddresses + +```ts +withAddresses(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended \n " + +### fn spec.withAddressesMixin + +```ts +withAddressesMixin(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withGatewayClassName + +```ts +withGatewayClassName(gatewayClassName) +``` + +"GatewayClassName used for this Gateway. This is the name of a GatewayClass resource." + +### fn spec.withListeners + +```ts +withListeners(listeners) +``` + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses \"set of Listeners\" rather than \"Listeners in a single Gateway\" because implementations MAY merge configuration from multiple Gateways onto a single data plane, and these rules _also_ apply in that case). \n Practically, this means that each listener in a set MUST have a unique combination of Port, Protocol, and, if supported by the protocol, Hostname. \n Some combinations of port, protocol, and TLS settings are considered Core support and MUST be supported by implementations based on their targeted conformance profile: \n HTTP Profile \n 1. HTTPRoute, Port: 80, Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided \n TLS Profile \n 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough \n \"Distinct\" Listeners have the following property: \n The implementation can match inbound requests to a single distinct Listener. When multiple Listeners share values for fields (for example, two Listeners with the same Port value), the implementation can match requests to only one of the Listeners using other Listener fields. \n For example, the following Listener scenarios are distinct: \n 1. Multiple Listeners with the same Port that all use the \"HTTP\" Protocol that all have unique Hostname values. 2. Multiple Listeners with the same Port that use either the \"HTTPS\" or \"TLS\" Protocol that all have unique Hostname values. 3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener with the same Protocol has the same Port value. \n Some fields in the Listener struct have possible values that affect whether the Listener is distinct. Hostname is particularly relevant for HTTP or HTTPS protocols. \n When using the Hostname value to select between same-Port, same-Protocol Listeners, the Hostname value must be different on each Listener for the Listener to be distinct. \n When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from the most specific to least specific Hostname values to choose the correct Listener and its associated set of Routes. \n Exact matches must be processed before wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\"foo.example.com\"` takes precedence over `\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`. \n Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. For example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence. \n The wildcard character will match any number of characters _and dots_ to the left, however, so `\"*.example.com\"` will match both `\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`. \n If a set of Listeners contains Listeners that are not distinct, then those Listeners are Conflicted, and the implementation MUST set the \"Conflicted\" condition in the Listener Status to \"True\". \n Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they only accept the partial Listener set that contains no Conflicted Listeners. To put this another way, implementations may accept a partial Listener set only if they throw out *all* the conflicting Listeners. No picking one of the conflicting listeners as the winner. This also means that the Gateway must have at least one non-conflicting Listener in this case, otherwise it violates the requirement that at least one Listener must be present. \n The implementation MUST set a \"ListenersNotValid\" condition on the Gateway Status when the Gateway contains Conflicted Listeners whether or not they accept the Gateway. That Condition SHOULD clearly indicate in the Message which Listeners are conflicted, and which are Accepted. Additionally, the Listener status for those listeners SHOULD indicate which Listeners are conflicted and not Accepted. \n A Gateway's Listeners are considered \"compatible\" if: \n 1. They are distinct. 2. The implementation can serve them in compliance with the Addresses requirement that all Listeners are available on all assigned addresses. \n Compatible combinations in Extended support are expected to vary across implementations. A combination that is compatible for one implementation may not be compatible for another. \n For example, an implementation that cannot serve both TCP and UDP listeners on the same address, or cannot mix HTTPS and generic TLS listens on the same port would not consider those cases compatible, even though they are distinct. \n Note that requests SHOULD match at most one Listener. For example, if Listeners are defined for \"foo.example.com\" and \"*.example.com\", a request to \"foo.example.com\" SHOULD only be routed using routes attached to the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener). This concept is known as \"Listener Isolation\". Implementations that do not support Listener Isolation MUST clearly document this. \n Implementations MAY merge separate Gateways onto a single set of Addresses if all Listeners across all Gateways are compatible. \n Support: Core" + +### fn spec.withListenersMixin + +```ts +withListenersMixin(listeners) +``` + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses \"set of Listeners\" rather than \"Listeners in a single Gateway\" because implementations MAY merge configuration from multiple Gateways onto a single data plane, and these rules _also_ apply in that case). \n Practically, this means that each listener in a set MUST have a unique combination of Port, Protocol, and, if supported by the protocol, Hostname. \n Some combinations of port, protocol, and TLS settings are considered Core support and MUST be supported by implementations based on their targeted conformance profile: \n HTTP Profile \n 1. HTTPRoute, Port: 80, Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided \n TLS Profile \n 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough \n \"Distinct\" Listeners have the following property: \n The implementation can match inbound requests to a single distinct Listener. When multiple Listeners share values for fields (for example, two Listeners with the same Port value), the implementation can match requests to only one of the Listeners using other Listener fields. \n For example, the following Listener scenarios are distinct: \n 1. Multiple Listeners with the same Port that all use the \"HTTP\" Protocol that all have unique Hostname values. 2. Multiple Listeners with the same Port that use either the \"HTTPS\" or \"TLS\" Protocol that all have unique Hostname values. 3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener with the same Protocol has the same Port value. \n Some fields in the Listener struct have possible values that affect whether the Listener is distinct. Hostname is particularly relevant for HTTP or HTTPS protocols. \n When using the Hostname value to select between same-Port, same-Protocol Listeners, the Hostname value must be different on each Listener for the Listener to be distinct. \n When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from the most specific to least specific Hostname values to choose the correct Listener and its associated set of Routes. \n Exact matches must be processed before wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\"foo.example.com\"` takes precedence over `\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`. \n Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. For example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence. \n The wildcard character will match any number of characters _and dots_ to the left, however, so `\"*.example.com\"` will match both `\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`. \n If a set of Listeners contains Listeners that are not distinct, then those Listeners are Conflicted, and the implementation MUST set the \"Conflicted\" condition in the Listener Status to \"True\". \n Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they only accept the partial Listener set that contains no Conflicted Listeners. To put this another way, implementations may accept a partial Listener set only if they throw out *all* the conflicting Listeners. No picking one of the conflicting listeners as the winner. This also means that the Gateway must have at least one non-conflicting Listener in this case, otherwise it violates the requirement that at least one Listener must be present. \n The implementation MUST set a \"ListenersNotValid\" condition on the Gateway Status when the Gateway contains Conflicted Listeners whether or not they accept the Gateway. That Condition SHOULD clearly indicate in the Message which Listeners are conflicted, and which are Accepted. Additionally, the Listener status for those listeners SHOULD indicate which Listeners are conflicted and not Accepted. \n A Gateway's Listeners are considered \"compatible\" if: \n 1. They are distinct. 2. The implementation can serve them in compliance with the Addresses requirement that all Listeners are available on all assigned addresses. \n Compatible combinations in Extended support are expected to vary across implementations. A combination that is compatible for one implementation may not be compatible for another. \n For example, an implementation that cannot serve both TCP and UDP listeners on the same address, or cannot mix HTTPS and generic TLS listens on the same port would not consider those cases compatible, even though they are distinct. \n Note that requests SHOULD match at most one Listener. For example, if Listeners are defined for \"foo.example.com\" and \"*.example.com\", a request to \"foo.example.com\" SHOULD only be routed using routes attached to the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener). This concept is known as \"Listener Isolation\". Implementations that do not support Listener Isolation MUST clearly document this. \n Implementations MAY merge separate Gateways onto a single set of Addresses if all Listeners across all Gateways are compatible. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.addresses + +"Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses. \n The Addresses field represents a request for the address(es) on the \"outside of the Gateway\", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to. \n If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses. \n The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses. \n Support: Extended \n " + +### fn spec.addresses.withType + +```ts +withType(type) +``` + +"Type of the address." + +### fn spec.addresses.withValue + +```ts +withValue(value) +``` + +"Value of the address. The validity of the values will depend on the type and support by the controller. \n Examples: `1.2.3.4`, `128::1`, `my-ip-address`." + +## obj spec.infrastructure + +"Infrastructure defines infrastructure level attributes about this Gateway instance. \n Support: Core \n " + +### fn spec.infrastructure.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations that SHOULD be applied to any resources created in response to this Gateway. \n For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources. For other implementations, this refers to any relevant (implementation specific) \"annotations\" concepts. \n An implementation may chose to add additional implementation-specific annotations as they see fit. \n Support: Extended" + +### fn spec.infrastructure.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations that SHOULD be applied to any resources created in response to this Gateway. \n For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources. For other implementations, this refers to any relevant (implementation specific) \"annotations\" concepts. \n An implementation may chose to add additional implementation-specific annotations as they see fit. \n Support: Extended" + +**Note:** This function appends passed data to existing values + +### fn spec.infrastructure.withLabels + +```ts +withLabels(labels) +``` + +"Labels that SHOULD be applied to any resources created in response to this Gateway. \n For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources. For other implementations, this refers to any relevant (implementation specific) \"labels\" concepts. \n An implementation may chose to add additional implementation-specific labels as they see fit. \n Support: Extended" + +### fn spec.infrastructure.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Labels that SHOULD be applied to any resources created in response to this Gateway. \n For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources. For other implementations, this refers to any relevant (implementation specific) \"labels\" concepts. \n An implementation may chose to add additional implementation-specific labels as they see fit. \n Support: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners + +"Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses \"set of Listeners\" rather than \"Listeners in a single Gateway\" because implementations MAY merge configuration from multiple Gateways onto a single data plane, and these rules _also_ apply in that case). \n Practically, this means that each listener in a set MUST have a unique combination of Port, Protocol, and, if supported by the protocol, Hostname. \n Some combinations of port, protocol, and TLS settings are considered Core support and MUST be supported by implementations based on their targeted conformance profile: \n HTTP Profile \n 1. HTTPRoute, Port: 80, Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided \n TLS Profile \n 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough \n \"Distinct\" Listeners have the following property: \n The implementation can match inbound requests to a single distinct Listener. When multiple Listeners share values for fields (for example, two Listeners with the same Port value), the implementation can match requests to only one of the Listeners using other Listener fields. \n For example, the following Listener scenarios are distinct: \n 1. Multiple Listeners with the same Port that all use the \"HTTP\" Protocol that all have unique Hostname values. 2. Multiple Listeners with the same Port that use either the \"HTTPS\" or \"TLS\" Protocol that all have unique Hostname values. 3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener with the same Protocol has the same Port value. \n Some fields in the Listener struct have possible values that affect whether the Listener is distinct. Hostname is particularly relevant for HTTP or HTTPS protocols. \n When using the Hostname value to select between same-Port, same-Protocol Listeners, the Hostname value must be different on each Listener for the Listener to be distinct. \n When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from the most specific to least specific Hostname values to choose the correct Listener and its associated set of Routes. \n Exact matches must be processed before wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\"foo.example.com\"` takes precedence over `\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`. \n Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. For example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence. \n The wildcard character will match any number of characters _and dots_ to the left, however, so `\"*.example.com\"` will match both `\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`. \n If a set of Listeners contains Listeners that are not distinct, then those Listeners are Conflicted, and the implementation MUST set the \"Conflicted\" condition in the Listener Status to \"True\". \n Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they only accept the partial Listener set that contains no Conflicted Listeners. To put this another way, implementations may accept a partial Listener set only if they throw out *all* the conflicting Listeners. No picking one of the conflicting listeners as the winner. This also means that the Gateway must have at least one non-conflicting Listener in this case, otherwise it violates the requirement that at least one Listener must be present. \n The implementation MUST set a \"ListenersNotValid\" condition on the Gateway Status when the Gateway contains Conflicted Listeners whether or not they accept the Gateway. That Condition SHOULD clearly indicate in the Message which Listeners are conflicted, and which are Accepted. Additionally, the Listener status for those listeners SHOULD indicate which Listeners are conflicted and not Accepted. \n A Gateway's Listeners are considered \"compatible\" if: \n 1. They are distinct. 2. The implementation can serve them in compliance with the Addresses requirement that all Listeners are available on all assigned addresses. \n Compatible combinations in Extended support are expected to vary across implementations. A combination that is compatible for one implementation may not be compatible for another. \n For example, an implementation that cannot serve both TCP and UDP listeners on the same address, or cannot mix HTTPS and generic TLS listens on the same port would not consider those cases compatible, even though they are distinct. \n Note that requests SHOULD match at most one Listener. For example, if Listeners are defined for \"foo.example.com\" and \"*.example.com\", a request to \"foo.example.com\" SHOULD only be routed using routes attached to the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener). This concept is known as \"Listener Isolation\". Implementations that do not support Listener Isolation MUST clearly document this. \n Implementations MAY merge separate Gateways onto a single set of Addresses if all Listeners across all Gateways are compatible. \n Support: Core" + +### fn spec.listeners.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. This field is ignored for protocols that don't require hostname based matching. \n Implementations MUST apply Hostname matching appropriately for each of the following protocols: \n * TLS: The Listener Hostname MUST match the SNI. * HTTP: The Listener Hostname MUST match the Host header of the request. * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP protocol layers as described above. If an implementation does not ensure that both the SNI and Host header match the Listener hostname, it MUST clearly document that. \n For HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` array. When both listener and route specify hostnames, there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n Support: Core" + +### fn spec.listeners.withName + +```ts +withName(name) +``` + +"Name is the name of the Listener. This name MUST be unique within a Gateway. \n Support: Core" + +### fn spec.listeners.withPort + +```ts +withPort(port) +``` + +"Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. \n Support: Core" + +### fn spec.listeners.withProtocol + +```ts +withProtocol(protocol) +``` + +"Protocol specifies the network protocol this listener expects to receive. \n Support: Core" + +## obj spec.listeners.allowedRoutes + +"AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present. \n Although a client request may match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria: \n * The most specific match as defined by the Route type. * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over a Route with a creation timestamp of \"2020-09-08 01:02:04\". * If everything else is equivalent, the Route appearing first in alphabetical order (namespace/name) should be given precedence. For example, foo/bar is given precedence over foo/baz. \n All valid rules within a Route attached to this Listener should be implemented. Invalid Route rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from valid to invalid, support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported. \n Support: Core" + +### fn spec.listeners.allowedRoutes.withKinds + +```ts +withKinds(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +### fn spec.listeners.allowedRoutes.withKindsMixin + +```ts +withKindsMixin(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.kinds + +"Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway Listener. When unspecified or empty, the kinds of Routes selected are determined using the Listener protocol. \n A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application protocol specified in the Listener's Protocol field. If an implementation does not support or recognize this resource type, it MUST set the \"ResolvedRefs\" condition to False for this Listener with the \"InvalidRouteKinds\" reason. \n Support: Core" + +### fn spec.listeners.allowedRoutes.kinds.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the Route." + +### fn spec.listeners.allowedRoutes.kinds.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the Route." + +## obj spec.listeners.allowedRoutes.namespaces + +"Namespaces indicates namespaces from which Routes may be attached to this Listener. This is restricted to the namespace of this Gateway by default. \n Support: Core" + +### fn spec.listeners.allowedRoutes.namespaces.withFrom + +```ts +withFrom(from) +``` + +"From indicates where Routes will be selected for this Gateway. Possible values are: \n * All: Routes in all namespaces may be used by this Gateway. * Selector: Routes in namespaces selected by the selector may be used by this Gateway. * Same: Only Routes in the same namespace may be used by this Gateway. \n Support: Core" + +## obj spec.listeners.allowedRoutes.namespaces.selector + +"Selector must be specified when From is set to \"Selector\". In that case, only Routes in Namespaces matching this Selector will be selected by this Gateway. This field is ignored for other values of \"From\". \n Support: Core" + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressions + +```ts +withMatchExpressions(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressionsMixin + +```ts +withMatchExpressionsMixin(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabels + +```ts +withMatchLabels(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabelsMixin + +```ts +withMatchLabelsMixin(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withKey + +```ts +withKey(key) +``` + +"key is the label key that the selector applies to." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withOperator + +```ts +withOperator(operator) +``` + +"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValues + +```ts +withValues(values) +``` + +"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValuesMixin + +```ts +withValuesMixin(values) +``` + +"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls + +"TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field if the Protocol field is \"HTTP\", \"TCP\", or \"UDP\". \n The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener. \n The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. \n Support: Core" + +### fn spec.listeners.tls.withCertificateRefs + +```ts +withCertificateRefs(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.withCertificateRefsMixin + +```ts +withCertificateRefsMixin(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.tls.withMode + +```ts +withMode(mode) +``` + +"Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: \n - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificateRefs to be set and contain at least one element. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRefs field is ignored in this mode. \n Support: Core" + +### fn spec.listeners.tls.withOptions + +```ts +withOptions(options) +``` + +"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \n Support: Implementation-specific" + +### fn spec.listeners.tls.withOptionsMixin + +```ts +withOptionsMixin(options) +``` + +"Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites. \n A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API. \n Support: Implementation-specific" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls.certificateRefs + +"CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener. \n A single CertificateRef to a Kubernetes Secret has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific. \n References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the \"ResolvedRefs\" condition MUST be set to False for this listener with the \"RefNotPermitted\" reason. \n This field is required to have at least one element when the mode is set to \"Terminate\" (default) and is optional otherwise. \n CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources. \n Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls \n Support: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.certificateRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.listeners.tls.certificateRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"Secret\"." + +### fn spec.listeners.tls.certificateRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.listeners.tls.certificateRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referenced object. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1beta1/gatewayClass.md b/docs/1.0-experimental/gateway/v1beta1/gatewayClass.md new file mode 100644 index 0000000..bd955bc --- /dev/null +++ b/docs/1.0-experimental/gateway/v1beta1/gatewayClass.md @@ -0,0 +1,269 @@ +--- +permalink: /1.0-experimental/gateway/v1beta1/gatewayClass/ +--- + +# gateway.v1beta1.gatewayClass + +"GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \n It is recommended that this resource be used as a template for Gateways. This means that a Gateway is based on the state of the GatewayClass at the time it was created and changes to the GatewayClass or associated parameters are not propagated down to existing Gateways. This recommendation is intended to limit the blast radius of changes to GatewayClass or associated parameters. If implementations choose to propagate GatewayClass changes to existing Gateways, that MUST be clearly documented by the implementation. \n Whenever one or more Gateways are using a GatewayClass, implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the associated GatewayClass. This ensures that a GatewayClass associated with a Gateway is not deleted while in use. \n GatewayClass is a Cluster level resource." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withControllerName(controllerName)`](#fn-specwithcontrollername) + * [`fn withDescription(description)`](#fn-specwithdescription) + * [`obj spec.parametersRef`](#obj-specparametersref) + * [`fn withGroup(group)`](#fn-specparametersrefwithgroup) + * [`fn withKind(kind)`](#fn-specparametersrefwithkind) + * [`fn withName(name)`](#fn-specparametersrefwithname) + * [`fn withNamespace(namespace)`](#fn-specparametersrefwithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GatewayClass + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GatewayClass." + +### fn spec.withControllerName + +```ts +withControllerName(controllerName) +``` + +"ControllerName is the name of the controller that is managing Gateways of this class. The value of this field MUST be a domain prefixed path. \n Example: \"example.net/gateway-controller\". \n This field is not mutable and cannot be empty. \n Support: Core" + +### fn spec.withDescription + +```ts +withDescription(description) +``` + +"Description helps describe a GatewayClass with more details." + +## obj spec.parametersRef + +"ParametersRef is a reference to a resource that contains the configuration parameters corresponding to the GatewayClass. This is optional if the controller does not require any additional configuration. \n ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, or an implementation-specific custom resource. The resource can be cluster-scoped or namespace-scoped. \n If the referent cannot be found, the GatewayClass's \"InvalidParameters\" status condition will be true. \n Support: Implementation-specific" + +### fn spec.parametersRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent." + +### fn spec.parametersRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent." + +### fn spec.parametersRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.parametersRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. This field is required when referring to a Namespace-scoped resource and MUST be unset when referring to a Cluster-scoped resource." \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1beta1/httpRoute.md b/docs/1.0-experimental/gateway/v1beta1/httpRoute.md new file mode 100644 index 0000000..eafb28c --- /dev/null +++ b/docs/1.0-experimental/gateway/v1beta1/httpRoute.md @@ -0,0 +1,1521 @@ +--- +permalink: /1.0-experimental/gateway/v1beta1/httpRoute/ +--- + +# gateway.v1beta1.httpRoute + +"HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.requestRedirect`](#obj-specrulesbackendrefsfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesbackendrefsfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesbackendrefsfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.backendRefs.filters.requestRedirect.path`](#obj-specrulesbackendrefsfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithtype) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.urlRewrite`](#obj-specrulesbackendrefsfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersurlrewritewithhostname) + * [`obj spec.rules.backendRefs.filters.urlRewrite.path`](#obj-specrulesbackendrefsfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithtype) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.requestRedirect`](#obj-specrulesfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.filters.requestRedirect.path`](#obj-specrulesfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersrequestredirectpathwithtype) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters.urlRewrite`](#obj-specrulesfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersurlrewritewithhostname) + * [`obj spec.rules.filters.urlRewrite.path`](#obj-specrulesfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersurlrewritepathwithtype) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`fn withMethod(method)`](#fn-specrulesmatcheswithmethod) + * [`fn withQueryParams(queryParams)`](#fn-specrulesmatcheswithqueryparams) + * [`fn withQueryParamsMixin(queryParams)`](#fn-specrulesmatcheswithqueryparamsmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.path`](#obj-specrulesmatchespath) + * [`fn withType(type)`](#fn-specrulesmatchespathwithtype) + * [`fn withValue(value)`](#fn-specrulesmatchespathwithvalue) + * [`obj spec.rules.matches.queryParams`](#obj-specrulesmatchesqueryparams) + * [`fn withName(name)`](#fn-specrulesmatchesqueryparamswithname) + * [`fn withType(type)`](#fn-specrulesmatchesqueryparamswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesqueryparamswithvalue) + * [`obj spec.rules.timeouts`](#obj-specrulestimeouts) + * [`fn withBackendRequest(backendRequest)`](#fn-specrulestimeoutswithbackendrequest) + * [`fn withRequest(request)`](#fn-specrulestimeoutswithrequest) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of HTTPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of HTTPRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \n Support: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. \n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. \n Support: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + +## obj spec.rules + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n This filter can be used multiple times within the same rule. \n Support: Implementation-specific" + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.backendRefs.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core" + +## obj spec.rules.backendRefs.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended" + +## obj spec.rules.backendRefs.filters.urlRewrite.path + +"Path defines a path rewrite. \n Support: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n This filter can be used multiple times within the same rule. \n Support: Implementation-specific" + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \n Support: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent. \n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field." + +## obj spec.rules.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core" + +### fn spec.rules.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core" + +### fn spec.rules.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core" + +## obj spec.rules.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended" + +### fn spec.rules.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended" + +### fn spec.rules.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended" + +## obj spec.rules.filters.urlRewrite.path + +"Path defines a path rewrite. \n Support: Extended" + +### fn spec.rules.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect." + +### fn spec.rules.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | | /bar /foo/ | /foo | | / /foo | /foo | | / /foo/ | /foo | / | / /foo | /foo | / | /" + +### fn spec.rules.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +**Note:** This function appends passed data to existing values + +### fn spec.rules.matches.withMethod + +```ts +withMethod(method) +``` + +"Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \n Support: Extended" + +### fn spec.rules.matches.withQueryParams + +```ts +withQueryParams(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +### fn spec.rules.matches.withQueryParamsMixin + +```ts +withQueryParamsMixin(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent. \n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \"Set-Cookie\"." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header. \n Support: Core (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches.path + +"Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the \"/\" path is provided." + +### fn spec.rules.matches.path.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the path Value. \n Support: Core (Exact, PathPrefix) \n Support: Implementation-specific (RegularExpression)" + +### fn spec.rules.matches.path.withValue + +```ts +withValue(value) +``` + +"Value of the HTTP path to match against." + +## obj spec.rules.matches.queryParams + +"QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended" + +### fn spec.rules.matches.queryParams.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). \n If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. \n If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is *recommended* that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. \n Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations." + +### fn spec.rules.matches.queryParams.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the query parameter. \n Support: Extended (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect." + +### fn spec.rules.matches.queryParams.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP query param to be matched." + +## obj spec.rules.timeouts + +"Timeouts defines the timeouts that can be configured for an HTTP request. \n Support: Extended \n " + +### fn spec.rules.timeouts.withBackendRequest + +```ts +withBackendRequest(backendRequest) +``` + +"BackendRequest specifies a timeout for an individual request from the gateway to a backend. This covers the time from when the request first starts being sent from the gateway to when the full response has been received from the backend. \n An entire client HTTP transaction with a gateway, covered by the Request timeout, may result in more than one call from the gateway to the destination backend, for example, if automatic retries are supported. \n Because the Request timeout encompasses the BackendRequest timeout, the value of BackendRequest must be <= the value of Request timeout. \n Support: Extended" + +### fn spec.rules.timeouts.withRequest + +```ts +withRequest(request) +``` + +"Request specifies the maximum duration for a gateway to respond to an HTTP request. If the gateway has not been able to respond before this deadline is met, the gateway MUST return a timeout error. \n For example, setting the `rules.timeouts.request` field to the value `10s` in an `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds to complete. \n This timeout is intended to cover as close to the whole request-response transaction as possible although an implementation MAY choose to start the timeout after the entire request stream has been received instead of immediately after the transaction is initiated by the client. \n When this field is unspecified, request timeout behavior is implementation-specific. \n Support: Extended" \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1beta1/index.md b/docs/1.0-experimental/gateway/v1beta1/index.md new file mode 100644 index 0000000..18f0e12 --- /dev/null +++ b/docs/1.0-experimental/gateway/v1beta1/index.md @@ -0,0 +1,12 @@ +--- +permalink: /1.0-experimental/gateway/v1beta1/ +--- + +# gateway.v1beta1 + + + +* [gateway](gateway.md) +* [gatewayClass](gatewayClass.md) +* [httpRoute](httpRoute.md) +* [referenceGrant](referenceGrant.md) \ No newline at end of file diff --git a/docs/1.0-experimental/gateway/v1beta1/referenceGrant.md b/docs/1.0-experimental/gateway/v1beta1/referenceGrant.md new file mode 100644 index 0000000..79087f1 --- /dev/null +++ b/docs/1.0-experimental/gateway/v1beta1/referenceGrant.md @@ -0,0 +1,314 @@ +--- +permalink: /1.0-experimental/gateway/v1beta1/referenceGrant/ +--- + +# gateway.v1beta1.referenceGrant + +"ReferenceGrant identifies kinds of resources in other namespaces that are trusted to reference the specified kinds of resources in the same namespace as the policy. \n Each ReferenceGrant can be used to represent a unique trust relationship. Additional Reference Grants can be used to add to the set of trusted sources of inbound references for the namespace they are defined within. \n All cross-namespace references in Gateway API (with the exception of cross-namespace Gateway-route attachment) require a ReferenceGrant. \n ReferenceGrant is a form of runtime verification allowing users to assert which cross-namespace object references are permitted. Implementations that support ReferenceGrant MUST NOT permit cross-namespace references which have no grant, and MUST respond to the removal of a grant by revoking the access that the grant allowed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withFrom(from)`](#fn-specwithfrom) + * [`fn withFromMixin(from)`](#fn-specwithfrommixin) + * [`fn withTo(to)`](#fn-specwithto) + * [`fn withToMixin(to)`](#fn-specwithtomixin) + * [`obj spec.from`](#obj-specfrom) + * [`fn withGroup(group)`](#fn-specfromwithgroup) + * [`fn withKind(kind)`](#fn-specfromwithkind) + * [`fn withNamespace(namespace)`](#fn-specfromwithnamespace) + * [`obj spec.to`](#obj-specto) + * [`fn withGroup(group)`](#fn-spectowithgroup) + * [`fn withKind(kind)`](#fn-spectowithkind) + * [`fn withName(name)`](#fn-spectowithname) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of ReferenceGrant + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of ReferenceGrant." + +### fn spec.withFrom + +```ts +withFrom(from) +``` + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.withFromMixin + +```ts +withFromMixin(from) +``` + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withTo + +```ts +withTo(to) +``` + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.withToMixin + +```ts +withToMixin(to) +``` + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.from + +"From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.from.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \n Support: Core" + +### fn spec.from.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \"Core\" support level for this field. \n When used to permit a SecretObjectReference: \n * Gateway \n When used to permit a BackendObjectReference: \n * GRPCRoute * HTTPRoute * TCPRoute * TLSRoute * UDPRoute" + +### fn spec.from.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. \n Support: Core" + +## obj spec.to + +"To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core" + +### fn spec.to.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \n Support: Core" + +### fn spec.to.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \"Core\" support level for this field: \n * Secret when used to permit a SecretObjectReference * Service when used to permit a BackendObjectReference" + +### fn spec.to.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. When unspecified, this policy refers to all resources of the specified Group and Kind in the local namespace." \ No newline at end of file diff --git a/docs/1.1-experimental/README.md b/docs/1.1-experimental/README.md new file mode 100644 index 0000000..6a471eb --- /dev/null +++ b/docs/1.1-experimental/README.md @@ -0,0 +1,13 @@ +--- +permalink: /1.1-experimental/ +--- + +# gateway-api + +```jsonnet +local gateway-api = import "github.com/jsonnet-libs/gateway-api-libsonnet/1.1-experimental/main.libsonnet" +``` + + + +* [gateway](gateway/index.md) \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/index.md b/docs/1.1-experimental/gateway/index.md new file mode 100644 index 0000000..70aa62d --- /dev/null +++ b/docs/1.1-experimental/gateway/index.md @@ -0,0 +1,12 @@ +--- +permalink: /1.1-experimental/gateway/ +--- + +# gateway + + + +* [v1](v1/index.md) +* [v1alpha2](v1alpha2/index.md) +* [v1alpha3](v1alpha3/index.md) +* [v1beta1](v1beta1/index.md) \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1/gateway.md b/docs/1.1-experimental/gateway/v1/gateway.md new file mode 100644 index 0000000..0d51298 --- /dev/null +++ b/docs/1.1-experimental/gateway/v1/gateway.md @@ -0,0 +1,711 @@ +--- +permalink: /1.1-experimental/gateway/v1/gateway/ +--- + +# gateway.v1.gateway + +"Gateway represents an instance of a service-traffic handling infrastructure\nby binding Listeners to a set of IP addresses." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withAddresses(addresses)`](#fn-specwithaddresses) + * [`fn withAddressesMixin(addresses)`](#fn-specwithaddressesmixin) + * [`fn withGatewayClassName(gatewayClassName)`](#fn-specwithgatewayclassname) + * [`fn withListeners(listeners)`](#fn-specwithlisteners) + * [`fn withListenersMixin(listeners)`](#fn-specwithlistenersmixin) + * [`obj spec.addresses`](#obj-specaddresses) + * [`fn withType(type)`](#fn-specaddresseswithtype) + * [`fn withValue(value)`](#fn-specaddresseswithvalue) + * [`obj spec.infrastructure`](#obj-specinfrastructure) + * [`fn withAnnotations(annotations)`](#fn-specinfrastructurewithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-specinfrastructurewithannotationsmixin) + * [`fn withLabels(labels)`](#fn-specinfrastructurewithlabels) + * [`fn withLabelsMixin(labels)`](#fn-specinfrastructurewithlabelsmixin) + * [`obj spec.infrastructure.parametersRef`](#obj-specinfrastructureparametersref) + * [`fn withGroup(group)`](#fn-specinfrastructureparametersrefwithgroup) + * [`fn withKind(kind)`](#fn-specinfrastructureparametersrefwithkind) + * [`fn withName(name)`](#fn-specinfrastructureparametersrefwithname) + * [`obj spec.listeners`](#obj-speclisteners) + * [`fn withHostname(hostname)`](#fn-speclistenerswithhostname) + * [`fn withName(name)`](#fn-speclistenerswithname) + * [`fn withPort(port)`](#fn-speclistenerswithport) + * [`fn withProtocol(protocol)`](#fn-speclistenerswithprotocol) + * [`obj spec.listeners.allowedRoutes`](#obj-speclistenersallowedroutes) + * [`fn withKinds(kinds)`](#fn-speclistenersallowedrouteswithkinds) + * [`fn withKindsMixin(kinds)`](#fn-speclistenersallowedrouteswithkindsmixin) + * [`obj spec.listeners.allowedRoutes.kinds`](#obj-speclistenersallowedrouteskinds) + * [`fn withGroup(group)`](#fn-speclistenersallowedrouteskindswithgroup) + * [`fn withKind(kind)`](#fn-speclistenersallowedrouteskindswithkind) + * [`obj spec.listeners.allowedRoutes.namespaces`](#obj-speclistenersallowedroutesnamespaces) + * [`fn withFrom(from)`](#fn-speclistenersallowedroutesnamespaceswithfrom) + * [`obj spec.listeners.allowedRoutes.namespaces.selector`](#obj-speclistenersallowedroutesnamespacesselector) + * [`fn withMatchExpressions(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressions) + * [`fn withMatchExpressionsMixin(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressionsmixin) + * [`fn withMatchLabels(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabels) + * [`fn withMatchLabelsMixin(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabelsmixin) + * [`obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions`](#obj-speclistenersallowedroutesnamespacesselectormatchexpressions) + * [`fn withKey(key)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithkey) + * [`fn withOperator(operator)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithoperator) + * [`fn withValues(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvalues) + * [`fn withValuesMixin(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvaluesmixin) + * [`obj spec.listeners.tls`](#obj-speclistenerstls) + * [`fn withCertificateRefs(certificateRefs)`](#fn-speclistenerstlswithcertificaterefs) + * [`fn withCertificateRefsMixin(certificateRefs)`](#fn-speclistenerstlswithcertificaterefsmixin) + * [`fn withMode(mode)`](#fn-speclistenerstlswithmode) + * [`fn withOptions(options)`](#fn-speclistenerstlswithoptions) + * [`fn withOptionsMixin(options)`](#fn-speclistenerstlswithoptionsmixin) + * [`obj spec.listeners.tls.certificateRefs`](#obj-speclistenerstlscertificaterefs) + * [`fn withGroup(group)`](#fn-speclistenerstlscertificaterefswithgroup) + * [`fn withKind(kind)`](#fn-speclistenerstlscertificaterefswithkind) + * [`fn withName(name)`](#fn-speclistenerstlscertificaterefswithname) + * [`fn withNamespace(namespace)`](#fn-speclistenerstlscertificaterefswithnamespace) + * [`obj spec.listeners.tls.frontendValidation`](#obj-speclistenerstlsfrontendvalidation) + * [`fn withCaCertificateRefs(caCertificateRefs)`](#fn-speclistenerstlsfrontendvalidationwithcacertificaterefs) + * [`fn withCaCertificateRefsMixin(caCertificateRefs)`](#fn-speclistenerstlsfrontendvalidationwithcacertificaterefsmixin) + * [`obj spec.listeners.tls.frontendValidation.caCertificateRefs`](#obj-speclistenerstlsfrontendvalidationcacertificaterefs) + * [`fn withGroup(group)`](#fn-speclistenerstlsfrontendvalidationcacertificaterefswithgroup) + * [`fn withKind(kind)`](#fn-speclistenerstlsfrontendvalidationcacertificaterefswithkind) + * [`fn withName(name)`](#fn-speclistenerstlsfrontendvalidationcacertificaterefswithname) + * [`fn withNamespace(namespace)`](#fn-speclistenerstlsfrontendvalidationcacertificaterefswithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of Gateway + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of Gateway." + +### fn spec.withAddresses + +```ts +withAddresses(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\n\nSupport: Extended\n\n\n" + +### fn spec.withAddressesMixin + +```ts +withAddressesMixin(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\n\nSupport: Extended\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withGatewayClassName + +```ts +withGatewayClassName(gatewayClassName) +``` + +"GatewayClassName used for this Gateway. This is the name of a\nGatewayClass resource." + +### fn spec.withListeners + +```ts +withListeners(listeners) +``` + +"Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on their\ntargeted conformance profile:\n\n\nHTTP Profile\n\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\n\nTLS Profile\n\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\n\"Distinct\" Listeners have the following property:\n\n\nThe implementation can match inbound requests to a single distinct\nListener. When multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\n\nFor example, the following Listener scenarios are distinct:\n\n\n1. Multiple Listeners with the same Port that all use the \"HTTP\"\n Protocol that all have unique Hostname values.\n2. Multiple Listeners with the same Port that use either the \"HTTPS\" or\n \"TLS\" Protocol that all have unique Hostname values.\n3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener\n with the same Protocol has the same Port value.\n\n\nSome fields in the Listener struct have possible values that affect\nwhether the Listener is distinct. Hostname is particularly relevant\nfor HTTP or HTTPS protocols.\n\n\nWhen using the Hostname value to select between same-Port, same-Protocol\nListeners, the Hostname value must be different on each Listener for the\nListener to be distinct.\n\n\nWhen the Listeners are distinct based on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\n\nExact matches must be processed before wildcard matches, and wildcard\nmatches must be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are Conflicted, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners. To put this another way, implementations may\naccept a partial Listener set only if they throw out *all* the conflicting\nListeners. No picking one of the conflicting listeners as the winner.\nThis also means that the Gateway must have at least one non-conflicting\nListener in this case, otherwise it violates the requirement that at\nleast one Listener must be present.\n\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n\nA Gateway's Listeners are considered \"compatible\" if:\n\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\n\nNote that requests SHOULD match at most one Listener. For example, if\nListeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\nThis concept is known as \"Listener Isolation\". Implementations that do\nnot support Listener Isolation MUST clearly document this.\n\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\n\nSupport: Core" + +### fn spec.withListenersMixin + +```ts +withListenersMixin(listeners) +``` + +"Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on their\ntargeted conformance profile:\n\n\nHTTP Profile\n\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\n\nTLS Profile\n\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\n\"Distinct\" Listeners have the following property:\n\n\nThe implementation can match inbound requests to a single distinct\nListener. When multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\n\nFor example, the following Listener scenarios are distinct:\n\n\n1. Multiple Listeners with the same Port that all use the \"HTTP\"\n Protocol that all have unique Hostname values.\n2. Multiple Listeners with the same Port that use either the \"HTTPS\" or\n \"TLS\" Protocol that all have unique Hostname values.\n3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener\n with the same Protocol has the same Port value.\n\n\nSome fields in the Listener struct have possible values that affect\nwhether the Listener is distinct. Hostname is particularly relevant\nfor HTTP or HTTPS protocols.\n\n\nWhen using the Hostname value to select between same-Port, same-Protocol\nListeners, the Hostname value must be different on each Listener for the\nListener to be distinct.\n\n\nWhen the Listeners are distinct based on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\n\nExact matches must be processed before wildcard matches, and wildcard\nmatches must be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are Conflicted, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners. To put this another way, implementations may\naccept a partial Listener set only if they throw out *all* the conflicting\nListeners. No picking one of the conflicting listeners as the winner.\nThis also means that the Gateway must have at least one non-conflicting\nListener in this case, otherwise it violates the requirement that at\nleast one Listener must be present.\n\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n\nA Gateway's Listeners are considered \"compatible\" if:\n\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\n\nNote that requests SHOULD match at most one Listener. For example, if\nListeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\nThis concept is known as \"Listener Isolation\". Implementations that do\nnot support Listener Isolation MUST clearly document this.\n\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.addresses + +"Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\n\nSupport: Extended\n\n\n" + +### fn spec.addresses.withType + +```ts +withType(type) +``` + +"Type of the address." + +### fn spec.addresses.withValue + +```ts +withValue(value) +``` + +"Value of the address. The validity of the values will depend\non the type and support by the controller.\n\n\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`." + +## obj spec.infrastructure + +"Infrastructure defines infrastructure level attributes about this Gateway instance.\n\n\nSupport: Core\n\n\n" + +### fn spec.infrastructure.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"annotations\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific annotations as they see fit.\n\n\nSupport: Extended" + +### fn spec.infrastructure.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"annotations\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific annotations as they see fit.\n\n\nSupport: Extended" + +**Note:** This function appends passed data to existing values + +### fn spec.infrastructure.withLabels + +```ts +withLabels(labels) +``` + +"Labels that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"labels\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific labels as they see fit.\n\n\nSupport: Extended" + +### fn spec.infrastructure.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Labels that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"labels\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific labels as they see fit.\n\n\nSupport: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.infrastructure.parametersRef + +"ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the Gateway. This is optional if the\ncontroller does not require any additional configuration.\n\n\nThis follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis\n\n\nThe Gateway's GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\n\nSupport: Implementation-specific" + +### fn spec.infrastructure.parametersRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent." + +### fn spec.infrastructure.parametersRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent." + +### fn spec.infrastructure.parametersRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.listeners + +"Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on their\ntargeted conformance profile:\n\n\nHTTP Profile\n\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\n\nTLS Profile\n\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\n\"Distinct\" Listeners have the following property:\n\n\nThe implementation can match inbound requests to a single distinct\nListener. When multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\n\nFor example, the following Listener scenarios are distinct:\n\n\n1. Multiple Listeners with the same Port that all use the \"HTTP\"\n Protocol that all have unique Hostname values.\n2. Multiple Listeners with the same Port that use either the \"HTTPS\" or\n \"TLS\" Protocol that all have unique Hostname values.\n3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener\n with the same Protocol has the same Port value.\n\n\nSome fields in the Listener struct have possible values that affect\nwhether the Listener is distinct. Hostname is particularly relevant\nfor HTTP or HTTPS protocols.\n\n\nWhen using the Hostname value to select between same-Port, same-Protocol\nListeners, the Hostname value must be different on each Listener for the\nListener to be distinct.\n\n\nWhen the Listeners are distinct based on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\n\nExact matches must be processed before wildcard matches, and wildcard\nmatches must be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are Conflicted, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners. To put this another way, implementations may\naccept a partial Listener set only if they throw out *all* the conflicting\nListeners. No picking one of the conflicting listeners as the winner.\nThis also means that the Gateway must have at least one non-conflicting\nListener in this case, otherwise it violates the requirement that at\nleast one Listener must be present.\n\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n\nA Gateway's Listeners are considered \"compatible\" if:\n\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\n\nNote that requests SHOULD match at most one Listener. For example, if\nListeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\nThis concept is known as \"Listener Isolation\". Implementations that do\nnot support Listener Isolation MUST clearly document this.\n\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\n\nSupport: Core" + +### fn spec.listeners.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname specifies the virtual hostname to match for protocol types that\ndefine this concept. When unspecified, all hostnames are matched. This\nfield is ignored for protocols that don't require hostname based\nmatching.\n\n\nImplementations MUST apply Hostname matching appropriately for each of\nthe following protocols:\n\n\n* TLS: The Listener Hostname MUST match the SNI.\n* HTTP: The Listener Hostname MUST match the Host header of the request.\n* HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP\n protocol layers as described above. If an implementation does not\n ensure that both the SNI and Host header match the Listener hostname,\n it MUST clearly document that.\n\n\nFor HTTPRoute and TLSRoute resources, there is an interaction with the\n`spec.hostnames` array. When both listener and route specify hostnames,\nthere MUST be an intersection between the values for a Route to be\naccepted. For more information, refer to the Route specific Hostnames\ndocumentation.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nSupport: Core" + +### fn spec.listeners.withName + +```ts +withName(name) +``` + +"Name is the name of the Listener. This name MUST be unique within a\nGateway.\n\n\nSupport: Core" + +### fn spec.listeners.withPort + +```ts +withPort(port) +``` + +"Port is the network port. Multiple listeners may use the\nsame port, subject to the Listener compatibility rules.\n\n\nSupport: Core" + +### fn spec.listeners.withProtocol + +```ts +withProtocol(protocol) +``` + +"Protocol specifies the network protocol this listener expects to receive.\n\n\nSupport: Core" + +## obj spec.listeners.allowedRoutes + +"AllowedRoutes defines the types of routes that MAY be attached to a\nListener and the trusted namespaces where those Route resources MAY be\npresent.\n\n\nAlthough a client request may match multiple route rules, only one rule\nmay ultimately receive the request. Matching precedence MUST be\ndetermined in order of the following criteria:\n\n\n* The most specific match as defined by the Route type.\n* The oldest Route based on creation timestamp. For example, a Route with\n a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over\n a Route with a creation timestamp of \"2020-09-08 01:02:04\".\n* If everything else is equivalent, the Route appearing first in\n alphabetical order (namespace/name) should be given precedence. For\n example, foo/bar is given precedence over foo/baz.\n\n\nAll valid rules within a Route attached to this Listener should be\nimplemented. Invalid Route rules can be ignored (sometimes that will mean\nthe full Route). If a Route rule transitions from valid to invalid,\nsupport for that Route rule should be dropped to ensure consistency. For\nexample, even if a filter specified by a Route rule is invalid, the rest\nof the rules within that Route should still be supported.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.withKinds + +```ts +withKinds(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.withKindsMixin + +```ts +withKindsMixin(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.kinds + +"Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.kinds.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the Route." + +### fn spec.listeners.allowedRoutes.kinds.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the Route." + +## obj spec.listeners.allowedRoutes.namespaces + +"Namespaces indicates namespaces from which Routes may be attached to this\nListener. This is restricted to the namespace of this Gateway by default.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.namespaces.withFrom + +```ts +withFrom(from) +``` + +"From indicates where Routes will be selected for this Gateway. Possible\nvalues are:\n\n\n* All: Routes in all namespaces may be used by this Gateway.\n* Selector: Routes in namespaces selected by the selector may be used by\n this Gateway.\n* Same: Only Routes in the same namespace may be used by this Gateway.\n\n\nSupport: Core" + +## obj spec.listeners.allowedRoutes.namespaces.selector + +"Selector must be specified when From is set to \"Selector\". In that case,\nonly Routes in Namespaces matching this Selector will be selected by this\nGateway. This field is ignored for other values of \"From\".\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressions + +```ts +withMatchExpressions(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressionsMixin + +```ts +withMatchExpressionsMixin(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabels + +```ts +withMatchLabels(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabelsMixin + +```ts +withMatchLabelsMixin(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withKey + +```ts +withKey(key) +``` + +"key is the label key that the selector applies to." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withOperator + +```ts +withOperator(operator) +``` + +"operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValues + +```ts +withValues(values) +``` + +"values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValuesMixin + +```ts +withValuesMixin(values) +``` + +"values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls + +"TLS is the TLS configuration for the Listener. This field is required if\nthe Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field\nif the Protocol field is \"HTTP\", \"TCP\", or \"UDP\".\n\n\nThe association of SNIs to Certificate defined in GatewayTLSConfig is\ndefined based on the Hostname field for this listener.\n\n\nThe GatewayClass MUST use the longest matching SNI out of all\navailable certificates for any TLS handshake.\n\n\nSupport: Core" + +### fn spec.listeners.tls.withCertificateRefs + +```ts +withCertificateRefs(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\n\nSupport: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.withCertificateRefsMixin + +```ts +withCertificateRefsMixin(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\n\nSupport: Implementation-specific (More than one reference or other resource types)" + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.tls.withMode + +```ts +withMode(mode) +``` + +"Mode defines the TLS behavior for the TLS session initiated by the client.\nThere are two possible modes:\n\n\n- Terminate: The TLS session between the downstream client and the\n Gateway is terminated at the Gateway. This mode requires certificates\n to be specified in some way, such as populating the certificateRefs\n field.\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\n implies that the Gateway can't decipher the TLS stream except for\n the ClientHello message of the TLS protocol. The certificateRefs field\n is ignored in this mode.\n\n\nSupport: Core" + +### fn spec.listeners.tls.withOptions + +```ts +withOptions(options) +``` + +"Options are a list of key/value pairs to enable extended TLS\nconfiguration for each implementation. For example, configuring the\nminimum TLS version or supported cipher suites.\n\n\nA set of common keys MAY be defined by the API in the future. To avoid\nany ambiguity, implementation-specific definitions MUST use\ndomain-prefixed names, such as `example.com/my-custom-option`.\nUn-prefixed names are reserved for key names defined by Gateway API.\n\n\nSupport: Implementation-specific" + +### fn spec.listeners.tls.withOptionsMixin + +```ts +withOptionsMixin(options) +``` + +"Options are a list of key/value pairs to enable extended TLS\nconfiguration for each implementation. For example, configuring the\nminimum TLS version or supported cipher suites.\n\n\nA set of common keys MAY be defined by the API in the future. To avoid\nany ambiguity, implementation-specific definitions MUST use\ndomain-prefixed names, such as `example.com/my-custom-option`.\nUn-prefixed names are reserved for key names defined by Gateway API.\n\n\nSupport: Implementation-specific" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls.certificateRefs + +"CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\n\nSupport: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.certificateRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.listeners.tls.certificateRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"Secret\"." + +### fn spec.listeners.tls.certificateRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.listeners.tls.certificateRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +## obj spec.listeners.tls.frontendValidation + +"FrontendValidation holds configuration information for validating the frontend (client).\nSetting this field will require clients to send a client certificate\nrequired for validation during the TLS handshake. In browsers this may result in a dialog appearing\nthat requests a user to specify the client certificate.\nThe maximum depth of a certificate chain accepted in verification is Implementation specific.\n\n\nSupport: Extended\n\n\n" + +### fn spec.listeners.tls.frontendValidation.withCaCertificateRefs + +```ts +withCaCertificateRefs(caCertificateRefs) +``` + +"CACertificateRefs contains one or more references to\nKubernetes objects that contain TLS certificates of\nthe Certificate Authorities that can be used\nas a trust anchor to validate the certificates presented by the client.\n\n\nA single CA certificate reference to a Kubernetes ConfigMap\nhas \"Core\" support.\nImplementations MAY choose to support attaching multiple CA certificates to\na Listener, but this behavior is implementation-specific.\n\n\nSupport: Core - A single reference to a Kubernetes ConfigMap\nwith the CA certificate in a key named `ca.crt`.\n\n\nSupport: Implementation-specific (More than one reference, or other kinds\nof resources).\n\n\nReferences to a resource in a different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason." + +### fn spec.listeners.tls.frontendValidation.withCaCertificateRefsMixin + +```ts +withCaCertificateRefsMixin(caCertificateRefs) +``` + +"CACertificateRefs contains one or more references to\nKubernetes objects that contain TLS certificates of\nthe Certificate Authorities that can be used\nas a trust anchor to validate the certificates presented by the client.\n\n\nA single CA certificate reference to a Kubernetes ConfigMap\nhas \"Core\" support.\nImplementations MAY choose to support attaching multiple CA certificates to\na Listener, but this behavior is implementation-specific.\n\n\nSupport: Core - A single reference to a Kubernetes ConfigMap\nwith the CA certificate in a key named `ca.crt`.\n\n\nSupport: Implementation-specific (More than one reference, or other kinds\nof resources).\n\n\nReferences to a resource in a different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls.frontendValidation.caCertificateRefs + +"CACertificateRefs contains one or more references to\nKubernetes objects that contain TLS certificates of\nthe Certificate Authorities that can be used\nas a trust anchor to validate the certificates presented by the client.\n\n\nA single CA certificate reference to a Kubernetes ConfigMap\nhas \"Core\" support.\nImplementations MAY choose to support attaching multiple CA certificates to\na Listener, but this behavior is implementation-specific.\n\n\nSupport: Core - A single reference to a Kubernetes ConfigMap\nwith the CA certificate in a key named `ca.crt`.\n\n\nSupport: Implementation-specific (More than one reference, or other kinds\nof resources).\n\n\nReferences to a resource in a different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason." + +### fn spec.listeners.tls.frontendValidation.caCertificateRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.listeners.tls.frontendValidation.caCertificateRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"ConfigMap\" or \"Service\"." + +### fn spec.listeners.tls.frontendValidation.caCertificateRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.listeners.tls.frontendValidation.caCertificateRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1/gatewayClass.md b/docs/1.1-experimental/gateway/v1/gatewayClass.md new file mode 100644 index 0000000..e1748aa --- /dev/null +++ b/docs/1.1-experimental/gateway/v1/gatewayClass.md @@ -0,0 +1,269 @@ +--- +permalink: /1.1-experimental/gateway/v1/gatewayClass/ +--- + +# gateway.v1.gatewayClass + +"GatewayClass describes a class of Gateways available to the user for creating\nGateway resources.\n\n\nIt is recommended that this resource be used as a template for Gateways. This\nmeans that a Gateway is based on the state of the GatewayClass at the time it\nwas created and changes to the GatewayClass or associated parameters are not\npropagated down to existing Gateways. This recommendation is intended to\nlimit the blast radius of changes to GatewayClass or associated parameters.\nIf implementations choose to propagate GatewayClass changes to existing\nGateways, that MUST be clearly documented by the implementation.\n\n\nWhenever one or more Gateways are using a GatewayClass, implementations SHOULD\nadd the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the\nassociated GatewayClass. This ensures that a GatewayClass associated with a\nGateway is not deleted while in use.\n\n\nGatewayClass is a Cluster level resource." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withControllerName(controllerName)`](#fn-specwithcontrollername) + * [`fn withDescription(description)`](#fn-specwithdescription) + * [`obj spec.parametersRef`](#obj-specparametersref) + * [`fn withGroup(group)`](#fn-specparametersrefwithgroup) + * [`fn withKind(kind)`](#fn-specparametersrefwithkind) + * [`fn withName(name)`](#fn-specparametersrefwithname) + * [`fn withNamespace(namespace)`](#fn-specparametersrefwithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GatewayClass + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GatewayClass." + +### fn spec.withControllerName + +```ts +withControllerName(controllerName) +``` + +"ControllerName is the name of the controller that is managing Gateways of\nthis class. The value of this field MUST be a domain prefixed path.\n\n\nExample: \"example.net/gateway-controller\".\n\n\nThis field is not mutable and cannot be empty.\n\n\nSupport: Core" + +### fn spec.withDescription + +```ts +withDescription(description) +``` + +"Description helps describe a GatewayClass with more details." + +## obj spec.parametersRef + +"ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the GatewayClass. This is optional if the\ncontroller does not require any additional configuration.\n\n\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\nor an implementation-specific custom resource. The resource can be\ncluster-scoped or namespace-scoped.\n\n\nIf the referent cannot be found, the GatewayClass's \"InvalidParameters\"\nstatus condition will be true.\n\n\nA Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\n\nSupport: Implementation-specific" + +### fn spec.parametersRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent." + +### fn spec.parametersRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent." + +### fn spec.parametersRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.parametersRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent.\nThis field is required when referring to a Namespace-scoped resource and\nMUST be unset when referring to a Cluster-scoped resource." \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1/grpcRoute.md b/docs/1.1-experimental/gateway/v1/grpcRoute.md new file mode 100644 index 0000000..bf11617 --- /dev/null +++ b/docs/1.1-experimental/gateway/v1/grpcRoute.md @@ -0,0 +1,1263 @@ +--- +permalink: /1.1-experimental/gateway/v1/grpcRoute/ +--- + +# gateway.v1.grpcRoute + +"GRPCRoute provides a way to route gRPC requests. This includes the capability\nto match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.\nFilters can be used to specify additional processing steps. Backends specify\nwhere matching requests will be routed.\n\n\nGRPCRoute falls under extended support within the Gateway API. Within the\nfollowing specification, the word \"MUST\" indicates that an implementation\nsupporting GRPCRoute must conform to the indicated requirement, but an\nimplementation not supporting this route type need not follow the requirement\nunless explicitly indicated.\n\n\nImplementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST\naccept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via\nALPN. If the implementation does not support this, then it MUST set the\n\"Accepted\" condition to \"False\" for the affected listener with a reason of\n\"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections\nwith an upgrade from HTTP/1.\n\n\nImplementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST\nsupport HTTP/2 over cleartext TCP (h2c,\nhttps://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial\nupgrade from HTTP/1.1, i.e. with prior knowledge\n(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation\ndoes not support this, then it MUST set the \"Accepted\" condition to \"False\"\nfor the affected listener with a reason of \"UnsupportedProtocol\".\nImplementations MAY also accept HTTP/2 connections with an upgrade from\nHTTP/1, i.e. without prior knowledge." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.method`](#obj-specrulesmatchesmethod) + * [`fn withMethod(method)`](#fn-specrulesmatchesmethodwithmethod) + * [`fn withService(service)`](#fn-specrulesmatchesmethodwithservice) + * [`fn withType(type)`](#fn-specrulesmatchesmethodwithtype) + * [`obj spec.rules.sessionPersistence`](#obj-specrulessessionpersistence) + * [`fn withAbsoluteTimeout(absoluteTimeout)`](#fn-specrulessessionpersistencewithabsolutetimeout) + * [`fn withIdleTimeout(idleTimeout)`](#fn-specrulessessionpersistencewithidletimeout) + * [`fn withSessionName(sessionName)`](#fn-specrulessessionpersistencewithsessionname) + * [`fn withType(type)`](#fn-specrulessessionpersistencewithtype) + * [`obj spec.rules.sessionPersistence.cookieConfig`](#obj-specrulessessionpersistencecookieconfig) + * [`fn withLifetimeType(lifetimeType)`](#fn-specrulessessionpersistencecookieconfigwithlifetimetype) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GRPCRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GRPCRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames to match against the GRPC\nHost header to select a GRPCRoute to process the request. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label MUST appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and GRPCRoute, there\nMUST be at least one intersecting hostname for the GRPCRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `test.example.com` and `*.example.com` would both match. On the other\n hand, `example.com` and `test.example.net` would not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, any\nGRPCRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nGRPCRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` MUST NOT be considered for a match.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, and none\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\nthe implementation. The implementation MUST raise an 'Accepted' Condition\nwith a status of `False` in the corresponding RouteParentStatus.\n\n\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\nListener and that listener already has another Route (B) of the other\ntype attached and the intersection of the hostnames of A and B is\nnon-empty, then the implementation MUST accept exactly one of these two\nroutes, determined by the following criteria, in order:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nThe rejected Route MUST raise an 'Accepted' condition with a status of\n'False' in the corresponding RouteParentStatus.\n\n\nSupport: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames to match against the GRPC\nHost header to select a GRPCRoute to process the request. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label MUST appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and GRPCRoute, there\nMUST be at least one intersecting hostname for the GRPCRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `test.example.com` and `*.example.com` would both match. On the other\n hand, `example.com` and `test.example.net` would not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, any\nGRPCRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nGRPCRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` MUST NOT be considered for a match.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, and none\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\nthe implementation. The implementation MUST raise an 'Accepted' Condition\nwith a status of `False` in the corresponding RouteParentStatus.\n\n\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\nListener and that listener already has another Route (B) of the other\ntype attached and the intersection of the hostnames of A and B is\nnon-empty, then the implementation MUST accept exactly one of these two\nroutes, determined by the following criteria, in order:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nThe rejected Route MUST raise an 'Accepted' condition with a status of\n'False' in the corresponding RouteParentStatus.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of GRPC matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of GRPC matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent.\n\n\nSupport: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\nSupport: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + +## obj spec.rules + +"Rules are a list of GRPC matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nIf an implementation can not support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nIf an implementation can not support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\n\nSupport for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\n" + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nSupport: Implementation-specific\n\n\nThis filter can be used multiple times within the same rule." + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nIf an implementation can not support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\n" + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nSupport: Implementation-specific\n\n\nThis filter can be used multiple times within the same rule." + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the gRPC Header to be matched.\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of the gRPC Header to be matched." + +## obj spec.rules.matches.method + +"Method specifies a gRPC request service/method matcher. If this field is\nnot specified, all services and methods will match." + +### fn spec.rules.matches.method.withMethod + +```ts +withMethod(method) +``` + +"Value of the method to match against. If left empty or omitted, will\nmatch all services.\n\n\nAt least one of Service and Method MUST be a non-empty string." + +### fn spec.rules.matches.method.withService + +```ts +withService(service) +``` + +"Value of the service to match against. If left empty or omitted, will\nmatch any service.\n\n\nAt least one of Service and Method MUST be a non-empty string." + +### fn spec.rules.matches.method.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the service and/or method.\nSupport: Core (Exact with service and method specified)\n\n\nSupport: Implementation-specific (Exact with method specified but no service specified)\n\n\nSupport: Implementation-specific (RegularExpression)" + +## obj spec.rules.sessionPersistence + +"SessionPersistence defines and configures session persistence\nfor the route rule.\n\n\nSupport: Extended\n\n\n" + +### fn spec.rules.sessionPersistence.withAbsoluteTimeout + +```ts +withAbsoluteTimeout(absoluteTimeout) +``` + +"AbsoluteTimeout defines the absolute timeout of the persistent\nsession. Once the AbsoluteTimeout duration has elapsed, the\nsession becomes invalid.\n\n\nSupport: Extended" + +### fn spec.rules.sessionPersistence.withIdleTimeout + +```ts +withIdleTimeout(idleTimeout) +``` + +"IdleTimeout defines the idle timeout of the persistent session.\nOnce the session has been idle for more than the specified\nIdleTimeout duration, the session becomes invalid.\n\n\nSupport: Extended" + +### fn spec.rules.sessionPersistence.withSessionName + +```ts +withSessionName(sessionName) +``` + +"SessionName defines the name of the persistent session token\nwhich may be reflected in the cookie or the header. Users\nshould avoid reusing session names to prevent unintended\nconsequences, such as rejection or unpredictable behavior.\n\n\nSupport: Implementation-specific" + +### fn spec.rules.sessionPersistence.withType + +```ts +withType(type) +``` + +"Type defines the type of session persistence such as through\nthe use a header or cookie. Defaults to cookie based session\npersistence.\n\n\nSupport: Core for \"Cookie\" type\n\n\nSupport: Extended for \"Header\" type" + +## obj spec.rules.sessionPersistence.cookieConfig + +"CookieConfig provides configuration settings that are specific\nto cookie-based session persistence.\n\n\nSupport: Core" + +### fn spec.rules.sessionPersistence.cookieConfig.withLifetimeType + +```ts +withLifetimeType(lifetimeType) +``` + +"LifetimeType specifies whether the cookie has a permanent or\nsession-based lifetime. A permanent cookie persists until its\nspecified expiry time, defined by the Expires or Max-Age cookie\nattributes, while a session cookie is deleted when the current\nsession ends.\n\n\nWhen set to \"Permanent\", AbsoluteTimeout indicates the\ncookie's lifetime via the Expires or Max-Age cookie attributes\nand is required.\n\n\nWhen set to \"Session\", AbsoluteTimeout indicates the\nabsolute lifetime of the cookie tracked by the gateway and\nis optional.\n\n\nSupport: Core for \"Session\" type\n\n\nSupport: Extended for \"Permanent\" type" \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1/httpRoute.md b/docs/1.1-experimental/gateway/v1/httpRoute.md new file mode 100644 index 0000000..d0abe49 --- /dev/null +++ b/docs/1.1-experimental/gateway/v1/httpRoute.md @@ -0,0 +1,1576 @@ +--- +permalink: /1.1-experimental/gateway/v1/httpRoute/ +--- + +# gateway.v1.httpRoute + +"HTTPRoute provides a way to route HTTP requests. This includes the capability\nto match requests by hostname, path, header, or query param. Filters can be\nused to specify additional processing steps. Backends specify where matching\nrequests should be routed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.requestRedirect`](#obj-specrulesbackendrefsfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesbackendrefsfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesbackendrefsfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.backendRefs.filters.requestRedirect.path`](#obj-specrulesbackendrefsfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithtype) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.urlRewrite`](#obj-specrulesbackendrefsfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersurlrewritewithhostname) + * [`obj spec.rules.backendRefs.filters.urlRewrite.path`](#obj-specrulesbackendrefsfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithtype) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.requestRedirect`](#obj-specrulesfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.filters.requestRedirect.path`](#obj-specrulesfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersrequestredirectpathwithtype) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters.urlRewrite`](#obj-specrulesfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersurlrewritewithhostname) + * [`obj spec.rules.filters.urlRewrite.path`](#obj-specrulesfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersurlrewritepathwithtype) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`fn withMethod(method)`](#fn-specrulesmatcheswithmethod) + * [`fn withQueryParams(queryParams)`](#fn-specrulesmatcheswithqueryparams) + * [`fn withQueryParamsMixin(queryParams)`](#fn-specrulesmatcheswithqueryparamsmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.path`](#obj-specrulesmatchespath) + * [`fn withType(type)`](#fn-specrulesmatchespathwithtype) + * [`fn withValue(value)`](#fn-specrulesmatchespathwithvalue) + * [`obj spec.rules.matches.queryParams`](#obj-specrulesmatchesqueryparams) + * [`fn withName(name)`](#fn-specrulesmatchesqueryparamswithname) + * [`fn withType(type)`](#fn-specrulesmatchesqueryparamswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesqueryparamswithvalue) + * [`obj spec.rules.sessionPersistence`](#obj-specrulessessionpersistence) + * [`fn withAbsoluteTimeout(absoluteTimeout)`](#fn-specrulessessionpersistencewithabsolutetimeout) + * [`fn withIdleTimeout(idleTimeout)`](#fn-specrulessessionpersistencewithidletimeout) + * [`fn withSessionName(sessionName)`](#fn-specrulessessionpersistencewithsessionname) + * [`fn withType(type)`](#fn-specrulessessionpersistencewithtype) + * [`obj spec.rules.sessionPersistence.cookieConfig`](#obj-specrulessessionpersistencecookieconfig) + * [`fn withLifetimeType(lifetimeType)`](#fn-specrulessessionpersistencecookieconfigwithlifetimetype) + * [`obj spec.rules.timeouts`](#obj-specrulestimeouts) + * [`fn withBackendRequest(backendRequest)`](#fn-specrulestimeoutswithbackendrequest) + * [`fn withRequest(request)`](#fn-specrulestimeoutswithrequest) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of HTTPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of HTTPRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host\nheader to select a HTTPRoute used to process the request. Implementations\nMUST ignore any port value specified in the HTTP Host header while\nperforming a match and (absent of any applicable header modification\nconfiguration) MUST forward this header unmodified to the backend.\n\n\nValid values for Hostnames are determined by RFC 1123 definition of a\nhostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and HTTPRoute, there\nmust be at least one intersecting hostname for the HTTPRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\n all match. On the other hand, `example.com` and `test.example.net` would\n not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, any\nHTTPRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nHTTPRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` must not be considered for a match.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, and none\nmatch with the criteria above, then the HTTPRoute is not accepted. The\nimplementation must raise an 'Accepted' Condition with a status of\n`False` in the corresponding RouteParentStatus.\n\n\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\noverlapping wildcard matching and exact matching hostnames), precedence must\nbe given to rules from the HTTPRoute with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n\n\nIf ties exist across multiple Routes, the matching precedence rules for\nHTTPRouteMatches takes over.\n\n\nSupport: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host\nheader to select a HTTPRoute used to process the request. Implementations\nMUST ignore any port value specified in the HTTP Host header while\nperforming a match and (absent of any applicable header modification\nconfiguration) MUST forward this header unmodified to the backend.\n\n\nValid values for Hostnames are determined by RFC 1123 definition of a\nhostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and HTTPRoute, there\nmust be at least one intersecting hostname for the HTTPRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\n all match. On the other hand, `example.com` and `test.example.net` would\n not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, any\nHTTPRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nHTTPRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` must not be considered for a match.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, and none\nmatch with the criteria above, then the HTTPRoute is not accepted. The\nimplementation must raise an 'Accepted' Condition with a status of\n`False` in the corresponding RouteParentStatus.\n\n\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\noverlapping wildcard matching and exact matching hostnames), precedence must\nbe given to rules from the HTTPRoute with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n\n\nIf ties exist across multiple Routes, the matching precedence rules for\nHTTPRouteMatches takes over.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent.\n\n\nSupport: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\nSupport: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + +## obj spec.rules + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that can not be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation can not support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that can not be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation can not support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\n\nSupport for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nThis filter can be used multiple times within the same rule.\n\n\nSupport: Implementation-specific" + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.backendRefs.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location`\nheader in the response.\n\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Core" + +## obj spec.rules.backendRefs.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during\nforwarding.\n\n\nSupport: Extended" + +## obj spec.rules.backendRefs.filters.urlRewrite.path + +"Path defines a path rewrite.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that can not be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation can not support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nThis filter can be used multiple times within the same rule.\n\n\nSupport: Implementation-specific" + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location`\nheader in the response.\n\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\n\nSupport: Extended" + +### fn spec.rules.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Extended" + +### fn spec.rules.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Core" + +## obj spec.rules.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\n\nSupport: Extended" + +### fn spec.rules.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\n\nSupport: Extended" + +### fn spec.rules.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during\nforwarding.\n\n\nSupport: Extended" + +## obj spec.rules.filters.urlRewrite.path + +"Path defines a path rewrite.\n\n\nSupport: Extended" + +### fn spec.rules.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + +**Note:** This function appends passed data to existing values + +### fn spec.rules.matches.withMethod + +```ts +withMethod(method) +``` + +"Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\n\nSupport: Extended" + +### fn spec.rules.matches.withQueryParams + +```ts +withQueryParams(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + +### fn spec.rules.matches.withQueryParamsMixin + +```ts +withQueryParamsMixin(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\"." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header.\n\n\nSupport: Core (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches.path + +"Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided." + +### fn spec.rules.matches.path.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the path Value.\n\n\nSupport: Core (Exact, PathPrefix)\n\n\nSupport: Implementation-specific (RegularExpression)" + +### fn spec.rules.matches.path.withValue + +```ts +withValue(value) +``` + +"Value of the HTTP path to match against." + +## obj spec.rules.matches.queryParams + +"QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + +### fn spec.rules.matches.queryParams.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations." + +### fn spec.rules.matches.queryParams.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the query parameter.\n\n\nSupport: Extended (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect." + +### fn spec.rules.matches.queryParams.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP query param to be matched." + +## obj spec.rules.sessionPersistence + +"SessionPersistence defines and configures session persistence\nfor the route rule.\n\n\nSupport: Extended\n\n\n" + +### fn spec.rules.sessionPersistence.withAbsoluteTimeout + +```ts +withAbsoluteTimeout(absoluteTimeout) +``` + +"AbsoluteTimeout defines the absolute timeout of the persistent\nsession. Once the AbsoluteTimeout duration has elapsed, the\nsession becomes invalid.\n\n\nSupport: Extended" + +### fn spec.rules.sessionPersistence.withIdleTimeout + +```ts +withIdleTimeout(idleTimeout) +``` + +"IdleTimeout defines the idle timeout of the persistent session.\nOnce the session has been idle for more than the specified\nIdleTimeout duration, the session becomes invalid.\n\n\nSupport: Extended" + +### fn spec.rules.sessionPersistence.withSessionName + +```ts +withSessionName(sessionName) +``` + +"SessionName defines the name of the persistent session token\nwhich may be reflected in the cookie or the header. Users\nshould avoid reusing session names to prevent unintended\nconsequences, such as rejection or unpredictable behavior.\n\n\nSupport: Implementation-specific" + +### fn spec.rules.sessionPersistence.withType + +```ts +withType(type) +``` + +"Type defines the type of session persistence such as through\nthe use a header or cookie. Defaults to cookie based session\npersistence.\n\n\nSupport: Core for \"Cookie\" type\n\n\nSupport: Extended for \"Header\" type" + +## obj spec.rules.sessionPersistence.cookieConfig + +"CookieConfig provides configuration settings that are specific\nto cookie-based session persistence.\n\n\nSupport: Core" + +### fn spec.rules.sessionPersistence.cookieConfig.withLifetimeType + +```ts +withLifetimeType(lifetimeType) +``` + +"LifetimeType specifies whether the cookie has a permanent or\nsession-based lifetime. A permanent cookie persists until its\nspecified expiry time, defined by the Expires or Max-Age cookie\nattributes, while a session cookie is deleted when the current\nsession ends.\n\n\nWhen set to \"Permanent\", AbsoluteTimeout indicates the\ncookie's lifetime via the Expires or Max-Age cookie attributes\nand is required.\n\n\nWhen set to \"Session\", AbsoluteTimeout indicates the\nabsolute lifetime of the cookie tracked by the gateway and\nis optional.\n\n\nSupport: Core for \"Session\" type\n\n\nSupport: Extended for \"Permanent\" type" + +## obj spec.rules.timeouts + +"Timeouts defines the timeouts that can be configured for an HTTP request.\n\n\nSupport: Extended\n\n\n" + +### fn spec.rules.timeouts.withBackendRequest + +```ts +withBackendRequest(backendRequest) +``` + +"BackendRequest specifies a timeout for an individual request from the gateway\nto a backend. This covers the time from when the request first starts being\nsent from the gateway to when the full response has been received from the backend.\n\n\nSetting a timeout to the zero duration (e.g. \"0s\") SHOULD disable the timeout\ncompletely. Implementations that cannot completely disable the timeout MUST\ninstead interpret the zero duration as the longest possible value to which\nthe timeout can be set.\n\n\nAn entire client HTTP transaction with a gateway, covered by the Request timeout,\nmay result in more than one call from the gateway to the destination backend,\nfor example, if automatic retries are supported.\n\n\nBecause the Request timeout encompasses the BackendRequest timeout, the value of\nBackendRequest must be <= the value of Request timeout.\n\n\nSupport: Extended" + +### fn spec.rules.timeouts.withRequest + +```ts +withRequest(request) +``` + +"Request specifies the maximum duration for a gateway to respond to an HTTP request.\nIf the gateway has not been able to respond before this deadline is met, the gateway\nMUST return a timeout error.\n\n\nFor example, setting the `rules.timeouts.request` field to the value `10s` in an\n`HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds\nto complete.\n\n\nSetting a timeout to the zero duration (e.g. \"0s\") SHOULD disable the timeout\ncompletely. Implementations that cannot completely disable the timeout MUST\ninstead interpret the zero duration as the longest possible value to which\nthe timeout can be set.\n\n\nThis timeout is intended to cover as close to the whole request-response transaction\nas possible although an implementation MAY choose to start the timeout after the entire\nrequest stream has been received instead of immediately after the transaction is\ninitiated by the client.\n\n\nWhen this field is unspecified, request timeout behavior is implementation-specific.\n\n\nSupport: Extended" \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1/index.md b/docs/1.1-experimental/gateway/v1/index.md new file mode 100644 index 0000000..79c8452 --- /dev/null +++ b/docs/1.1-experimental/gateway/v1/index.md @@ -0,0 +1,12 @@ +--- +permalink: /1.1-experimental/gateway/v1/ +--- + +# gateway.v1 + + + +* [gateway](gateway.md) +* [gatewayClass](gatewayClass.md) +* [grpcRoute](grpcRoute.md) +* [httpRoute](httpRoute.md) \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1alpha2/backendLBPolicy.md b/docs/1.1-experimental/gateway/v1alpha2/backendLBPolicy.md new file mode 100644 index 0000000..c6c6d3f --- /dev/null +++ b/docs/1.1-experimental/gateway/v1alpha2/backendLBPolicy.md @@ -0,0 +1,317 @@ +--- +permalink: /1.1-experimental/gateway/v1alpha2/backendLBPolicy/ +--- + +# gateway.v1alpha2.backendLBPolicy + +"BackendLBPolicy provides a way to define load balancing rules\nfor a backend." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withTargetRefs(targetRefs)`](#fn-specwithtargetrefs) + * [`fn withTargetRefsMixin(targetRefs)`](#fn-specwithtargetrefsmixin) + * [`obj spec.sessionPersistence`](#obj-specsessionpersistence) + * [`fn withAbsoluteTimeout(absoluteTimeout)`](#fn-specsessionpersistencewithabsolutetimeout) + * [`fn withIdleTimeout(idleTimeout)`](#fn-specsessionpersistencewithidletimeout) + * [`fn withSessionName(sessionName)`](#fn-specsessionpersistencewithsessionname) + * [`fn withType(type)`](#fn-specsessionpersistencewithtype) + * [`obj spec.sessionPersistence.cookieConfig`](#obj-specsessionpersistencecookieconfig) + * [`fn withLifetimeType(lifetimeType)`](#fn-specsessionpersistencecookieconfigwithlifetimetype) + * [`obj spec.targetRefs`](#obj-spectargetrefs) + * [`fn withGroup(group)`](#fn-spectargetrefswithgroup) + * [`fn withKind(kind)`](#fn-spectargetrefswithkind) + * [`fn withName(name)`](#fn-spectargetrefswithname) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of BackendLBPolicy + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of BackendLBPolicy." + +### fn spec.withTargetRefs + +```ts +withTargetRefs(targetRefs) +``` + +"TargetRef identifies an API object to apply policy to.\nCurrently, Backends (i.e. Service, ServiceImport, or any\nimplementation-specific backendRef) are the only valid API\ntarget references." + +### fn spec.withTargetRefsMixin + +```ts +withTargetRefsMixin(targetRefs) +``` + +"TargetRef identifies an API object to apply policy to.\nCurrently, Backends (i.e. Service, ServiceImport, or any\nimplementation-specific backendRef) are the only valid API\ntarget references." + +**Note:** This function appends passed data to existing values + +## obj spec.sessionPersistence + +"SessionPersistence defines and configures session persistence\nfor the backend.\n\n\nSupport: Extended" + +### fn spec.sessionPersistence.withAbsoluteTimeout + +```ts +withAbsoluteTimeout(absoluteTimeout) +``` + +"AbsoluteTimeout defines the absolute timeout of the persistent\nsession. Once the AbsoluteTimeout duration has elapsed, the\nsession becomes invalid.\n\n\nSupport: Extended" + +### fn spec.sessionPersistence.withIdleTimeout + +```ts +withIdleTimeout(idleTimeout) +``` + +"IdleTimeout defines the idle timeout of the persistent session.\nOnce the session has been idle for more than the specified\nIdleTimeout duration, the session becomes invalid.\n\n\nSupport: Extended" + +### fn spec.sessionPersistence.withSessionName + +```ts +withSessionName(sessionName) +``` + +"SessionName defines the name of the persistent session token\nwhich may be reflected in the cookie or the header. Users\nshould avoid reusing session names to prevent unintended\nconsequences, such as rejection or unpredictable behavior.\n\n\nSupport: Implementation-specific" + +### fn spec.sessionPersistence.withType + +```ts +withType(type) +``` + +"Type defines the type of session persistence such as through\nthe use a header or cookie. Defaults to cookie based session\npersistence.\n\n\nSupport: Core for \"Cookie\" type\n\n\nSupport: Extended for \"Header\" type" + +## obj spec.sessionPersistence.cookieConfig + +"CookieConfig provides configuration settings that are specific\nto cookie-based session persistence.\n\n\nSupport: Core" + +### fn spec.sessionPersistence.cookieConfig.withLifetimeType + +```ts +withLifetimeType(lifetimeType) +``` + +"LifetimeType specifies whether the cookie has a permanent or\nsession-based lifetime. A permanent cookie persists until its\nspecified expiry time, defined by the Expires or Max-Age cookie\nattributes, while a session cookie is deleted when the current\nsession ends.\n\n\nWhen set to \"Permanent\", AbsoluteTimeout indicates the\ncookie's lifetime via the Expires or Max-Age cookie attributes\nand is required.\n\n\nWhen set to \"Session\", AbsoluteTimeout indicates the\nabsolute lifetime of the cookie tracked by the gateway and\nis optional.\n\n\nSupport: Core for \"Session\" type\n\n\nSupport: Extended for \"Permanent\" type" + +## obj spec.targetRefs + +"TargetRef identifies an API object to apply policy to.\nCurrently, Backends (i.e. Service, ServiceImport, or any\nimplementation-specific backendRef) are the only valid API\ntarget references." + +### fn spec.targetRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the target resource." + +### fn spec.targetRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the target resource." + +### fn spec.targetRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the target resource." \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1alpha2/grpcRoute.md b/docs/1.1-experimental/gateway/v1alpha2/grpcRoute.md new file mode 100644 index 0000000..4d868df --- /dev/null +++ b/docs/1.1-experimental/gateway/v1alpha2/grpcRoute.md @@ -0,0 +1,1263 @@ +--- +permalink: /1.1-experimental/gateway/v1alpha2/grpcRoute/ +--- + +# gateway.v1alpha2.grpcRoute + +"GRPCRoute provides a way to route gRPC requests. This includes the capability\nto match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.\nFilters can be used to specify additional processing steps. Backends specify\nwhere matching requests will be routed.\n\n\nGRPCRoute falls under extended support within the Gateway API. Within the\nfollowing specification, the word \"MUST\" indicates that an implementation\nsupporting GRPCRoute must conform to the indicated requirement, but an\nimplementation not supporting this route type need not follow the requirement\nunless explicitly indicated.\n\n\nImplementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST\naccept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via\nALPN. If the implementation does not support this, then it MUST set the\n\"Accepted\" condition to \"False\" for the affected listener with a reason of\n\"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections\nwith an upgrade from HTTP/1.\n\n\nImplementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST\nsupport HTTP/2 over cleartext TCP (h2c,\nhttps://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial\nupgrade from HTTP/1.1, i.e. with prior knowledge\n(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation\ndoes not support this, then it MUST set the \"Accepted\" condition to \"False\"\nfor the affected listener with a reason of \"UnsupportedProtocol\".\nImplementations MAY also accept HTTP/2 connections with an upgrade from\nHTTP/1, i.e. without prior knowledge." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.method`](#obj-specrulesmatchesmethod) + * [`fn withMethod(method)`](#fn-specrulesmatchesmethodwithmethod) + * [`fn withService(service)`](#fn-specrulesmatchesmethodwithservice) + * [`fn withType(type)`](#fn-specrulesmatchesmethodwithtype) + * [`obj spec.rules.sessionPersistence`](#obj-specrulessessionpersistence) + * [`fn withAbsoluteTimeout(absoluteTimeout)`](#fn-specrulessessionpersistencewithabsolutetimeout) + * [`fn withIdleTimeout(idleTimeout)`](#fn-specrulessessionpersistencewithidletimeout) + * [`fn withSessionName(sessionName)`](#fn-specrulessessionpersistencewithsessionname) + * [`fn withType(type)`](#fn-specrulessessionpersistencewithtype) + * [`obj spec.rules.sessionPersistence.cookieConfig`](#obj-specrulessessionpersistencecookieconfig) + * [`fn withLifetimeType(lifetimeType)`](#fn-specrulessessionpersistencecookieconfigwithlifetimetype) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GRPCRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GRPCRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames to match against the GRPC\nHost header to select a GRPCRoute to process the request. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label MUST appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and GRPCRoute, there\nMUST be at least one intersecting hostname for the GRPCRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `test.example.com` and `*.example.com` would both match. On the other\n hand, `example.com` and `test.example.net` would not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, any\nGRPCRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nGRPCRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` MUST NOT be considered for a match.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, and none\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\nthe implementation. The implementation MUST raise an 'Accepted' Condition\nwith a status of `False` in the corresponding RouteParentStatus.\n\n\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\nListener and that listener already has another Route (B) of the other\ntype attached and the intersection of the hostnames of A and B is\nnon-empty, then the implementation MUST accept exactly one of these two\nroutes, determined by the following criteria, in order:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nThe rejected Route MUST raise an 'Accepted' condition with a status of\n'False' in the corresponding RouteParentStatus.\n\n\nSupport: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames to match against the GRPC\nHost header to select a GRPCRoute to process the request. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label MUST appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and GRPCRoute, there\nMUST be at least one intersecting hostname for the GRPCRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `test.example.com` and `*.example.com` would both match. On the other\n hand, `example.com` and `test.example.net` would not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, any\nGRPCRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nGRPCRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` MUST NOT be considered for a match.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, and none\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\nthe implementation. The implementation MUST raise an 'Accepted' Condition\nwith a status of `False` in the corresponding RouteParentStatus.\n\n\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\nListener and that listener already has another Route (B) of the other\ntype attached and the intersection of the hostnames of A and B is\nnon-empty, then the implementation MUST accept exactly one of these two\nroutes, determined by the following criteria, in order:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nThe rejected Route MUST raise an 'Accepted' condition with a status of\n'False' in the corresponding RouteParentStatus.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of GRPC matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of GRPC matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent.\n\n\nSupport: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\nSupport: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + +## obj spec.rules + +"Rules are a list of GRPC matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nIf an implementation can not support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nIf an implementation can not support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\n\nSupport for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\n" + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nSupport: Implementation-specific\n\n\nThis filter can be used multiple times within the same rule." + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nIf an implementation can not support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\n" + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nSupport: Implementation-specific\n\n\nThis filter can be used multiple times within the same rule." + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the gRPC Header to be matched.\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of the gRPC Header to be matched." + +## obj spec.rules.matches.method + +"Method specifies a gRPC request service/method matcher. If this field is\nnot specified, all services and methods will match." + +### fn spec.rules.matches.method.withMethod + +```ts +withMethod(method) +``` + +"Value of the method to match against. If left empty or omitted, will\nmatch all services.\n\n\nAt least one of Service and Method MUST be a non-empty string." + +### fn spec.rules.matches.method.withService + +```ts +withService(service) +``` + +"Value of the service to match against. If left empty or omitted, will\nmatch any service.\n\n\nAt least one of Service and Method MUST be a non-empty string." + +### fn spec.rules.matches.method.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the service and/or method.\nSupport: Core (Exact with service and method specified)\n\n\nSupport: Implementation-specific (Exact with method specified but no service specified)\n\n\nSupport: Implementation-specific (RegularExpression)" + +## obj spec.rules.sessionPersistence + +"SessionPersistence defines and configures session persistence\nfor the route rule.\n\n\nSupport: Extended\n\n\n" + +### fn spec.rules.sessionPersistence.withAbsoluteTimeout + +```ts +withAbsoluteTimeout(absoluteTimeout) +``` + +"AbsoluteTimeout defines the absolute timeout of the persistent\nsession. Once the AbsoluteTimeout duration has elapsed, the\nsession becomes invalid.\n\n\nSupport: Extended" + +### fn spec.rules.sessionPersistence.withIdleTimeout + +```ts +withIdleTimeout(idleTimeout) +``` + +"IdleTimeout defines the idle timeout of the persistent session.\nOnce the session has been idle for more than the specified\nIdleTimeout duration, the session becomes invalid.\n\n\nSupport: Extended" + +### fn spec.rules.sessionPersistence.withSessionName + +```ts +withSessionName(sessionName) +``` + +"SessionName defines the name of the persistent session token\nwhich may be reflected in the cookie or the header. Users\nshould avoid reusing session names to prevent unintended\nconsequences, such as rejection or unpredictable behavior.\n\n\nSupport: Implementation-specific" + +### fn spec.rules.sessionPersistence.withType + +```ts +withType(type) +``` + +"Type defines the type of session persistence such as through\nthe use a header or cookie. Defaults to cookie based session\npersistence.\n\n\nSupport: Core for \"Cookie\" type\n\n\nSupport: Extended for \"Header\" type" + +## obj spec.rules.sessionPersistence.cookieConfig + +"CookieConfig provides configuration settings that are specific\nto cookie-based session persistence.\n\n\nSupport: Core" + +### fn spec.rules.sessionPersistence.cookieConfig.withLifetimeType + +```ts +withLifetimeType(lifetimeType) +``` + +"LifetimeType specifies whether the cookie has a permanent or\nsession-based lifetime. A permanent cookie persists until its\nspecified expiry time, defined by the Expires or Max-Age cookie\nattributes, while a session cookie is deleted when the current\nsession ends.\n\n\nWhen set to \"Permanent\", AbsoluteTimeout indicates the\ncookie's lifetime via the Expires or Max-Age cookie attributes\nand is required.\n\n\nWhen set to \"Session\", AbsoluteTimeout indicates the\nabsolute lifetime of the cookie tracked by the gateway and\nis optional.\n\n\nSupport: Core for \"Session\" type\n\n\nSupport: Extended for \"Permanent\" type" \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1alpha2/index.md b/docs/1.1-experimental/gateway/v1alpha2/index.md new file mode 100644 index 0000000..aeab5ad --- /dev/null +++ b/docs/1.1-experimental/gateway/v1alpha2/index.md @@ -0,0 +1,14 @@ +--- +permalink: /1.1-experimental/gateway/v1alpha2/ +--- + +# gateway.v1alpha2 + + + +* [backendLBPolicy](backendLBPolicy.md) +* [grpcRoute](grpcRoute.md) +* [referenceGrant](referenceGrant.md) +* [tcpRoute](tcpRoute.md) +* [tlsRoute](tlsRoute.md) +* [udpRoute](udpRoute.md) \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1alpha2/referenceGrant.md b/docs/1.1-experimental/gateway/v1alpha2/referenceGrant.md new file mode 100644 index 0000000..2e33344 --- /dev/null +++ b/docs/1.1-experimental/gateway/v1alpha2/referenceGrant.md @@ -0,0 +1,314 @@ +--- +permalink: /1.1-experimental/gateway/v1alpha2/referenceGrant/ +--- + +# gateway.v1alpha2.referenceGrant + +"ReferenceGrant identifies kinds of resources in other namespaces that are\ntrusted to reference the specified kinds of resources in the same namespace\nas the policy.\n\n\nEach ReferenceGrant can be used to represent a unique trust relationship.\nAdditional Reference Grants can be used to add to the set of trusted\nsources of inbound references for the namespace they are defined within.\n\n\nA ReferenceGrant is required for all cross-namespace references in Gateway API\n(with the exception of cross-namespace Route-Gateway attachment, which is\ngoverned by the AllowedRoutes configuration on the Gateway, and cross-namespace\nService ParentRefs on a \"consumer\" mesh Route, which defines routing rules\napplicable only to workloads in the Route namespace). ReferenceGrants allowing\na reference from a Route to a Service are only applicable to BackendRefs.\n\n\nReferenceGrant is a form of runtime verification allowing users to assert\nwhich cross-namespace object references are permitted. Implementations that\nsupport ReferenceGrant MUST NOT permit cross-namespace references which have\nno grant, and MUST respond to the removal of a grant by revoking the access\nthat the grant allowed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withFrom(from)`](#fn-specwithfrom) + * [`fn withFromMixin(from)`](#fn-specwithfrommixin) + * [`fn withTo(to)`](#fn-specwithto) + * [`fn withToMixin(to)`](#fn-specwithtomixin) + * [`obj spec.from`](#obj-specfrom) + * [`fn withGroup(group)`](#fn-specfromwithgroup) + * [`fn withKind(kind)`](#fn-specfromwithkind) + * [`fn withNamespace(namespace)`](#fn-specfromwithnamespace) + * [`obj spec.to`](#obj-specto) + * [`fn withGroup(group)`](#fn-spectowithgroup) + * [`fn withKind(kind)`](#fn-spectowithkind) + * [`fn withName(name)`](#fn-spectowithname) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of ReferenceGrant + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of ReferenceGrant." + +### fn spec.withFrom + +```ts +withFrom(from) +``` + +"From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.withFromMixin + +```ts +withFromMixin(from) +``` + +"From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withTo + +```ts +withTo(to) +``` + +"To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.withToMixin + +```ts +withToMixin(to) +``` + +"To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.from + +"From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.from.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen empty, the Kubernetes core API group is inferred.\n\n\nSupport: Core" + +### fn spec.from.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support\nadditional resources, the following types are part of the \"Core\"\nsupport level for this field.\n\n\nWhen used to permit a SecretObjectReference:\n\n\n* Gateway\n\n\nWhen used to permit a BackendObjectReference:\n\n\n* GRPCRoute\n* HTTPRoute\n* TCPRoute\n* TLSRoute\n* UDPRoute" + +### fn spec.from.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent.\n\n\nSupport: Core" + +## obj spec.to + +"To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.to.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen empty, the Kubernetes core API group is inferred.\n\n\nSupport: Core" + +### fn spec.to.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support\nadditional resources, the following types are part of the \"Core\"\nsupport level for this field:\n\n\n* Secret when used to permit a SecretObjectReference\n* Service when used to permit a BackendObjectReference" + +### fn spec.to.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. When unspecified, this policy\nrefers to all resources of the specified Group and Kind in the local\nnamespace." \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1alpha2/tcpRoute.md b/docs/1.1-experimental/gateway/v1alpha2/tcpRoute.md new file mode 100644 index 0000000..39c2e6e --- /dev/null +++ b/docs/1.1-experimental/gateway/v1alpha2/tcpRoute.md @@ -0,0 +1,393 @@ +--- +permalink: /1.1-experimental/gateway/v1alpha2/tcpRoute/ +--- + +# gateway.v1alpha2.tcpRoute + +"TCPRoute provides a way to route TCP requests. When combined with a Gateway\nlistener, it can be used to forward connections on the port specified by the\nlistener to a set of backends specified by the TCPRoute." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of TCPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of TCPRoute." + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of TCP matchers and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of TCP matchers and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent.\n\n\nSupport: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\nSupport: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + +## obj spec.rules + +"Rules are a list of TCP matchers and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent. If unspecified or invalid (refers to a non-existent resource or a\nService with no endpoints), the underlying implementation MUST actively\nreject connection attempts to this backend. Connection rejections must\nrespect weight; if an invalid backend is requested to have 80% of\nconnections, then 80% of connections must be rejected instead.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Extended" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent. If unspecified or invalid (refers to a non-existent resource or a\nService with no endpoints), the underlying implementation MUST actively\nreject connection attempts to this backend. Connection rejections must\nrespect weight; if an invalid backend is requested to have 80% of\nconnections, then 80% of connections must be rejected instead.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be\nsent. If unspecified or invalid (refers to a non-existent resource or a\nService with no endpoints), the underlying implementation MUST actively\nreject connection attempts to this backend. Connection rejections must\nrespect weight; if an invalid backend is requested to have 80% of\nconnections, then 80% of connections must be rejected instead.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Extended" + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\n\nSupport for this field varies based on the context where used." \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1alpha2/tlsRoute.md b/docs/1.1-experimental/gateway/v1alpha2/tlsRoute.md new file mode 100644 index 0000000..1207a99 --- /dev/null +++ b/docs/1.1-experimental/gateway/v1alpha2/tlsRoute.md @@ -0,0 +1,413 @@ +--- +permalink: /1.1-experimental/gateway/v1alpha2/tlsRoute/ +--- + +# gateway.v1alpha2.tlsRoute + +"The TLSRoute resource is similar to TCPRoute, but can be configured\nto match against TLS-specific metadata. This allows more flexibility\nin matching streams for a given TLS listener.\n\n\nIf you need to forward traffic to a single target for a TLS listener, you\ncould choose to use a TCPRoute with a TLS listener." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of TLSRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of TLSRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of SNI names that should match against the\nSNI attribute of TLS ClientHello message in TLS handshake. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n1. IPs are not allowed in SNI names per RFC 6066.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and TLSRoute, there\nmust be at least one intersecting hostname for the TLSRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches TLSRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches TLSRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `test.example.com` and `*.example.com` would both match. On the other\n hand, `example.com` and `test.example.net` would not match.\n\n\nIf both the Listener and TLSRoute have specified hostnames, any\nTLSRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nTLSRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` must not be considered for a match.\n\n\nIf both the Listener and TLSRoute have specified hostnames, and none\nmatch with the criteria above, then the TLSRoute is not accepted. The\nimplementation must raise an 'Accepted' Condition with a status of\n`False` in the corresponding RouteParentStatus.\n\n\nSupport: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of SNI names that should match against the\nSNI attribute of TLS ClientHello message in TLS handshake. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n1. IPs are not allowed in SNI names per RFC 6066.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and TLSRoute, there\nmust be at least one intersecting hostname for the TLSRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches TLSRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches TLSRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `test.example.com` and `*.example.com` would both match. On the other\n hand, `example.com` and `test.example.net` would not match.\n\n\nIf both the Listener and TLSRoute have specified hostnames, any\nTLSRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nTLSRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` must not be considered for a match.\n\n\nIf both the Listener and TLSRoute have specified hostnames, and none\nmatch with the criteria above, then the TLSRoute is not accepted. The\nimplementation must raise an 'Accepted' Condition with a status of\n`False` in the corresponding RouteParentStatus.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of TLS matchers and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of TLS matchers and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent.\n\n\nSupport: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\nSupport: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + +## obj spec.rules + +"Rules are a list of TLS matchers and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent. If unspecified or invalid (refers to a non-existent resource or\na Service with no endpoints), the rule performs no forwarding; if no\nfilters are specified that would result in a response being sent, the\nunderlying implementation must actively reject request attempts to this\nbackend, by rejecting the connection or returning a 500 status code.\nRequest rejections must respect weight; if an invalid backend is\nrequested to have 80% of requests, then 80% of requests must be rejected\ninstead.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Extended" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent. If unspecified or invalid (refers to a non-existent resource or\na Service with no endpoints), the rule performs no forwarding; if no\nfilters are specified that would result in a response being sent, the\nunderlying implementation must actively reject request attempts to this\nbackend, by rejecting the connection or returning a 500 status code.\nRequest rejections must respect weight; if an invalid backend is\nrequested to have 80% of requests, then 80% of requests must be rejected\ninstead.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be\nsent. If unspecified or invalid (refers to a non-existent resource or\na Service with no endpoints), the rule performs no forwarding; if no\nfilters are specified that would result in a response being sent, the\nunderlying implementation must actively reject request attempts to this\nbackend, by rejecting the connection or returning a 500 status code.\nRequest rejections must respect weight; if an invalid backend is\nrequested to have 80% of requests, then 80% of requests must be rejected\ninstead.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Extended" + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\n\nSupport for this field varies based on the context where used." \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1alpha2/udpRoute.md b/docs/1.1-experimental/gateway/v1alpha2/udpRoute.md new file mode 100644 index 0000000..54056f2 --- /dev/null +++ b/docs/1.1-experimental/gateway/v1alpha2/udpRoute.md @@ -0,0 +1,393 @@ +--- +permalink: /1.1-experimental/gateway/v1alpha2/udpRoute/ +--- + +# gateway.v1alpha2.udpRoute + +"UDPRoute provides a way to route UDP traffic. When combined with a Gateway\nlistener, it can be used to forward traffic on the port specified by the\nlistener to a set of backends specified by the UDPRoute." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of UDPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of UDPRoute." + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of UDP matchers and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of UDP matchers and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent.\n\n\nSupport: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\nSupport: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + +## obj spec.rules + +"Rules are a list of UDP matchers and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent. If unspecified or invalid (refers to a non-existent resource or a\nService with no endpoints), the underlying implementation MUST actively\nreject connection attempts to this backend. Packet drops must\nrespect weight; if an invalid backend is requested to have 80% of\nthe packets, then 80% of packets must be dropped instead.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Extended" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent. If unspecified or invalid (refers to a non-existent resource or a\nService with no endpoints), the underlying implementation MUST actively\nreject connection attempts to this backend. Packet drops must\nrespect weight; if an invalid backend is requested to have 80% of\nthe packets, then 80% of packets must be dropped instead.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be\nsent. If unspecified or invalid (refers to a non-existent resource or a\nService with no endpoints), the underlying implementation MUST actively\nreject connection attempts to this backend. Packet drops must\nrespect weight; if an invalid backend is requested to have 80% of\nthe packets, then 80% of packets must be dropped instead.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Extended" + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\n\nSupport for this field varies based on the context where used." \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1alpha3/backendTLSPolicy.md b/docs/1.1-experimental/gateway/v1alpha3/backendTLSPolicy.md new file mode 100644 index 0000000..d773db5 --- /dev/null +++ b/docs/1.1-experimental/gateway/v1alpha3/backendTLSPolicy.md @@ -0,0 +1,346 @@ +--- +permalink: /1.1-experimental/gateway/v1alpha3/backendTLSPolicy/ +--- + +# gateway.v1alpha3.backendTLSPolicy + +"BackendTLSPolicy provides a way to configure how a Gateway\nconnects to a Backend via TLS." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withTargetRefs(targetRefs)`](#fn-specwithtargetrefs) + * [`fn withTargetRefsMixin(targetRefs)`](#fn-specwithtargetrefsmixin) + * [`obj spec.targetRefs`](#obj-spectargetrefs) + * [`fn withGroup(group)`](#fn-spectargetrefswithgroup) + * [`fn withKind(kind)`](#fn-spectargetrefswithkind) + * [`fn withName(name)`](#fn-spectargetrefswithname) + * [`fn withSectionName(sectionName)`](#fn-spectargetrefswithsectionname) + * [`obj spec.validation`](#obj-specvalidation) + * [`fn withCaCertificateRefs(caCertificateRefs)`](#fn-specvalidationwithcacertificaterefs) + * [`fn withCaCertificateRefsMixin(caCertificateRefs)`](#fn-specvalidationwithcacertificaterefsmixin) + * [`fn withHostname(hostname)`](#fn-specvalidationwithhostname) + * [`fn withWellKnownCACertificates(wellKnownCACertificates)`](#fn-specvalidationwithwellknowncacertificates) + * [`obj spec.validation.caCertificateRefs`](#obj-specvalidationcacertificaterefs) + * [`fn withGroup(group)`](#fn-specvalidationcacertificaterefswithgroup) + * [`fn withKind(kind)`](#fn-specvalidationcacertificaterefswithkind) + * [`fn withName(name)`](#fn-specvalidationcacertificaterefswithname) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of BackendTLSPolicy + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of BackendTLSPolicy." + +### fn spec.withTargetRefs + +```ts +withTargetRefs(targetRefs) +``` + +"TargetRefs identifies an API object to apply the policy to.\nOnly Services have Extended support. Implementations MAY support\nadditional objects, with Implementation Specific support.\nNote that this config applies to the entire referenced resource\nby default, but this default may change in the future to provide\na more granular application of the policy.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.withTargetRefsMixin + +```ts +withTargetRefsMixin(targetRefs) +``` + +"TargetRefs identifies an API object to apply the policy to.\nOnly Services have Extended support. Implementations MAY support\nadditional objects, with Implementation Specific support.\nNote that this config applies to the entire referenced resource\nby default, but this default may change in the future to provide\na more granular application of the policy.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +**Note:** This function appends passed data to existing values + +## obj spec.targetRefs + +"TargetRefs identifies an API object to apply the policy to.\nOnly Services have Extended support. Implementations MAY support\nadditional objects, with Implementation Specific support.\nNote that this config applies to the entire referenced resource\nby default, but this default may change in the future to provide\na more granular application of the policy.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.targetRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the target resource." + +### fn spec.targetRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the target resource." + +### fn spec.targetRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the target resource." + +### fn spec.targetRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. When\nunspecified, this targetRef targets the entire resource. In the following\nresources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name\n* HTTPRoute: HTTPRouteRule name\n* Service: Port name\n\n\nIf a SectionName is specified, but does not exist on the targeted object,\nthe Policy must fail to attach, and the policy implementation should record\na `ResolvedRefs` or similar Condition in the Policy's status." + +## obj spec.validation + +"Validation contains backend TLS validation configuration." + +### fn spec.validation.withCaCertificateRefs + +```ts +withCaCertificateRefs(caCertificateRefs) +``` + +"CACertificateRefs contains one or more references to Kubernetes objects that\ncontain a PEM-encoded TLS CA certificate bundle, which is used to\nvalidate a TLS handshake between the Gateway and backend Pod.\n\n\nIf CACertificateRefs is empty or unspecified, then WellKnownCACertificates must be\nspecified. Only one of CACertificateRefs or WellKnownCACertificates may be specified,\nnot both. If CACertifcateRefs is empty or unspecified, the configuration for\nWellKnownCACertificates MUST be honored instead if supported by the implementation.\n\n\nReferences to a resource in a different namespace are invalid for the\nmoment, although we will revisit this in the future.\n\n\nA single CACertificateRef to a Kubernetes ConfigMap kind has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na backend, but this behavior is implementation-specific.\n\n\nSupport: Core - An optional single reference to a Kubernetes ConfigMap,\nwith the CA certificate in a key named `ca.crt`.\n\n\nSupport: Implementation-specific (More than one reference, or other kinds\nof resources)." + +### fn spec.validation.withCaCertificateRefsMixin + +```ts +withCaCertificateRefsMixin(caCertificateRefs) +``` + +"CACertificateRefs contains one or more references to Kubernetes objects that\ncontain a PEM-encoded TLS CA certificate bundle, which is used to\nvalidate a TLS handshake between the Gateway and backend Pod.\n\n\nIf CACertificateRefs is empty or unspecified, then WellKnownCACertificates must be\nspecified. Only one of CACertificateRefs or WellKnownCACertificates may be specified,\nnot both. If CACertifcateRefs is empty or unspecified, the configuration for\nWellKnownCACertificates MUST be honored instead if supported by the implementation.\n\n\nReferences to a resource in a different namespace are invalid for the\nmoment, although we will revisit this in the future.\n\n\nA single CACertificateRef to a Kubernetes ConfigMap kind has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na backend, but this behavior is implementation-specific.\n\n\nSupport: Core - An optional single reference to a Kubernetes ConfigMap,\nwith the CA certificate in a key named `ca.crt`.\n\n\nSupport: Implementation-specific (More than one reference, or other kinds\nof resources)." + +**Note:** This function appends passed data to existing values + +### fn spec.validation.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is used for two purposes in the connection between Gateways and\nbackends:\n\n\n1. Hostname MUST be used as the SNI to connect to the backend (RFC 6066).\n2. Hostname MUST be used for authentication and MUST match the certificate\n served by the matching backend.\n\n\nSupport: Core" + +### fn spec.validation.withWellKnownCACertificates + +```ts +withWellKnownCACertificates(wellKnownCACertificates) +``` + +"WellKnownCACertificates specifies whether system CA certificates may be used in\nthe TLS handshake between the gateway and backend pod.\n\n\nIf WellKnownCACertificates is unspecified or empty (\"\"), then CACertificateRefs\nmust be specified with at least one entry for a valid configuration. Only one of\nCACertificateRefs or WellKnownCACertificates may be specified, not both. If an\nimplementation does not support the WellKnownCACertificates field or the value\nsupplied is not supported, the Status Conditions on the Policy MUST be\nupdated to include an Accepted: False Condition with Reason: Invalid.\n\n\nSupport: Implementation-specific" + +## obj spec.validation.caCertificateRefs + +"CACertificateRefs contains one or more references to Kubernetes objects that\ncontain a PEM-encoded TLS CA certificate bundle, which is used to\nvalidate a TLS handshake between the Gateway and backend Pod.\n\n\nIf CACertificateRefs is empty or unspecified, then WellKnownCACertificates must be\nspecified. Only one of CACertificateRefs or WellKnownCACertificates may be specified,\nnot both. If CACertifcateRefs is empty or unspecified, the configuration for\nWellKnownCACertificates MUST be honored instead if supported by the implementation.\n\n\nReferences to a resource in a different namespace are invalid for the\nmoment, although we will revisit this in the future.\n\n\nA single CACertificateRef to a Kubernetes ConfigMap kind has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na backend, but this behavior is implementation-specific.\n\n\nSupport: Core - An optional single reference to a Kubernetes ConfigMap,\nwith the CA certificate in a key named `ca.crt`.\n\n\nSupport: Implementation-specific (More than one reference, or other kinds\nof resources)." + +### fn spec.validation.caCertificateRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.validation.caCertificateRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.validation.caCertificateRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1alpha3/index.md b/docs/1.1-experimental/gateway/v1alpha3/index.md new file mode 100644 index 0000000..6f21186 --- /dev/null +++ b/docs/1.1-experimental/gateway/v1alpha3/index.md @@ -0,0 +1,9 @@ +--- +permalink: /1.1-experimental/gateway/v1alpha3/ +--- + +# gateway.v1alpha3 + + + +* [backendTLSPolicy](backendTLSPolicy.md) \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1beta1/gateway.md b/docs/1.1-experimental/gateway/v1beta1/gateway.md new file mode 100644 index 0000000..1430420 --- /dev/null +++ b/docs/1.1-experimental/gateway/v1beta1/gateway.md @@ -0,0 +1,711 @@ +--- +permalink: /1.1-experimental/gateway/v1beta1/gateway/ +--- + +# gateway.v1beta1.gateway + +"Gateway represents an instance of a service-traffic handling infrastructure\nby binding Listeners to a set of IP addresses." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withAddresses(addresses)`](#fn-specwithaddresses) + * [`fn withAddressesMixin(addresses)`](#fn-specwithaddressesmixin) + * [`fn withGatewayClassName(gatewayClassName)`](#fn-specwithgatewayclassname) + * [`fn withListeners(listeners)`](#fn-specwithlisteners) + * [`fn withListenersMixin(listeners)`](#fn-specwithlistenersmixin) + * [`obj spec.addresses`](#obj-specaddresses) + * [`fn withType(type)`](#fn-specaddresseswithtype) + * [`fn withValue(value)`](#fn-specaddresseswithvalue) + * [`obj spec.infrastructure`](#obj-specinfrastructure) + * [`fn withAnnotations(annotations)`](#fn-specinfrastructurewithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-specinfrastructurewithannotationsmixin) + * [`fn withLabels(labels)`](#fn-specinfrastructurewithlabels) + * [`fn withLabelsMixin(labels)`](#fn-specinfrastructurewithlabelsmixin) + * [`obj spec.infrastructure.parametersRef`](#obj-specinfrastructureparametersref) + * [`fn withGroup(group)`](#fn-specinfrastructureparametersrefwithgroup) + * [`fn withKind(kind)`](#fn-specinfrastructureparametersrefwithkind) + * [`fn withName(name)`](#fn-specinfrastructureparametersrefwithname) + * [`obj spec.listeners`](#obj-speclisteners) + * [`fn withHostname(hostname)`](#fn-speclistenerswithhostname) + * [`fn withName(name)`](#fn-speclistenerswithname) + * [`fn withPort(port)`](#fn-speclistenerswithport) + * [`fn withProtocol(protocol)`](#fn-speclistenerswithprotocol) + * [`obj spec.listeners.allowedRoutes`](#obj-speclistenersallowedroutes) + * [`fn withKinds(kinds)`](#fn-speclistenersallowedrouteswithkinds) + * [`fn withKindsMixin(kinds)`](#fn-speclistenersallowedrouteswithkindsmixin) + * [`obj spec.listeners.allowedRoutes.kinds`](#obj-speclistenersallowedrouteskinds) + * [`fn withGroup(group)`](#fn-speclistenersallowedrouteskindswithgroup) + * [`fn withKind(kind)`](#fn-speclistenersallowedrouteskindswithkind) + * [`obj spec.listeners.allowedRoutes.namespaces`](#obj-speclistenersallowedroutesnamespaces) + * [`fn withFrom(from)`](#fn-speclistenersallowedroutesnamespaceswithfrom) + * [`obj spec.listeners.allowedRoutes.namespaces.selector`](#obj-speclistenersallowedroutesnamespacesselector) + * [`fn withMatchExpressions(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressions) + * [`fn withMatchExpressionsMixin(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressionsmixin) + * [`fn withMatchLabels(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabels) + * [`fn withMatchLabelsMixin(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabelsmixin) + * [`obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions`](#obj-speclistenersallowedroutesnamespacesselectormatchexpressions) + * [`fn withKey(key)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithkey) + * [`fn withOperator(operator)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithoperator) + * [`fn withValues(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvalues) + * [`fn withValuesMixin(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvaluesmixin) + * [`obj spec.listeners.tls`](#obj-speclistenerstls) + * [`fn withCertificateRefs(certificateRefs)`](#fn-speclistenerstlswithcertificaterefs) + * [`fn withCertificateRefsMixin(certificateRefs)`](#fn-speclistenerstlswithcertificaterefsmixin) + * [`fn withMode(mode)`](#fn-speclistenerstlswithmode) + * [`fn withOptions(options)`](#fn-speclistenerstlswithoptions) + * [`fn withOptionsMixin(options)`](#fn-speclistenerstlswithoptionsmixin) + * [`obj spec.listeners.tls.certificateRefs`](#obj-speclistenerstlscertificaterefs) + * [`fn withGroup(group)`](#fn-speclistenerstlscertificaterefswithgroup) + * [`fn withKind(kind)`](#fn-speclistenerstlscertificaterefswithkind) + * [`fn withName(name)`](#fn-speclistenerstlscertificaterefswithname) + * [`fn withNamespace(namespace)`](#fn-speclistenerstlscertificaterefswithnamespace) + * [`obj spec.listeners.tls.frontendValidation`](#obj-speclistenerstlsfrontendvalidation) + * [`fn withCaCertificateRefs(caCertificateRefs)`](#fn-speclistenerstlsfrontendvalidationwithcacertificaterefs) + * [`fn withCaCertificateRefsMixin(caCertificateRefs)`](#fn-speclistenerstlsfrontendvalidationwithcacertificaterefsmixin) + * [`obj spec.listeners.tls.frontendValidation.caCertificateRefs`](#obj-speclistenerstlsfrontendvalidationcacertificaterefs) + * [`fn withGroup(group)`](#fn-speclistenerstlsfrontendvalidationcacertificaterefswithgroup) + * [`fn withKind(kind)`](#fn-speclistenerstlsfrontendvalidationcacertificaterefswithkind) + * [`fn withName(name)`](#fn-speclistenerstlsfrontendvalidationcacertificaterefswithname) + * [`fn withNamespace(namespace)`](#fn-speclistenerstlsfrontendvalidationcacertificaterefswithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of Gateway + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of Gateway." + +### fn spec.withAddresses + +```ts +withAddresses(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\n\nSupport: Extended\n\n\n" + +### fn spec.withAddressesMixin + +```ts +withAddressesMixin(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\n\nSupport: Extended\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withGatewayClassName + +```ts +withGatewayClassName(gatewayClassName) +``` + +"GatewayClassName used for this Gateway. This is the name of a\nGatewayClass resource." + +### fn spec.withListeners + +```ts +withListeners(listeners) +``` + +"Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on their\ntargeted conformance profile:\n\n\nHTTP Profile\n\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\n\nTLS Profile\n\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\n\"Distinct\" Listeners have the following property:\n\n\nThe implementation can match inbound requests to a single distinct\nListener. When multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\n\nFor example, the following Listener scenarios are distinct:\n\n\n1. Multiple Listeners with the same Port that all use the \"HTTP\"\n Protocol that all have unique Hostname values.\n2. Multiple Listeners with the same Port that use either the \"HTTPS\" or\n \"TLS\" Protocol that all have unique Hostname values.\n3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener\n with the same Protocol has the same Port value.\n\n\nSome fields in the Listener struct have possible values that affect\nwhether the Listener is distinct. Hostname is particularly relevant\nfor HTTP or HTTPS protocols.\n\n\nWhen using the Hostname value to select between same-Port, same-Protocol\nListeners, the Hostname value must be different on each Listener for the\nListener to be distinct.\n\n\nWhen the Listeners are distinct based on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\n\nExact matches must be processed before wildcard matches, and wildcard\nmatches must be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are Conflicted, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners. To put this another way, implementations may\naccept a partial Listener set only if they throw out *all* the conflicting\nListeners. No picking one of the conflicting listeners as the winner.\nThis also means that the Gateway must have at least one non-conflicting\nListener in this case, otherwise it violates the requirement that at\nleast one Listener must be present.\n\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n\nA Gateway's Listeners are considered \"compatible\" if:\n\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\n\nNote that requests SHOULD match at most one Listener. For example, if\nListeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\nThis concept is known as \"Listener Isolation\". Implementations that do\nnot support Listener Isolation MUST clearly document this.\n\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\n\nSupport: Core" + +### fn spec.withListenersMixin + +```ts +withListenersMixin(listeners) +``` + +"Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on their\ntargeted conformance profile:\n\n\nHTTP Profile\n\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\n\nTLS Profile\n\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\n\"Distinct\" Listeners have the following property:\n\n\nThe implementation can match inbound requests to a single distinct\nListener. When multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\n\nFor example, the following Listener scenarios are distinct:\n\n\n1. Multiple Listeners with the same Port that all use the \"HTTP\"\n Protocol that all have unique Hostname values.\n2. Multiple Listeners with the same Port that use either the \"HTTPS\" or\n \"TLS\" Protocol that all have unique Hostname values.\n3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener\n with the same Protocol has the same Port value.\n\n\nSome fields in the Listener struct have possible values that affect\nwhether the Listener is distinct. Hostname is particularly relevant\nfor HTTP or HTTPS protocols.\n\n\nWhen using the Hostname value to select between same-Port, same-Protocol\nListeners, the Hostname value must be different on each Listener for the\nListener to be distinct.\n\n\nWhen the Listeners are distinct based on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\n\nExact matches must be processed before wildcard matches, and wildcard\nmatches must be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are Conflicted, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners. To put this another way, implementations may\naccept a partial Listener set only if they throw out *all* the conflicting\nListeners. No picking one of the conflicting listeners as the winner.\nThis also means that the Gateway must have at least one non-conflicting\nListener in this case, otherwise it violates the requirement that at\nleast one Listener must be present.\n\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n\nA Gateway's Listeners are considered \"compatible\" if:\n\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\n\nNote that requests SHOULD match at most one Listener. For example, if\nListeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\nThis concept is known as \"Listener Isolation\". Implementations that do\nnot support Listener Isolation MUST clearly document this.\n\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.addresses + +"Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\n\nSupport: Extended\n\n\n" + +### fn spec.addresses.withType + +```ts +withType(type) +``` + +"Type of the address." + +### fn spec.addresses.withValue + +```ts +withValue(value) +``` + +"Value of the address. The validity of the values will depend\non the type and support by the controller.\n\n\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`." + +## obj spec.infrastructure + +"Infrastructure defines infrastructure level attributes about this Gateway instance.\n\n\nSupport: Core\n\n\n" + +### fn spec.infrastructure.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"annotations\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific annotations as they see fit.\n\n\nSupport: Extended" + +### fn spec.infrastructure.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"annotations\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific annotations as they see fit.\n\n\nSupport: Extended" + +**Note:** This function appends passed data to existing values + +### fn spec.infrastructure.withLabels + +```ts +withLabels(labels) +``` + +"Labels that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"labels\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific labels as they see fit.\n\n\nSupport: Extended" + +### fn spec.infrastructure.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Labels that SHOULD be applied to any resources created in response to this Gateway.\n\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"labels\" concepts.\n\n\nAn implementation may chose to add additional implementation-specific labels as they see fit.\n\n\nSupport: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.infrastructure.parametersRef + +"ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the Gateway. This is optional if the\ncontroller does not require any additional configuration.\n\n\nThis follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis\n\n\nThe Gateway's GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\n\nSupport: Implementation-specific" + +### fn spec.infrastructure.parametersRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent." + +### fn spec.infrastructure.parametersRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent." + +### fn spec.infrastructure.parametersRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.listeners + +"Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on their\ntargeted conformance profile:\n\n\nHTTP Profile\n\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\n\nTLS Profile\n\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\n\"Distinct\" Listeners have the following property:\n\n\nThe implementation can match inbound requests to a single distinct\nListener. When multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\n\nFor example, the following Listener scenarios are distinct:\n\n\n1. Multiple Listeners with the same Port that all use the \"HTTP\"\n Protocol that all have unique Hostname values.\n2. Multiple Listeners with the same Port that use either the \"HTTPS\" or\n \"TLS\" Protocol that all have unique Hostname values.\n3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener\n with the same Protocol has the same Port value.\n\n\nSome fields in the Listener struct have possible values that affect\nwhether the Listener is distinct. Hostname is particularly relevant\nfor HTTP or HTTPS protocols.\n\n\nWhen using the Hostname value to select between same-Port, same-Protocol\nListeners, the Hostname value must be different on each Listener for the\nListener to be distinct.\n\n\nWhen the Listeners are distinct based on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\n\nExact matches must be processed before wildcard matches, and wildcard\nmatches must be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are Conflicted, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners. To put this another way, implementations may\naccept a partial Listener set only if they throw out *all* the conflicting\nListeners. No picking one of the conflicting listeners as the winner.\nThis also means that the Gateway must have at least one non-conflicting\nListener in this case, otherwise it violates the requirement that at\nleast one Listener must be present.\n\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n\nA Gateway's Listeners are considered \"compatible\" if:\n\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\n\nNote that requests SHOULD match at most one Listener. For example, if\nListeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\nThis concept is known as \"Listener Isolation\". Implementations that do\nnot support Listener Isolation MUST clearly document this.\n\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\n\nSupport: Core" + +### fn spec.listeners.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname specifies the virtual hostname to match for protocol types that\ndefine this concept. When unspecified, all hostnames are matched. This\nfield is ignored for protocols that don't require hostname based\nmatching.\n\n\nImplementations MUST apply Hostname matching appropriately for each of\nthe following protocols:\n\n\n* TLS: The Listener Hostname MUST match the SNI.\n* HTTP: The Listener Hostname MUST match the Host header of the request.\n* HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP\n protocol layers as described above. If an implementation does not\n ensure that both the SNI and Host header match the Listener hostname,\n it MUST clearly document that.\n\n\nFor HTTPRoute and TLSRoute resources, there is an interaction with the\n`spec.hostnames` array. When both listener and route specify hostnames,\nthere MUST be an intersection between the values for a Route to be\naccepted. For more information, refer to the Route specific Hostnames\ndocumentation.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nSupport: Core" + +### fn spec.listeners.withName + +```ts +withName(name) +``` + +"Name is the name of the Listener. This name MUST be unique within a\nGateway.\n\n\nSupport: Core" + +### fn spec.listeners.withPort + +```ts +withPort(port) +``` + +"Port is the network port. Multiple listeners may use the\nsame port, subject to the Listener compatibility rules.\n\n\nSupport: Core" + +### fn spec.listeners.withProtocol + +```ts +withProtocol(protocol) +``` + +"Protocol specifies the network protocol this listener expects to receive.\n\n\nSupport: Core" + +## obj spec.listeners.allowedRoutes + +"AllowedRoutes defines the types of routes that MAY be attached to a\nListener and the trusted namespaces where those Route resources MAY be\npresent.\n\n\nAlthough a client request may match multiple route rules, only one rule\nmay ultimately receive the request. Matching precedence MUST be\ndetermined in order of the following criteria:\n\n\n* The most specific match as defined by the Route type.\n* The oldest Route based on creation timestamp. For example, a Route with\n a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over\n a Route with a creation timestamp of \"2020-09-08 01:02:04\".\n* If everything else is equivalent, the Route appearing first in\n alphabetical order (namespace/name) should be given precedence. For\n example, foo/bar is given precedence over foo/baz.\n\n\nAll valid rules within a Route attached to this Listener should be\nimplemented. Invalid Route rules can be ignored (sometimes that will mean\nthe full Route). If a Route rule transitions from valid to invalid,\nsupport for that Route rule should be dropped to ensure consistency. For\nexample, even if a filter specified by a Route rule is invalid, the rest\nof the rules within that Route should still be supported.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.withKinds + +```ts +withKinds(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.withKindsMixin + +```ts +withKindsMixin(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.kinds + +"Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.kinds.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the Route." + +### fn spec.listeners.allowedRoutes.kinds.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the Route." + +## obj spec.listeners.allowedRoutes.namespaces + +"Namespaces indicates namespaces from which Routes may be attached to this\nListener. This is restricted to the namespace of this Gateway by default.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.namespaces.withFrom + +```ts +withFrom(from) +``` + +"From indicates where Routes will be selected for this Gateway. Possible\nvalues are:\n\n\n* All: Routes in all namespaces may be used by this Gateway.\n* Selector: Routes in namespaces selected by the selector may be used by\n this Gateway.\n* Same: Only Routes in the same namespace may be used by this Gateway.\n\n\nSupport: Core" + +## obj spec.listeners.allowedRoutes.namespaces.selector + +"Selector must be specified when From is set to \"Selector\". In that case,\nonly Routes in Namespaces matching this Selector will be selected by this\nGateway. This field is ignored for other values of \"From\".\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressions + +```ts +withMatchExpressions(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressionsMixin + +```ts +withMatchExpressionsMixin(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabels + +```ts +withMatchLabels(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabelsMixin + +```ts +withMatchLabelsMixin(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withKey + +```ts +withKey(key) +``` + +"key is the label key that the selector applies to." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withOperator + +```ts +withOperator(operator) +``` + +"operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValues + +```ts +withValues(values) +``` + +"values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValuesMixin + +```ts +withValuesMixin(values) +``` + +"values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls + +"TLS is the TLS configuration for the Listener. This field is required if\nthe Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field\nif the Protocol field is \"HTTP\", \"TCP\", or \"UDP\".\n\n\nThe association of SNIs to Certificate defined in GatewayTLSConfig is\ndefined based on the Hostname field for this listener.\n\n\nThe GatewayClass MUST use the longest matching SNI out of all\navailable certificates for any TLS handshake.\n\n\nSupport: Core" + +### fn spec.listeners.tls.withCertificateRefs + +```ts +withCertificateRefs(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\n\nSupport: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.withCertificateRefsMixin + +```ts +withCertificateRefsMixin(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\n\nSupport: Implementation-specific (More than one reference or other resource types)" + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.tls.withMode + +```ts +withMode(mode) +``` + +"Mode defines the TLS behavior for the TLS session initiated by the client.\nThere are two possible modes:\n\n\n- Terminate: The TLS session between the downstream client and the\n Gateway is terminated at the Gateway. This mode requires certificates\n to be specified in some way, such as populating the certificateRefs\n field.\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\n implies that the Gateway can't decipher the TLS stream except for\n the ClientHello message of the TLS protocol. The certificateRefs field\n is ignored in this mode.\n\n\nSupport: Core" + +### fn spec.listeners.tls.withOptions + +```ts +withOptions(options) +``` + +"Options are a list of key/value pairs to enable extended TLS\nconfiguration for each implementation. For example, configuring the\nminimum TLS version or supported cipher suites.\n\n\nA set of common keys MAY be defined by the API in the future. To avoid\nany ambiguity, implementation-specific definitions MUST use\ndomain-prefixed names, such as `example.com/my-custom-option`.\nUn-prefixed names are reserved for key names defined by Gateway API.\n\n\nSupport: Implementation-specific" + +### fn spec.listeners.tls.withOptionsMixin + +```ts +withOptionsMixin(options) +``` + +"Options are a list of key/value pairs to enable extended TLS\nconfiguration for each implementation. For example, configuring the\nminimum TLS version or supported cipher suites.\n\n\nA set of common keys MAY be defined by the API in the future. To avoid\nany ambiguity, implementation-specific definitions MUST use\ndomain-prefixed names, such as `example.com/my-custom-option`.\nUn-prefixed names are reserved for key names defined by Gateway API.\n\n\nSupport: Implementation-specific" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls.certificateRefs + +"CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\n\nSupport: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.certificateRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.listeners.tls.certificateRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"Secret\"." + +### fn spec.listeners.tls.certificateRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.listeners.tls.certificateRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +## obj spec.listeners.tls.frontendValidation + +"FrontendValidation holds configuration information for validating the frontend (client).\nSetting this field will require clients to send a client certificate\nrequired for validation during the TLS handshake. In browsers this may result in a dialog appearing\nthat requests a user to specify the client certificate.\nThe maximum depth of a certificate chain accepted in verification is Implementation specific.\n\n\nSupport: Extended\n\n\n" + +### fn spec.listeners.tls.frontendValidation.withCaCertificateRefs + +```ts +withCaCertificateRefs(caCertificateRefs) +``` + +"CACertificateRefs contains one or more references to\nKubernetes objects that contain TLS certificates of\nthe Certificate Authorities that can be used\nas a trust anchor to validate the certificates presented by the client.\n\n\nA single CA certificate reference to a Kubernetes ConfigMap\nhas \"Core\" support.\nImplementations MAY choose to support attaching multiple CA certificates to\na Listener, but this behavior is implementation-specific.\n\n\nSupport: Core - A single reference to a Kubernetes ConfigMap\nwith the CA certificate in a key named `ca.crt`.\n\n\nSupport: Implementation-specific (More than one reference, or other kinds\nof resources).\n\n\nReferences to a resource in a different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason." + +### fn spec.listeners.tls.frontendValidation.withCaCertificateRefsMixin + +```ts +withCaCertificateRefsMixin(caCertificateRefs) +``` + +"CACertificateRefs contains one or more references to\nKubernetes objects that contain TLS certificates of\nthe Certificate Authorities that can be used\nas a trust anchor to validate the certificates presented by the client.\n\n\nA single CA certificate reference to a Kubernetes ConfigMap\nhas \"Core\" support.\nImplementations MAY choose to support attaching multiple CA certificates to\na Listener, but this behavior is implementation-specific.\n\n\nSupport: Core - A single reference to a Kubernetes ConfigMap\nwith the CA certificate in a key named `ca.crt`.\n\n\nSupport: Implementation-specific (More than one reference, or other kinds\nof resources).\n\n\nReferences to a resource in a different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls.frontendValidation.caCertificateRefs + +"CACertificateRefs contains one or more references to\nKubernetes objects that contain TLS certificates of\nthe Certificate Authorities that can be used\nas a trust anchor to validate the certificates presented by the client.\n\n\nA single CA certificate reference to a Kubernetes ConfigMap\nhas \"Core\" support.\nImplementations MAY choose to support attaching multiple CA certificates to\na Listener, but this behavior is implementation-specific.\n\n\nSupport: Core - A single reference to a Kubernetes ConfigMap\nwith the CA certificate in a key named `ca.crt`.\n\n\nSupport: Implementation-specific (More than one reference, or other kinds\nof resources).\n\n\nReferences to a resource in a different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason." + +### fn spec.listeners.tls.frontendValidation.caCertificateRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.listeners.tls.frontendValidation.caCertificateRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"ConfigMap\" or \"Service\"." + +### fn spec.listeners.tls.frontendValidation.caCertificateRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.listeners.tls.frontendValidation.caCertificateRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1beta1/gatewayClass.md b/docs/1.1-experimental/gateway/v1beta1/gatewayClass.md new file mode 100644 index 0000000..1516892 --- /dev/null +++ b/docs/1.1-experimental/gateway/v1beta1/gatewayClass.md @@ -0,0 +1,269 @@ +--- +permalink: /1.1-experimental/gateway/v1beta1/gatewayClass/ +--- + +# gateway.v1beta1.gatewayClass + +"GatewayClass describes a class of Gateways available to the user for creating\nGateway resources.\n\n\nIt is recommended that this resource be used as a template for Gateways. This\nmeans that a Gateway is based on the state of the GatewayClass at the time it\nwas created and changes to the GatewayClass or associated parameters are not\npropagated down to existing Gateways. This recommendation is intended to\nlimit the blast radius of changes to GatewayClass or associated parameters.\nIf implementations choose to propagate GatewayClass changes to existing\nGateways, that MUST be clearly documented by the implementation.\n\n\nWhenever one or more Gateways are using a GatewayClass, implementations SHOULD\nadd the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the\nassociated GatewayClass. This ensures that a GatewayClass associated with a\nGateway is not deleted while in use.\n\n\nGatewayClass is a Cluster level resource." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withControllerName(controllerName)`](#fn-specwithcontrollername) + * [`fn withDescription(description)`](#fn-specwithdescription) + * [`obj spec.parametersRef`](#obj-specparametersref) + * [`fn withGroup(group)`](#fn-specparametersrefwithgroup) + * [`fn withKind(kind)`](#fn-specparametersrefwithkind) + * [`fn withName(name)`](#fn-specparametersrefwithname) + * [`fn withNamespace(namespace)`](#fn-specparametersrefwithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GatewayClass + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GatewayClass." + +### fn spec.withControllerName + +```ts +withControllerName(controllerName) +``` + +"ControllerName is the name of the controller that is managing Gateways of\nthis class. The value of this field MUST be a domain prefixed path.\n\n\nExample: \"example.net/gateway-controller\".\n\n\nThis field is not mutable and cannot be empty.\n\n\nSupport: Core" + +### fn spec.withDescription + +```ts +withDescription(description) +``` + +"Description helps describe a GatewayClass with more details." + +## obj spec.parametersRef + +"ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the GatewayClass. This is optional if the\ncontroller does not require any additional configuration.\n\n\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\nor an implementation-specific custom resource. The resource can be\ncluster-scoped or namespace-scoped.\n\n\nIf the referent cannot be found, the GatewayClass's \"InvalidParameters\"\nstatus condition will be true.\n\n\nA Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\n\nSupport: Implementation-specific" + +### fn spec.parametersRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent." + +### fn spec.parametersRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent." + +### fn spec.parametersRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.parametersRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent.\nThis field is required when referring to a Namespace-scoped resource and\nMUST be unset when referring to a Cluster-scoped resource." \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1beta1/httpRoute.md b/docs/1.1-experimental/gateway/v1beta1/httpRoute.md new file mode 100644 index 0000000..598de78 --- /dev/null +++ b/docs/1.1-experimental/gateway/v1beta1/httpRoute.md @@ -0,0 +1,1576 @@ +--- +permalink: /1.1-experimental/gateway/v1beta1/httpRoute/ +--- + +# gateway.v1beta1.httpRoute + +"HTTPRoute provides a way to route HTTP requests. This includes the capability\nto match requests by hostname, path, header, or query param. Filters can be\nused to specify additional processing steps. Backends specify where matching\nrequests should be routed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.requestRedirect`](#obj-specrulesbackendrefsfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesbackendrefsfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesbackendrefsfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.backendRefs.filters.requestRedirect.path`](#obj-specrulesbackendrefsfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithtype) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.urlRewrite`](#obj-specrulesbackendrefsfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersurlrewritewithhostname) + * [`obj spec.rules.backendRefs.filters.urlRewrite.path`](#obj-specrulesbackendrefsfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithtype) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.requestRedirect`](#obj-specrulesfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.filters.requestRedirect.path`](#obj-specrulesfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersrequestredirectpathwithtype) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters.urlRewrite`](#obj-specrulesfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersurlrewritewithhostname) + * [`obj spec.rules.filters.urlRewrite.path`](#obj-specrulesfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersurlrewritepathwithtype) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`fn withMethod(method)`](#fn-specrulesmatcheswithmethod) + * [`fn withQueryParams(queryParams)`](#fn-specrulesmatcheswithqueryparams) + * [`fn withQueryParamsMixin(queryParams)`](#fn-specrulesmatcheswithqueryparamsmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.path`](#obj-specrulesmatchespath) + * [`fn withType(type)`](#fn-specrulesmatchespathwithtype) + * [`fn withValue(value)`](#fn-specrulesmatchespathwithvalue) + * [`obj spec.rules.matches.queryParams`](#obj-specrulesmatchesqueryparams) + * [`fn withName(name)`](#fn-specrulesmatchesqueryparamswithname) + * [`fn withType(type)`](#fn-specrulesmatchesqueryparamswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesqueryparamswithvalue) + * [`obj spec.rules.sessionPersistence`](#obj-specrulessessionpersistence) + * [`fn withAbsoluteTimeout(absoluteTimeout)`](#fn-specrulessessionpersistencewithabsolutetimeout) + * [`fn withIdleTimeout(idleTimeout)`](#fn-specrulessessionpersistencewithidletimeout) + * [`fn withSessionName(sessionName)`](#fn-specrulessessionpersistencewithsessionname) + * [`fn withType(type)`](#fn-specrulessessionpersistencewithtype) + * [`obj spec.rules.sessionPersistence.cookieConfig`](#obj-specrulessessionpersistencecookieconfig) + * [`fn withLifetimeType(lifetimeType)`](#fn-specrulessessionpersistencecookieconfigwithlifetimetype) + * [`obj spec.rules.timeouts`](#obj-specrulestimeouts) + * [`fn withBackendRequest(backendRequest)`](#fn-specrulestimeoutswithbackendrequest) + * [`fn withRequest(request)`](#fn-specrulestimeoutswithrequest) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of HTTPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of HTTPRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host\nheader to select a HTTPRoute used to process the request. Implementations\nMUST ignore any port value specified in the HTTP Host header while\nperforming a match and (absent of any applicable header modification\nconfiguration) MUST forward this header unmodified to the backend.\n\n\nValid values for Hostnames are determined by RFC 1123 definition of a\nhostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and HTTPRoute, there\nmust be at least one intersecting hostname for the HTTPRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\n all match. On the other hand, `example.com` and `test.example.net` would\n not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, any\nHTTPRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nHTTPRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` must not be considered for a match.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, and none\nmatch with the criteria above, then the HTTPRoute is not accepted. The\nimplementation must raise an 'Accepted' Condition with a status of\n`False` in the corresponding RouteParentStatus.\n\n\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\noverlapping wildcard matching and exact matching hostnames), precedence must\nbe given to rules from the HTTPRoute with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n\n\nIf ties exist across multiple Routes, the matching precedence rules for\nHTTPRouteMatches takes over.\n\n\nSupport: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host\nheader to select a HTTPRoute used to process the request. Implementations\nMUST ignore any port value specified in the HTTP Host header while\nperforming a match and (absent of any applicable header modification\nconfiguration) MUST forward this header unmodified to the backend.\n\n\nValid values for Hostnames are determined by RFC 1123 definition of a\nhostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and HTTPRoute, there\nmust be at least one intersecting hostname for the HTTPRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\n all match. On the other hand, `example.com` and `test.example.net` would\n not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, any\nHTTPRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nHTTPRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` must not be considered for a match.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, and none\nmatch with the criteria above, then the HTTPRoute is not accepted. The\nimplementation must raise an 'Accepted' Condition with a status of\n`False` in the corresponding RouteParentStatus.\n\n\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\noverlapping wildcard matching and exact matching hostnames), precedence must\nbe given to rules from the HTTPRoute with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n\n\nIf ties exist across multiple Routes, the matching precedence rules for\nHTTPRouteMatches takes over.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\n\n\n\n" + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent.\n\n\nSupport: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\nParentRefs from a Route to a Service in the same namespace are \"producer\"\nroutes, which apply default routing rules to inbound connections from\nany namespace to the Service.\n\n\nParentRefs from a Route to a Service in a different namespace are\n\"consumer\" routes, and these routing rules are only applied to outbound\nconnections originating from the same namespace as the Route, for which\nthe intended destination of the connections are a Service targeted as a\nParentRef of the Route.\n\n\n\nSupport: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\nWhen the parent resource is a Service, this targets a specific port in the\nService spec. When both Port (experimental) and SectionName are specified,\nthe name and port of the selected port must match both specified values.\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + +## obj spec.rules + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that can not be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation can not support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that can not be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation can not support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\n\nSupport for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nThis filter can be used multiple times within the same rule.\n\n\nSupport: Implementation-specific" + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.backendRefs.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location`\nheader in the response.\n\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Core" + +## obj spec.rules.backendRefs.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during\nforwarding.\n\n\nSupport: Extended" + +## obj spec.rules.backendRefs.filters.urlRewrite.path + +"Path defines a path rewrite.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that can not be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation can not support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nThis filter can be used multiple times within the same rule.\n\n\nSupport: Implementation-specific" + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location`\nheader in the response.\n\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\n\nSupport: Extended" + +### fn spec.rules.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Extended" + +### fn spec.rules.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Core" + +## obj spec.rules.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\n\nSupport: Extended" + +### fn spec.rules.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\n\nSupport: Extended" + +### fn spec.rules.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during\nforwarding.\n\n\nSupport: Extended" + +## obj spec.rules.filters.urlRewrite.path + +"Path defines a path rewrite.\n\n\nSupport: Extended" + +### fn spec.rules.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + +**Note:** This function appends passed data to existing values + +### fn spec.rules.matches.withMethod + +```ts +withMethod(method) +``` + +"Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\n\nSupport: Extended" + +### fn spec.rules.matches.withQueryParams + +```ts +withQueryParams(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + +### fn spec.rules.matches.withQueryParamsMixin + +```ts +withQueryParamsMixin(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\"." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header.\n\n\nSupport: Core (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches.path + +"Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided." + +### fn spec.rules.matches.path.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the path Value.\n\n\nSupport: Core (Exact, PathPrefix)\n\n\nSupport: Implementation-specific (RegularExpression)" + +### fn spec.rules.matches.path.withValue + +```ts +withValue(value) +``` + +"Value of the HTTP path to match against." + +## obj spec.rules.matches.queryParams + +"QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + +### fn spec.rules.matches.queryParams.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations." + +### fn spec.rules.matches.queryParams.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the query parameter.\n\n\nSupport: Extended (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect." + +### fn spec.rules.matches.queryParams.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP query param to be matched." + +## obj spec.rules.sessionPersistence + +"SessionPersistence defines and configures session persistence\nfor the route rule.\n\n\nSupport: Extended\n\n\n" + +### fn spec.rules.sessionPersistence.withAbsoluteTimeout + +```ts +withAbsoluteTimeout(absoluteTimeout) +``` + +"AbsoluteTimeout defines the absolute timeout of the persistent\nsession. Once the AbsoluteTimeout duration has elapsed, the\nsession becomes invalid.\n\n\nSupport: Extended" + +### fn spec.rules.sessionPersistence.withIdleTimeout + +```ts +withIdleTimeout(idleTimeout) +``` + +"IdleTimeout defines the idle timeout of the persistent session.\nOnce the session has been idle for more than the specified\nIdleTimeout duration, the session becomes invalid.\n\n\nSupport: Extended" + +### fn spec.rules.sessionPersistence.withSessionName + +```ts +withSessionName(sessionName) +``` + +"SessionName defines the name of the persistent session token\nwhich may be reflected in the cookie or the header. Users\nshould avoid reusing session names to prevent unintended\nconsequences, such as rejection or unpredictable behavior.\n\n\nSupport: Implementation-specific" + +### fn spec.rules.sessionPersistence.withType + +```ts +withType(type) +``` + +"Type defines the type of session persistence such as through\nthe use a header or cookie. Defaults to cookie based session\npersistence.\n\n\nSupport: Core for \"Cookie\" type\n\n\nSupport: Extended for \"Header\" type" + +## obj spec.rules.sessionPersistence.cookieConfig + +"CookieConfig provides configuration settings that are specific\nto cookie-based session persistence.\n\n\nSupport: Core" + +### fn spec.rules.sessionPersistence.cookieConfig.withLifetimeType + +```ts +withLifetimeType(lifetimeType) +``` + +"LifetimeType specifies whether the cookie has a permanent or\nsession-based lifetime. A permanent cookie persists until its\nspecified expiry time, defined by the Expires or Max-Age cookie\nattributes, while a session cookie is deleted when the current\nsession ends.\n\n\nWhen set to \"Permanent\", AbsoluteTimeout indicates the\ncookie's lifetime via the Expires or Max-Age cookie attributes\nand is required.\n\n\nWhen set to \"Session\", AbsoluteTimeout indicates the\nabsolute lifetime of the cookie tracked by the gateway and\nis optional.\n\n\nSupport: Core for \"Session\" type\n\n\nSupport: Extended for \"Permanent\" type" + +## obj spec.rules.timeouts + +"Timeouts defines the timeouts that can be configured for an HTTP request.\n\n\nSupport: Extended\n\n\n" + +### fn spec.rules.timeouts.withBackendRequest + +```ts +withBackendRequest(backendRequest) +``` + +"BackendRequest specifies a timeout for an individual request from the gateway\nto a backend. This covers the time from when the request first starts being\nsent from the gateway to when the full response has been received from the backend.\n\n\nSetting a timeout to the zero duration (e.g. \"0s\") SHOULD disable the timeout\ncompletely. Implementations that cannot completely disable the timeout MUST\ninstead interpret the zero duration as the longest possible value to which\nthe timeout can be set.\n\n\nAn entire client HTTP transaction with a gateway, covered by the Request timeout,\nmay result in more than one call from the gateway to the destination backend,\nfor example, if automatic retries are supported.\n\n\nBecause the Request timeout encompasses the BackendRequest timeout, the value of\nBackendRequest must be <= the value of Request timeout.\n\n\nSupport: Extended" + +### fn spec.rules.timeouts.withRequest + +```ts +withRequest(request) +``` + +"Request specifies the maximum duration for a gateway to respond to an HTTP request.\nIf the gateway has not been able to respond before this deadline is met, the gateway\nMUST return a timeout error.\n\n\nFor example, setting the `rules.timeouts.request` field to the value `10s` in an\n`HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds\nto complete.\n\n\nSetting a timeout to the zero duration (e.g. \"0s\") SHOULD disable the timeout\ncompletely. Implementations that cannot completely disable the timeout MUST\ninstead interpret the zero duration as the longest possible value to which\nthe timeout can be set.\n\n\nThis timeout is intended to cover as close to the whole request-response transaction\nas possible although an implementation MAY choose to start the timeout after the entire\nrequest stream has been received instead of immediately after the transaction is\ninitiated by the client.\n\n\nWhen this field is unspecified, request timeout behavior is implementation-specific.\n\n\nSupport: Extended" \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1beta1/index.md b/docs/1.1-experimental/gateway/v1beta1/index.md new file mode 100644 index 0000000..bd8c19a --- /dev/null +++ b/docs/1.1-experimental/gateway/v1beta1/index.md @@ -0,0 +1,12 @@ +--- +permalink: /1.1-experimental/gateway/v1beta1/ +--- + +# gateway.v1beta1 + + + +* [gateway](gateway.md) +* [gatewayClass](gatewayClass.md) +* [httpRoute](httpRoute.md) +* [referenceGrant](referenceGrant.md) \ No newline at end of file diff --git a/docs/1.1-experimental/gateway/v1beta1/referenceGrant.md b/docs/1.1-experimental/gateway/v1beta1/referenceGrant.md new file mode 100644 index 0000000..7625b1f --- /dev/null +++ b/docs/1.1-experimental/gateway/v1beta1/referenceGrant.md @@ -0,0 +1,314 @@ +--- +permalink: /1.1-experimental/gateway/v1beta1/referenceGrant/ +--- + +# gateway.v1beta1.referenceGrant + +"ReferenceGrant identifies kinds of resources in other namespaces that are\ntrusted to reference the specified kinds of resources in the same namespace\nas the policy.\n\n\nEach ReferenceGrant can be used to represent a unique trust relationship.\nAdditional Reference Grants can be used to add to the set of trusted\nsources of inbound references for the namespace they are defined within.\n\n\nAll cross-namespace references in Gateway API (with the exception of cross-namespace\nGateway-route attachment) require a ReferenceGrant.\n\n\nReferenceGrant is a form of runtime verification allowing users to assert\nwhich cross-namespace object references are permitted. Implementations that\nsupport ReferenceGrant MUST NOT permit cross-namespace references which have\nno grant, and MUST respond to the removal of a grant by revoking the access\nthat the grant allowed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withFrom(from)`](#fn-specwithfrom) + * [`fn withFromMixin(from)`](#fn-specwithfrommixin) + * [`fn withTo(to)`](#fn-specwithto) + * [`fn withToMixin(to)`](#fn-specwithtomixin) + * [`obj spec.from`](#obj-specfrom) + * [`fn withGroup(group)`](#fn-specfromwithgroup) + * [`fn withKind(kind)`](#fn-specfromwithkind) + * [`fn withNamespace(namespace)`](#fn-specfromwithnamespace) + * [`obj spec.to`](#obj-specto) + * [`fn withGroup(group)`](#fn-spectowithgroup) + * [`fn withKind(kind)`](#fn-spectowithkind) + * [`fn withName(name)`](#fn-spectowithname) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of ReferenceGrant + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of ReferenceGrant." + +### fn spec.withFrom + +```ts +withFrom(from) +``` + +"From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.withFromMixin + +```ts +withFromMixin(from) +``` + +"From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withTo + +```ts +withTo(to) +``` + +"To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.withToMixin + +```ts +withToMixin(to) +``` + +"To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.from + +"From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.from.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen empty, the Kubernetes core API group is inferred.\n\n\nSupport: Core" + +### fn spec.from.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support\nadditional resources, the following types are part of the \"Core\"\nsupport level for this field.\n\n\nWhen used to permit a SecretObjectReference:\n\n\n* Gateway\n\n\nWhen used to permit a BackendObjectReference:\n\n\n* GRPCRoute\n* HTTPRoute\n* TCPRoute\n* TLSRoute\n* UDPRoute" + +### fn spec.from.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent.\n\n\nSupport: Core" + +## obj spec.to + +"To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.to.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen empty, the Kubernetes core API group is inferred.\n\n\nSupport: Core" + +### fn spec.to.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support\nadditional resources, the following types are part of the \"Core\"\nsupport level for this field:\n\n\n* Secret when used to permit a SecretObjectReference\n* Service when used to permit a BackendObjectReference" + +### fn spec.to.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. When unspecified, this policy\nrefers to all resources of the specified Group and Kind in the local\nnamespace." \ No newline at end of file diff --git a/docs/1.1/README.md b/docs/1.1/README.md new file mode 100644 index 0000000..c554892 --- /dev/null +++ b/docs/1.1/README.md @@ -0,0 +1,13 @@ +--- +permalink: /1.1/ +--- + +# gateway-api + +```jsonnet +local gateway-api = import "github.com/jsonnet-libs/gateway-api-libsonnet/1.1/main.libsonnet" +``` + + + +* [gateway](gateway/index.md) \ No newline at end of file diff --git a/docs/1.1/gateway/index.md b/docs/1.1/gateway/index.md new file mode 100644 index 0000000..5b2a957 --- /dev/null +++ b/docs/1.1/gateway/index.md @@ -0,0 +1,11 @@ +--- +permalink: /1.1/gateway/ +--- + +# gateway + + + +* [v1](v1/index.md) +* [v1alpha2](v1alpha2/index.md) +* [v1beta1](v1beta1/index.md) \ No newline at end of file diff --git a/docs/1.1/gateway/v1/gateway.md b/docs/1.1/gateway/v1/gateway.md new file mode 100644 index 0000000..2e9f7fb --- /dev/null +++ b/docs/1.1/gateway/v1/gateway.md @@ -0,0 +1,568 @@ +--- +permalink: /1.1/gateway/v1/gateway/ +--- + +# gateway.v1.gateway + +"Gateway represents an instance of a service-traffic handling infrastructure\nby binding Listeners to a set of IP addresses." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withAddresses(addresses)`](#fn-specwithaddresses) + * [`fn withAddressesMixin(addresses)`](#fn-specwithaddressesmixin) + * [`fn withGatewayClassName(gatewayClassName)`](#fn-specwithgatewayclassname) + * [`fn withListeners(listeners)`](#fn-specwithlisteners) + * [`fn withListenersMixin(listeners)`](#fn-specwithlistenersmixin) + * [`obj spec.addresses`](#obj-specaddresses) + * [`fn withType(type)`](#fn-specaddresseswithtype) + * [`fn withValue(value)`](#fn-specaddresseswithvalue) + * [`obj spec.listeners`](#obj-speclisteners) + * [`fn withHostname(hostname)`](#fn-speclistenerswithhostname) + * [`fn withName(name)`](#fn-speclistenerswithname) + * [`fn withPort(port)`](#fn-speclistenerswithport) + * [`fn withProtocol(protocol)`](#fn-speclistenerswithprotocol) + * [`obj spec.listeners.allowedRoutes`](#obj-speclistenersallowedroutes) + * [`fn withKinds(kinds)`](#fn-speclistenersallowedrouteswithkinds) + * [`fn withKindsMixin(kinds)`](#fn-speclistenersallowedrouteswithkindsmixin) + * [`obj spec.listeners.allowedRoutes.kinds`](#obj-speclistenersallowedrouteskinds) + * [`fn withGroup(group)`](#fn-speclistenersallowedrouteskindswithgroup) + * [`fn withKind(kind)`](#fn-speclistenersallowedrouteskindswithkind) + * [`obj spec.listeners.allowedRoutes.namespaces`](#obj-speclistenersallowedroutesnamespaces) + * [`fn withFrom(from)`](#fn-speclistenersallowedroutesnamespaceswithfrom) + * [`obj spec.listeners.allowedRoutes.namespaces.selector`](#obj-speclistenersallowedroutesnamespacesselector) + * [`fn withMatchExpressions(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressions) + * [`fn withMatchExpressionsMixin(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressionsmixin) + * [`fn withMatchLabels(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabels) + * [`fn withMatchLabelsMixin(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabelsmixin) + * [`obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions`](#obj-speclistenersallowedroutesnamespacesselectormatchexpressions) + * [`fn withKey(key)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithkey) + * [`fn withOperator(operator)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithoperator) + * [`fn withValues(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvalues) + * [`fn withValuesMixin(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvaluesmixin) + * [`obj spec.listeners.tls`](#obj-speclistenerstls) + * [`fn withCertificateRefs(certificateRefs)`](#fn-speclistenerstlswithcertificaterefs) + * [`fn withCertificateRefsMixin(certificateRefs)`](#fn-speclistenerstlswithcertificaterefsmixin) + * [`fn withMode(mode)`](#fn-speclistenerstlswithmode) + * [`fn withOptions(options)`](#fn-speclistenerstlswithoptions) + * [`fn withOptionsMixin(options)`](#fn-speclistenerstlswithoptionsmixin) + * [`obj spec.listeners.tls.certificateRefs`](#obj-speclistenerstlscertificaterefs) + * [`fn withGroup(group)`](#fn-speclistenerstlscertificaterefswithgroup) + * [`fn withKind(kind)`](#fn-speclistenerstlscertificaterefswithkind) + * [`fn withName(name)`](#fn-speclistenerstlscertificaterefswithname) + * [`fn withNamespace(namespace)`](#fn-speclistenerstlscertificaterefswithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of Gateway + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of Gateway." + +### fn spec.withAddresses + +```ts +withAddresses(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\n\nSupport: Extended\n\n\n" + +### fn spec.withAddressesMixin + +```ts +withAddressesMixin(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\n\nSupport: Extended\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withGatewayClassName + +```ts +withGatewayClassName(gatewayClassName) +``` + +"GatewayClassName used for this Gateway. This is the name of a\nGatewayClass resource." + +### fn spec.withListeners + +```ts +withListeners(listeners) +``` + +"Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on their\ntargeted conformance profile:\n\n\nHTTP Profile\n\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\n\nTLS Profile\n\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\n\"Distinct\" Listeners have the following property:\n\n\nThe implementation can match inbound requests to a single distinct\nListener. When multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\n\nFor example, the following Listener scenarios are distinct:\n\n\n1. Multiple Listeners with the same Port that all use the \"HTTP\"\n Protocol that all have unique Hostname values.\n2. Multiple Listeners with the same Port that use either the \"HTTPS\" or\n \"TLS\" Protocol that all have unique Hostname values.\n3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener\n with the same Protocol has the same Port value.\n\n\nSome fields in the Listener struct have possible values that affect\nwhether the Listener is distinct. Hostname is particularly relevant\nfor HTTP or HTTPS protocols.\n\n\nWhen using the Hostname value to select between same-Port, same-Protocol\nListeners, the Hostname value must be different on each Listener for the\nListener to be distinct.\n\n\nWhen the Listeners are distinct based on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\n\nExact matches must be processed before wildcard matches, and wildcard\nmatches must be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are Conflicted, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners. To put this another way, implementations may\naccept a partial Listener set only if they throw out *all* the conflicting\nListeners. No picking one of the conflicting listeners as the winner.\nThis also means that the Gateway must have at least one non-conflicting\nListener in this case, otherwise it violates the requirement that at\nleast one Listener must be present.\n\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n\nA Gateway's Listeners are considered \"compatible\" if:\n\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\n\nNote that requests SHOULD match at most one Listener. For example, if\nListeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\nThis concept is known as \"Listener Isolation\". Implementations that do\nnot support Listener Isolation MUST clearly document this.\n\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\n\nSupport: Core" + +### fn spec.withListenersMixin + +```ts +withListenersMixin(listeners) +``` + +"Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on their\ntargeted conformance profile:\n\n\nHTTP Profile\n\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\n\nTLS Profile\n\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\n\"Distinct\" Listeners have the following property:\n\n\nThe implementation can match inbound requests to a single distinct\nListener. When multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\n\nFor example, the following Listener scenarios are distinct:\n\n\n1. Multiple Listeners with the same Port that all use the \"HTTP\"\n Protocol that all have unique Hostname values.\n2. Multiple Listeners with the same Port that use either the \"HTTPS\" or\n \"TLS\" Protocol that all have unique Hostname values.\n3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener\n with the same Protocol has the same Port value.\n\n\nSome fields in the Listener struct have possible values that affect\nwhether the Listener is distinct. Hostname is particularly relevant\nfor HTTP or HTTPS protocols.\n\n\nWhen using the Hostname value to select between same-Port, same-Protocol\nListeners, the Hostname value must be different on each Listener for the\nListener to be distinct.\n\n\nWhen the Listeners are distinct based on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\n\nExact matches must be processed before wildcard matches, and wildcard\nmatches must be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are Conflicted, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners. To put this another way, implementations may\naccept a partial Listener set only if they throw out *all* the conflicting\nListeners. No picking one of the conflicting listeners as the winner.\nThis also means that the Gateway must have at least one non-conflicting\nListener in this case, otherwise it violates the requirement that at\nleast one Listener must be present.\n\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n\nA Gateway's Listeners are considered \"compatible\" if:\n\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\n\nNote that requests SHOULD match at most one Listener. For example, if\nListeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\nThis concept is known as \"Listener Isolation\". Implementations that do\nnot support Listener Isolation MUST clearly document this.\n\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.addresses + +"Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\n\nSupport: Extended\n\n\n" + +### fn spec.addresses.withType + +```ts +withType(type) +``` + +"Type of the address." + +### fn spec.addresses.withValue + +```ts +withValue(value) +``` + +"Value of the address. The validity of the values will depend\non the type and support by the controller.\n\n\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`." + +## obj spec.listeners + +"Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on their\ntargeted conformance profile:\n\n\nHTTP Profile\n\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\n\nTLS Profile\n\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\n\"Distinct\" Listeners have the following property:\n\n\nThe implementation can match inbound requests to a single distinct\nListener. When multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\n\nFor example, the following Listener scenarios are distinct:\n\n\n1. Multiple Listeners with the same Port that all use the \"HTTP\"\n Protocol that all have unique Hostname values.\n2. Multiple Listeners with the same Port that use either the \"HTTPS\" or\n \"TLS\" Protocol that all have unique Hostname values.\n3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener\n with the same Protocol has the same Port value.\n\n\nSome fields in the Listener struct have possible values that affect\nwhether the Listener is distinct. Hostname is particularly relevant\nfor HTTP or HTTPS protocols.\n\n\nWhen using the Hostname value to select between same-Port, same-Protocol\nListeners, the Hostname value must be different on each Listener for the\nListener to be distinct.\n\n\nWhen the Listeners are distinct based on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\n\nExact matches must be processed before wildcard matches, and wildcard\nmatches must be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are Conflicted, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners. To put this another way, implementations may\naccept a partial Listener set only if they throw out *all* the conflicting\nListeners. No picking one of the conflicting listeners as the winner.\nThis also means that the Gateway must have at least one non-conflicting\nListener in this case, otherwise it violates the requirement that at\nleast one Listener must be present.\n\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n\nA Gateway's Listeners are considered \"compatible\" if:\n\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\n\nNote that requests SHOULD match at most one Listener. For example, if\nListeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\nThis concept is known as \"Listener Isolation\". Implementations that do\nnot support Listener Isolation MUST clearly document this.\n\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\n\nSupport: Core" + +### fn spec.listeners.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname specifies the virtual hostname to match for protocol types that\ndefine this concept. When unspecified, all hostnames are matched. This\nfield is ignored for protocols that don't require hostname based\nmatching.\n\n\nImplementations MUST apply Hostname matching appropriately for each of\nthe following protocols:\n\n\n* TLS: The Listener Hostname MUST match the SNI.\n* HTTP: The Listener Hostname MUST match the Host header of the request.\n* HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP\n protocol layers as described above. If an implementation does not\n ensure that both the SNI and Host header match the Listener hostname,\n it MUST clearly document that.\n\n\nFor HTTPRoute and TLSRoute resources, there is an interaction with the\n`spec.hostnames` array. When both listener and route specify hostnames,\nthere MUST be an intersection between the values for a Route to be\naccepted. For more information, refer to the Route specific Hostnames\ndocumentation.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nSupport: Core" + +### fn spec.listeners.withName + +```ts +withName(name) +``` + +"Name is the name of the Listener. This name MUST be unique within a\nGateway.\n\n\nSupport: Core" + +### fn spec.listeners.withPort + +```ts +withPort(port) +``` + +"Port is the network port. Multiple listeners may use the\nsame port, subject to the Listener compatibility rules.\n\n\nSupport: Core" + +### fn spec.listeners.withProtocol + +```ts +withProtocol(protocol) +``` + +"Protocol specifies the network protocol this listener expects to receive.\n\n\nSupport: Core" + +## obj spec.listeners.allowedRoutes + +"AllowedRoutes defines the types of routes that MAY be attached to a\nListener and the trusted namespaces where those Route resources MAY be\npresent.\n\n\nAlthough a client request may match multiple route rules, only one rule\nmay ultimately receive the request. Matching precedence MUST be\ndetermined in order of the following criteria:\n\n\n* The most specific match as defined by the Route type.\n* The oldest Route based on creation timestamp. For example, a Route with\n a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over\n a Route with a creation timestamp of \"2020-09-08 01:02:04\".\n* If everything else is equivalent, the Route appearing first in\n alphabetical order (namespace/name) should be given precedence. For\n example, foo/bar is given precedence over foo/baz.\n\n\nAll valid rules within a Route attached to this Listener should be\nimplemented. Invalid Route rules can be ignored (sometimes that will mean\nthe full Route). If a Route rule transitions from valid to invalid,\nsupport for that Route rule should be dropped to ensure consistency. For\nexample, even if a filter specified by a Route rule is invalid, the rest\nof the rules within that Route should still be supported.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.withKinds + +```ts +withKinds(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.withKindsMixin + +```ts +withKindsMixin(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.kinds + +"Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.kinds.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the Route." + +### fn spec.listeners.allowedRoutes.kinds.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the Route." + +## obj spec.listeners.allowedRoutes.namespaces + +"Namespaces indicates namespaces from which Routes may be attached to this\nListener. This is restricted to the namespace of this Gateway by default.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.namespaces.withFrom + +```ts +withFrom(from) +``` + +"From indicates where Routes will be selected for this Gateway. Possible\nvalues are:\n\n\n* All: Routes in all namespaces may be used by this Gateway.\n* Selector: Routes in namespaces selected by the selector may be used by\n this Gateway.\n* Same: Only Routes in the same namespace may be used by this Gateway.\n\n\nSupport: Core" + +## obj spec.listeners.allowedRoutes.namespaces.selector + +"Selector must be specified when From is set to \"Selector\". In that case,\nonly Routes in Namespaces matching this Selector will be selected by this\nGateway. This field is ignored for other values of \"From\".\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressions + +```ts +withMatchExpressions(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressionsMixin + +```ts +withMatchExpressionsMixin(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabels + +```ts +withMatchLabels(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabelsMixin + +```ts +withMatchLabelsMixin(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withKey + +```ts +withKey(key) +``` + +"key is the label key that the selector applies to." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withOperator + +```ts +withOperator(operator) +``` + +"operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValues + +```ts +withValues(values) +``` + +"values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValuesMixin + +```ts +withValuesMixin(values) +``` + +"values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls + +"TLS is the TLS configuration for the Listener. This field is required if\nthe Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field\nif the Protocol field is \"HTTP\", \"TCP\", or \"UDP\".\n\n\nThe association of SNIs to Certificate defined in GatewayTLSConfig is\ndefined based on the Hostname field for this listener.\n\n\nThe GatewayClass MUST use the longest matching SNI out of all\navailable certificates for any TLS handshake.\n\n\nSupport: Core" + +### fn spec.listeners.tls.withCertificateRefs + +```ts +withCertificateRefs(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\n\nSupport: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.withCertificateRefsMixin + +```ts +withCertificateRefsMixin(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\n\nSupport: Implementation-specific (More than one reference or other resource types)" + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.tls.withMode + +```ts +withMode(mode) +``` + +"Mode defines the TLS behavior for the TLS session initiated by the client.\nThere are two possible modes:\n\n\n- Terminate: The TLS session between the downstream client and the\n Gateway is terminated at the Gateway. This mode requires certificates\n to be specified in some way, such as populating the certificateRefs\n field.\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\n implies that the Gateway can't decipher the TLS stream except for\n the ClientHello message of the TLS protocol. The certificateRefs field\n is ignored in this mode.\n\n\nSupport: Core" + +### fn spec.listeners.tls.withOptions + +```ts +withOptions(options) +``` + +"Options are a list of key/value pairs to enable extended TLS\nconfiguration for each implementation. For example, configuring the\nminimum TLS version or supported cipher suites.\n\n\nA set of common keys MAY be defined by the API in the future. To avoid\nany ambiguity, implementation-specific definitions MUST use\ndomain-prefixed names, such as `example.com/my-custom-option`.\nUn-prefixed names are reserved for key names defined by Gateway API.\n\n\nSupport: Implementation-specific" + +### fn spec.listeners.tls.withOptionsMixin + +```ts +withOptionsMixin(options) +``` + +"Options are a list of key/value pairs to enable extended TLS\nconfiguration for each implementation. For example, configuring the\nminimum TLS version or supported cipher suites.\n\n\nA set of common keys MAY be defined by the API in the future. To avoid\nany ambiguity, implementation-specific definitions MUST use\ndomain-prefixed names, such as `example.com/my-custom-option`.\nUn-prefixed names are reserved for key names defined by Gateway API.\n\n\nSupport: Implementation-specific" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls.certificateRefs + +"CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\n\nSupport: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.certificateRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.listeners.tls.certificateRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"Secret\"." + +### fn spec.listeners.tls.certificateRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.listeners.tls.certificateRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" \ No newline at end of file diff --git a/docs/1.1/gateway/v1/gatewayClass.md b/docs/1.1/gateway/v1/gatewayClass.md new file mode 100644 index 0000000..bdd9722 --- /dev/null +++ b/docs/1.1/gateway/v1/gatewayClass.md @@ -0,0 +1,269 @@ +--- +permalink: /1.1/gateway/v1/gatewayClass/ +--- + +# gateway.v1.gatewayClass + +"GatewayClass describes a class of Gateways available to the user for creating\nGateway resources.\n\n\nIt is recommended that this resource be used as a template for Gateways. This\nmeans that a Gateway is based on the state of the GatewayClass at the time it\nwas created and changes to the GatewayClass or associated parameters are not\npropagated down to existing Gateways. This recommendation is intended to\nlimit the blast radius of changes to GatewayClass or associated parameters.\nIf implementations choose to propagate GatewayClass changes to existing\nGateways, that MUST be clearly documented by the implementation.\n\n\nWhenever one or more Gateways are using a GatewayClass, implementations SHOULD\nadd the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the\nassociated GatewayClass. This ensures that a GatewayClass associated with a\nGateway is not deleted while in use.\n\n\nGatewayClass is a Cluster level resource." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withControllerName(controllerName)`](#fn-specwithcontrollername) + * [`fn withDescription(description)`](#fn-specwithdescription) + * [`obj spec.parametersRef`](#obj-specparametersref) + * [`fn withGroup(group)`](#fn-specparametersrefwithgroup) + * [`fn withKind(kind)`](#fn-specparametersrefwithkind) + * [`fn withName(name)`](#fn-specparametersrefwithname) + * [`fn withNamespace(namespace)`](#fn-specparametersrefwithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GatewayClass + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GatewayClass." + +### fn spec.withControllerName + +```ts +withControllerName(controllerName) +``` + +"ControllerName is the name of the controller that is managing Gateways of\nthis class. The value of this field MUST be a domain prefixed path.\n\n\nExample: \"example.net/gateway-controller\".\n\n\nThis field is not mutable and cannot be empty.\n\n\nSupport: Core" + +### fn spec.withDescription + +```ts +withDescription(description) +``` + +"Description helps describe a GatewayClass with more details." + +## obj spec.parametersRef + +"ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the GatewayClass. This is optional if the\ncontroller does not require any additional configuration.\n\n\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\nor an implementation-specific custom resource. The resource can be\ncluster-scoped or namespace-scoped.\n\n\nIf the referent cannot be found, the GatewayClass's \"InvalidParameters\"\nstatus condition will be true.\n\n\nA Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\n\nSupport: Implementation-specific" + +### fn spec.parametersRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent." + +### fn spec.parametersRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent." + +### fn spec.parametersRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.parametersRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent.\nThis field is required when referring to a Namespace-scoped resource and\nMUST be unset when referring to a Cluster-scoped resource." \ No newline at end of file diff --git a/docs/1.1/gateway/v1/grpcRoute.md b/docs/1.1/gateway/v1/grpcRoute.md new file mode 100644 index 0000000..60bb7b0 --- /dev/null +++ b/docs/1.1/gateway/v1/grpcRoute.md @@ -0,0 +1,1208 @@ +--- +permalink: /1.1/gateway/v1/grpcRoute/ +--- + +# gateway.v1.grpcRoute + +"GRPCRoute provides a way to route gRPC requests. This includes the capability\nto match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.\nFilters can be used to specify additional processing steps. Backends specify\nwhere matching requests will be routed.\n\n\nGRPCRoute falls under extended support within the Gateway API. Within the\nfollowing specification, the word \"MUST\" indicates that an implementation\nsupporting GRPCRoute must conform to the indicated requirement, but an\nimplementation not supporting this route type need not follow the requirement\nunless explicitly indicated.\n\n\nImplementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST\naccept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via\nALPN. If the implementation does not support this, then it MUST set the\n\"Accepted\" condition to \"False\" for the affected listener with a reason of\n\"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections\nwith an upgrade from HTTP/1.\n\n\nImplementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST\nsupport HTTP/2 over cleartext TCP (h2c,\nhttps://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial\nupgrade from HTTP/1.1, i.e. with prior knowledge\n(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation\ndoes not support this, then it MUST set the \"Accepted\" condition to \"False\"\nfor the affected listener with a reason of \"UnsupportedProtocol\".\nImplementations MAY also accept HTTP/2 connections with an upgrade from\nHTTP/1, i.e. without prior knowledge." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.method`](#obj-specrulesmatchesmethod) + * [`fn withMethod(method)`](#fn-specrulesmatchesmethodwithmethod) + * [`fn withService(service)`](#fn-specrulesmatchesmethodwithservice) + * [`fn withType(type)`](#fn-specrulesmatchesmethodwithtype) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GRPCRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GRPCRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames to match against the GRPC\nHost header to select a GRPCRoute to process the request. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label MUST appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and GRPCRoute, there\nMUST be at least one intersecting hostname for the GRPCRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `test.example.com` and `*.example.com` would both match. On the other\n hand, `example.com` and `test.example.net` would not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, any\nGRPCRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nGRPCRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` MUST NOT be considered for a match.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, and none\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\nthe implementation. The implementation MUST raise an 'Accepted' Condition\nwith a status of `False` in the corresponding RouteParentStatus.\n\n\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\nListener and that listener already has another Route (B) of the other\ntype attached and the intersection of the hostnames of A and B is\nnon-empty, then the implementation MUST accept exactly one of these two\nroutes, determined by the following criteria, in order:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nThe rejected Route MUST raise an 'Accepted' condition with a status of\n'False' in the corresponding RouteParentStatus.\n\n\nSupport: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames to match against the GRPC\nHost header to select a GRPCRoute to process the request. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label MUST appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and GRPCRoute, there\nMUST be at least one intersecting hostname for the GRPCRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `test.example.com` and `*.example.com` would both match. On the other\n hand, `example.com` and `test.example.net` would not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, any\nGRPCRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nGRPCRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` MUST NOT be considered for a match.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, and none\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\nthe implementation. The implementation MUST raise an 'Accepted' Condition\nwith a status of `False` in the corresponding RouteParentStatus.\n\n\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\nListener and that listener already has another Route (B) of the other\ntype attached and the intersection of the hostnames of A and B is\nnon-empty, then the implementation MUST accept exactly one of these two\nroutes, determined by the following criteria, in order:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nThe rejected Route MUST raise an 'Accepted' condition with a status of\n'False' in the corresponding RouteParentStatus.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\n\n\n\n\n\n" + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\n\n\n\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of GRPC matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of GRPC matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\n\n\n\n\n\n" + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent.\n\n\nSupport: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\n\n\nSupport: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + +## obj spec.rules + +"Rules are a list of GRPC matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nIf an implementation can not support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nIf an implementation can not support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\n\nSupport for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\n" + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nSupport: Implementation-specific\n\n\nThis filter can be used multiple times within the same rule." + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nIf an implementation can not support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\n" + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nSupport: Implementation-specific\n\n\nThis filter can be used multiple times within the same rule." + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the gRPC Header to be matched.\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of the gRPC Header to be matched." + +## obj spec.rules.matches.method + +"Method specifies a gRPC request service/method matcher. If this field is\nnot specified, all services and methods will match." + +### fn spec.rules.matches.method.withMethod + +```ts +withMethod(method) +``` + +"Value of the method to match against. If left empty or omitted, will\nmatch all services.\n\n\nAt least one of Service and Method MUST be a non-empty string." + +### fn spec.rules.matches.method.withService + +```ts +withService(service) +``` + +"Value of the service to match against. If left empty or omitted, will\nmatch any service.\n\n\nAt least one of Service and Method MUST be a non-empty string." + +### fn spec.rules.matches.method.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the service and/or method.\nSupport: Core (Exact with service and method specified)\n\n\nSupport: Implementation-specific (Exact with method specified but no service specified)\n\n\nSupport: Implementation-specific (RegularExpression)" \ No newline at end of file diff --git a/docs/1.1/gateway/v1/httpRoute.md b/docs/1.1/gateway/v1/httpRoute.md new file mode 100644 index 0000000..fb512bb --- /dev/null +++ b/docs/1.1/gateway/v1/httpRoute.md @@ -0,0 +1,1498 @@ +--- +permalink: /1.1/gateway/v1/httpRoute/ +--- + +# gateway.v1.httpRoute + +"HTTPRoute provides a way to route HTTP requests. This includes the capability\nto match requests by hostname, path, header, or query param. Filters can be\nused to specify additional processing steps. Backends specify where matching\nrequests should be routed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.requestRedirect`](#obj-specrulesbackendrefsfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesbackendrefsfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesbackendrefsfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.backendRefs.filters.requestRedirect.path`](#obj-specrulesbackendrefsfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithtype) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.urlRewrite`](#obj-specrulesbackendrefsfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersurlrewritewithhostname) + * [`obj spec.rules.backendRefs.filters.urlRewrite.path`](#obj-specrulesbackendrefsfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithtype) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.requestRedirect`](#obj-specrulesfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.filters.requestRedirect.path`](#obj-specrulesfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersrequestredirectpathwithtype) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters.urlRewrite`](#obj-specrulesfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersurlrewritewithhostname) + * [`obj spec.rules.filters.urlRewrite.path`](#obj-specrulesfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersurlrewritepathwithtype) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`fn withMethod(method)`](#fn-specrulesmatcheswithmethod) + * [`fn withQueryParams(queryParams)`](#fn-specrulesmatcheswithqueryparams) + * [`fn withQueryParamsMixin(queryParams)`](#fn-specrulesmatcheswithqueryparamsmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.path`](#obj-specrulesmatchespath) + * [`fn withType(type)`](#fn-specrulesmatchespathwithtype) + * [`fn withValue(value)`](#fn-specrulesmatchespathwithvalue) + * [`obj spec.rules.matches.queryParams`](#obj-specrulesmatchesqueryparams) + * [`fn withName(name)`](#fn-specrulesmatchesqueryparamswithname) + * [`fn withType(type)`](#fn-specrulesmatchesqueryparamswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesqueryparamswithvalue) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of HTTPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of HTTPRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host\nheader to select a HTTPRoute used to process the request. Implementations\nMUST ignore any port value specified in the HTTP Host header while\nperforming a match and (absent of any applicable header modification\nconfiguration) MUST forward this header unmodified to the backend.\n\n\nValid values for Hostnames are determined by RFC 1123 definition of a\nhostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and HTTPRoute, there\nmust be at least one intersecting hostname for the HTTPRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\n all match. On the other hand, `example.com` and `test.example.net` would\n not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, any\nHTTPRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nHTTPRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` must not be considered for a match.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, and none\nmatch with the criteria above, then the HTTPRoute is not accepted. The\nimplementation must raise an 'Accepted' Condition with a status of\n`False` in the corresponding RouteParentStatus.\n\n\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\noverlapping wildcard matching and exact matching hostnames), precedence must\nbe given to rules from the HTTPRoute with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n\n\nIf ties exist across multiple Routes, the matching precedence rules for\nHTTPRouteMatches takes over.\n\n\nSupport: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host\nheader to select a HTTPRoute used to process the request. Implementations\nMUST ignore any port value specified in the HTTP Host header while\nperforming a match and (absent of any applicable header modification\nconfiguration) MUST forward this header unmodified to the backend.\n\n\nValid values for Hostnames are determined by RFC 1123 definition of a\nhostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and HTTPRoute, there\nmust be at least one intersecting hostname for the HTTPRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\n all match. On the other hand, `example.com` and `test.example.net` would\n not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, any\nHTTPRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nHTTPRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` must not be considered for a match.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, and none\nmatch with the criteria above, then the HTTPRoute is not accepted. The\nimplementation must raise an 'Accepted' Condition with a status of\n`False` in the corresponding RouteParentStatus.\n\n\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\noverlapping wildcard matching and exact matching hostnames), precedence must\nbe given to rules from the HTTPRoute with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n\n\nIf ties exist across multiple Routes, the matching precedence rules for\nHTTPRouteMatches takes over.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\n\n\n\n\n\n" + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\n\n\n\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\n\n\n\n\n\n" + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent.\n\n\nSupport: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\n\n\nSupport: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + +## obj spec.rules + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that can not be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation can not support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that can not be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation can not support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\n\nSupport for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nThis filter can be used multiple times within the same rule.\n\n\nSupport: Implementation-specific" + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.backendRefs.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location`\nheader in the response.\n\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Core" + +## obj spec.rules.backendRefs.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during\nforwarding.\n\n\nSupport: Extended" + +## obj spec.rules.backendRefs.filters.urlRewrite.path + +"Path defines a path rewrite.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that can not be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation can not support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nThis filter can be used multiple times within the same rule.\n\n\nSupport: Implementation-specific" + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location`\nheader in the response.\n\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\n\nSupport: Extended" + +### fn spec.rules.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Extended" + +### fn spec.rules.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Core" + +## obj spec.rules.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\n\nSupport: Extended" + +### fn spec.rules.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\n\nSupport: Extended" + +### fn spec.rules.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during\nforwarding.\n\n\nSupport: Extended" + +## obj spec.rules.filters.urlRewrite.path + +"Path defines a path rewrite.\n\n\nSupport: Extended" + +### fn spec.rules.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + +**Note:** This function appends passed data to existing values + +### fn spec.rules.matches.withMethod + +```ts +withMethod(method) +``` + +"Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\n\nSupport: Extended" + +### fn spec.rules.matches.withQueryParams + +```ts +withQueryParams(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + +### fn spec.rules.matches.withQueryParamsMixin + +```ts +withQueryParamsMixin(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\"." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header.\n\n\nSupport: Core (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches.path + +"Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided." + +### fn spec.rules.matches.path.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the path Value.\n\n\nSupport: Core (Exact, PathPrefix)\n\n\nSupport: Implementation-specific (RegularExpression)" + +### fn spec.rules.matches.path.withValue + +```ts +withValue(value) +``` + +"Value of the HTTP path to match against." + +## obj spec.rules.matches.queryParams + +"QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + +### fn spec.rules.matches.queryParams.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations." + +### fn spec.rules.matches.queryParams.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the query parameter.\n\n\nSupport: Extended (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect." + +### fn spec.rules.matches.queryParams.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP query param to be matched." \ No newline at end of file diff --git a/docs/1.1/gateway/v1/index.md b/docs/1.1/gateway/v1/index.md new file mode 100644 index 0000000..8c03079 --- /dev/null +++ b/docs/1.1/gateway/v1/index.md @@ -0,0 +1,12 @@ +--- +permalink: /1.1/gateway/v1/ +--- + +# gateway.v1 + + + +* [gateway](gateway.md) +* [gatewayClass](gatewayClass.md) +* [grpcRoute](grpcRoute.md) +* [httpRoute](httpRoute.md) \ No newline at end of file diff --git a/docs/1.1/gateway/v1alpha2/grpcRoute.md b/docs/1.1/gateway/v1alpha2/grpcRoute.md new file mode 100644 index 0000000..9f2a91a --- /dev/null +++ b/docs/1.1/gateway/v1alpha2/grpcRoute.md @@ -0,0 +1,1208 @@ +--- +permalink: /1.1/gateway/v1alpha2/grpcRoute/ +--- + +# gateway.v1alpha2.grpcRoute + +"GRPCRoute provides a way to route gRPC requests. This includes the capability\nto match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.\nFilters can be used to specify additional processing steps. Backends specify\nwhere matching requests will be routed.\n\n\nGRPCRoute falls under extended support within the Gateway API. Within the\nfollowing specification, the word \"MUST\" indicates that an implementation\nsupporting GRPCRoute must conform to the indicated requirement, but an\nimplementation not supporting this route type need not follow the requirement\nunless explicitly indicated.\n\n\nImplementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST\naccept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via\nALPN. If the implementation does not support this, then it MUST set the\n\"Accepted\" condition to \"False\" for the affected listener with a reason of\n\"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections\nwith an upgrade from HTTP/1.\n\n\nImplementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST\nsupport HTTP/2 over cleartext TCP (h2c,\nhttps://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial\nupgrade from HTTP/1.1, i.e. with prior knowledge\n(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation\ndoes not support this, then it MUST set the \"Accepted\" condition to \"False\"\nfor the affected listener with a reason of \"UnsupportedProtocol\".\nImplementations MAY also accept HTTP/2 connections with an upgrade from\nHTTP/1, i.e. without prior knowledge." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.method`](#obj-specrulesmatchesmethod) + * [`fn withMethod(method)`](#fn-specrulesmatchesmethodwithmethod) + * [`fn withService(service)`](#fn-specrulesmatchesmethodwithservice) + * [`fn withType(type)`](#fn-specrulesmatchesmethodwithtype) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GRPCRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GRPCRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames to match against the GRPC\nHost header to select a GRPCRoute to process the request. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label MUST appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and GRPCRoute, there\nMUST be at least one intersecting hostname for the GRPCRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `test.example.com` and `*.example.com` would both match. On the other\n hand, `example.com` and `test.example.net` would not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, any\nGRPCRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nGRPCRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` MUST NOT be considered for a match.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, and none\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\nthe implementation. The implementation MUST raise an 'Accepted' Condition\nwith a status of `False` in the corresponding RouteParentStatus.\n\n\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\nListener and that listener already has another Route (B) of the other\ntype attached and the intersection of the hostnames of A and B is\nnon-empty, then the implementation MUST accept exactly one of these two\nroutes, determined by the following criteria, in order:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nThe rejected Route MUST raise an 'Accepted' condition with a status of\n'False' in the corresponding RouteParentStatus.\n\n\nSupport: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames to match against the GRPC\nHost header to select a GRPCRoute to process the request. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label MUST appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and GRPCRoute, there\nMUST be at least one intersecting hostname for the GRPCRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `test.example.com` and `*.example.com` would both match. On the other\n hand, `example.com` and `test.example.net` would not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, any\nGRPCRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nGRPCRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` MUST NOT be considered for a match.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, and none\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\nthe implementation. The implementation MUST raise an 'Accepted' Condition\nwith a status of `False` in the corresponding RouteParentStatus.\n\n\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\nListener and that listener already has another Route (B) of the other\ntype attached and the intersection of the hostnames of A and B is\nnon-empty, then the implementation MUST accept exactly one of these two\nroutes, determined by the following criteria, in order:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nThe rejected Route MUST raise an 'Accepted' condition with a status of\n'False' in the corresponding RouteParentStatus.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\n\n\n\n\n\n" + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\n\n\n\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of GRPC matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of GRPC matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\n\n\n\n\n\n" + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent.\n\n\nSupport: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\n\n\nSupport: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + +## obj spec.rules + +"Rules are a list of GRPC matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nIf an implementation can not support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nIf an implementation can not support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\n\nSupport for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\n" + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nSupport: Implementation-specific\n\n\nThis filter can be used multiple times within the same rule." + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nIf an implementation can not support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\n" + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nSupport: Implementation-specific\n\n\nThis filter can be used multiple times within the same rule." + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the gRPC Header to be matched.\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of the gRPC Header to be matched." + +## obj spec.rules.matches.method + +"Method specifies a gRPC request service/method matcher. If this field is\nnot specified, all services and methods will match." + +### fn spec.rules.matches.method.withMethod + +```ts +withMethod(method) +``` + +"Value of the method to match against. If left empty or omitted, will\nmatch all services.\n\n\nAt least one of Service and Method MUST be a non-empty string." + +### fn spec.rules.matches.method.withService + +```ts +withService(service) +``` + +"Value of the service to match against. If left empty or omitted, will\nmatch any service.\n\n\nAt least one of Service and Method MUST be a non-empty string." + +### fn spec.rules.matches.method.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the service and/or method.\nSupport: Core (Exact with service and method specified)\n\n\nSupport: Implementation-specific (Exact with method specified but no service specified)\n\n\nSupport: Implementation-specific (RegularExpression)" \ No newline at end of file diff --git a/docs/1.1/gateway/v1alpha2/index.md b/docs/1.1/gateway/v1alpha2/index.md new file mode 100644 index 0000000..77e80d7 --- /dev/null +++ b/docs/1.1/gateway/v1alpha2/index.md @@ -0,0 +1,10 @@ +--- +permalink: /1.1/gateway/v1alpha2/ +--- + +# gateway.v1alpha2 + + + +* [grpcRoute](grpcRoute.md) +* [referenceGrant](referenceGrant.md) \ No newline at end of file diff --git a/docs/1.1/gateway/v1alpha2/referenceGrant.md b/docs/1.1/gateway/v1alpha2/referenceGrant.md new file mode 100644 index 0000000..73025a3 --- /dev/null +++ b/docs/1.1/gateway/v1alpha2/referenceGrant.md @@ -0,0 +1,314 @@ +--- +permalink: /1.1/gateway/v1alpha2/referenceGrant/ +--- + +# gateway.v1alpha2.referenceGrant + +"ReferenceGrant identifies kinds of resources in other namespaces that are\ntrusted to reference the specified kinds of resources in the same namespace\nas the policy.\n\n\nEach ReferenceGrant can be used to represent a unique trust relationship.\nAdditional Reference Grants can be used to add to the set of trusted\nsources of inbound references for the namespace they are defined within.\n\n\nA ReferenceGrant is required for all cross-namespace references in Gateway API\n(with the exception of cross-namespace Route-Gateway attachment, which is\ngoverned by the AllowedRoutes configuration on the Gateway, and cross-namespace\nService ParentRefs on a \"consumer\" mesh Route, which defines routing rules\napplicable only to workloads in the Route namespace). ReferenceGrants allowing\na reference from a Route to a Service are only applicable to BackendRefs.\n\n\nReferenceGrant is a form of runtime verification allowing users to assert\nwhich cross-namespace object references are permitted. Implementations that\nsupport ReferenceGrant MUST NOT permit cross-namespace references which have\nno grant, and MUST respond to the removal of a grant by revoking the access\nthat the grant allowed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withFrom(from)`](#fn-specwithfrom) + * [`fn withFromMixin(from)`](#fn-specwithfrommixin) + * [`fn withTo(to)`](#fn-specwithto) + * [`fn withToMixin(to)`](#fn-specwithtomixin) + * [`obj spec.from`](#obj-specfrom) + * [`fn withGroup(group)`](#fn-specfromwithgroup) + * [`fn withKind(kind)`](#fn-specfromwithkind) + * [`fn withNamespace(namespace)`](#fn-specfromwithnamespace) + * [`obj spec.to`](#obj-specto) + * [`fn withGroup(group)`](#fn-spectowithgroup) + * [`fn withKind(kind)`](#fn-spectowithkind) + * [`fn withName(name)`](#fn-spectowithname) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of ReferenceGrant + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of ReferenceGrant." + +### fn spec.withFrom + +```ts +withFrom(from) +``` + +"From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.withFromMixin + +```ts +withFromMixin(from) +``` + +"From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withTo + +```ts +withTo(to) +``` + +"To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.withToMixin + +```ts +withToMixin(to) +``` + +"To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.from + +"From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.from.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen empty, the Kubernetes core API group is inferred.\n\n\nSupport: Core" + +### fn spec.from.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support\nadditional resources, the following types are part of the \"Core\"\nsupport level for this field.\n\n\nWhen used to permit a SecretObjectReference:\n\n\n* Gateway\n\n\nWhen used to permit a BackendObjectReference:\n\n\n* GRPCRoute\n* HTTPRoute\n* TCPRoute\n* TLSRoute\n* UDPRoute" + +### fn spec.from.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent.\n\n\nSupport: Core" + +## obj spec.to + +"To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.to.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen empty, the Kubernetes core API group is inferred.\n\n\nSupport: Core" + +### fn spec.to.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support\nadditional resources, the following types are part of the \"Core\"\nsupport level for this field:\n\n\n* Secret when used to permit a SecretObjectReference\n* Service when used to permit a BackendObjectReference" + +### fn spec.to.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. When unspecified, this policy\nrefers to all resources of the specified Group and Kind in the local\nnamespace." \ No newline at end of file diff --git a/docs/1.1/gateway/v1beta1/gateway.md b/docs/1.1/gateway/v1beta1/gateway.md new file mode 100644 index 0000000..837592e --- /dev/null +++ b/docs/1.1/gateway/v1beta1/gateway.md @@ -0,0 +1,568 @@ +--- +permalink: /1.1/gateway/v1beta1/gateway/ +--- + +# gateway.v1beta1.gateway + +"Gateway represents an instance of a service-traffic handling infrastructure\nby binding Listeners to a set of IP addresses." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withAddresses(addresses)`](#fn-specwithaddresses) + * [`fn withAddressesMixin(addresses)`](#fn-specwithaddressesmixin) + * [`fn withGatewayClassName(gatewayClassName)`](#fn-specwithgatewayclassname) + * [`fn withListeners(listeners)`](#fn-specwithlisteners) + * [`fn withListenersMixin(listeners)`](#fn-specwithlistenersmixin) + * [`obj spec.addresses`](#obj-specaddresses) + * [`fn withType(type)`](#fn-specaddresseswithtype) + * [`fn withValue(value)`](#fn-specaddresseswithvalue) + * [`obj spec.listeners`](#obj-speclisteners) + * [`fn withHostname(hostname)`](#fn-speclistenerswithhostname) + * [`fn withName(name)`](#fn-speclistenerswithname) + * [`fn withPort(port)`](#fn-speclistenerswithport) + * [`fn withProtocol(protocol)`](#fn-speclistenerswithprotocol) + * [`obj spec.listeners.allowedRoutes`](#obj-speclistenersallowedroutes) + * [`fn withKinds(kinds)`](#fn-speclistenersallowedrouteswithkinds) + * [`fn withKindsMixin(kinds)`](#fn-speclistenersallowedrouteswithkindsmixin) + * [`obj spec.listeners.allowedRoutes.kinds`](#obj-speclistenersallowedrouteskinds) + * [`fn withGroup(group)`](#fn-speclistenersallowedrouteskindswithgroup) + * [`fn withKind(kind)`](#fn-speclistenersallowedrouteskindswithkind) + * [`obj spec.listeners.allowedRoutes.namespaces`](#obj-speclistenersallowedroutesnamespaces) + * [`fn withFrom(from)`](#fn-speclistenersallowedroutesnamespaceswithfrom) + * [`obj spec.listeners.allowedRoutes.namespaces.selector`](#obj-speclistenersallowedroutesnamespacesselector) + * [`fn withMatchExpressions(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressions) + * [`fn withMatchExpressionsMixin(matchExpressions)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchexpressionsmixin) + * [`fn withMatchLabels(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabels) + * [`fn withMatchLabelsMixin(matchLabels)`](#fn-speclistenersallowedroutesnamespacesselectorwithmatchlabelsmixin) + * [`obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions`](#obj-speclistenersallowedroutesnamespacesselectormatchexpressions) + * [`fn withKey(key)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithkey) + * [`fn withOperator(operator)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithoperator) + * [`fn withValues(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvalues) + * [`fn withValuesMixin(values)`](#fn-speclistenersallowedroutesnamespacesselectormatchexpressionswithvaluesmixin) + * [`obj spec.listeners.tls`](#obj-speclistenerstls) + * [`fn withCertificateRefs(certificateRefs)`](#fn-speclistenerstlswithcertificaterefs) + * [`fn withCertificateRefsMixin(certificateRefs)`](#fn-speclistenerstlswithcertificaterefsmixin) + * [`fn withMode(mode)`](#fn-speclistenerstlswithmode) + * [`fn withOptions(options)`](#fn-speclistenerstlswithoptions) + * [`fn withOptionsMixin(options)`](#fn-speclistenerstlswithoptionsmixin) + * [`obj spec.listeners.tls.certificateRefs`](#obj-speclistenerstlscertificaterefs) + * [`fn withGroup(group)`](#fn-speclistenerstlscertificaterefswithgroup) + * [`fn withKind(kind)`](#fn-speclistenerstlscertificaterefswithkind) + * [`fn withName(name)`](#fn-speclistenerstlscertificaterefswithname) + * [`fn withNamespace(namespace)`](#fn-speclistenerstlscertificaterefswithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of Gateway + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of Gateway." + +### fn spec.withAddresses + +```ts +withAddresses(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\n\nSupport: Extended\n\n\n" + +### fn spec.withAddressesMixin + +```ts +withAddressesMixin(addresses) +``` + +"Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\n\nSupport: Extended\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withGatewayClassName + +```ts +withGatewayClassName(gatewayClassName) +``` + +"GatewayClassName used for this Gateway. This is the name of a\nGatewayClass resource." + +### fn spec.withListeners + +```ts +withListeners(listeners) +``` + +"Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on their\ntargeted conformance profile:\n\n\nHTTP Profile\n\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\n\nTLS Profile\n\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\n\"Distinct\" Listeners have the following property:\n\n\nThe implementation can match inbound requests to a single distinct\nListener. When multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\n\nFor example, the following Listener scenarios are distinct:\n\n\n1. Multiple Listeners with the same Port that all use the \"HTTP\"\n Protocol that all have unique Hostname values.\n2. Multiple Listeners with the same Port that use either the \"HTTPS\" or\n \"TLS\" Protocol that all have unique Hostname values.\n3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener\n with the same Protocol has the same Port value.\n\n\nSome fields in the Listener struct have possible values that affect\nwhether the Listener is distinct. Hostname is particularly relevant\nfor HTTP or HTTPS protocols.\n\n\nWhen using the Hostname value to select between same-Port, same-Protocol\nListeners, the Hostname value must be different on each Listener for the\nListener to be distinct.\n\n\nWhen the Listeners are distinct based on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\n\nExact matches must be processed before wildcard matches, and wildcard\nmatches must be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are Conflicted, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners. To put this another way, implementations may\naccept a partial Listener set only if they throw out *all* the conflicting\nListeners. No picking one of the conflicting listeners as the winner.\nThis also means that the Gateway must have at least one non-conflicting\nListener in this case, otherwise it violates the requirement that at\nleast one Listener must be present.\n\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n\nA Gateway's Listeners are considered \"compatible\" if:\n\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\n\nNote that requests SHOULD match at most one Listener. For example, if\nListeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\nThis concept is known as \"Listener Isolation\". Implementations that do\nnot support Listener Isolation MUST clearly document this.\n\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\n\nSupport: Core" + +### fn spec.withListenersMixin + +```ts +withListenersMixin(listeners) +``` + +"Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on their\ntargeted conformance profile:\n\n\nHTTP Profile\n\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\n\nTLS Profile\n\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\n\"Distinct\" Listeners have the following property:\n\n\nThe implementation can match inbound requests to a single distinct\nListener. When multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\n\nFor example, the following Listener scenarios are distinct:\n\n\n1. Multiple Listeners with the same Port that all use the \"HTTP\"\n Protocol that all have unique Hostname values.\n2. Multiple Listeners with the same Port that use either the \"HTTPS\" or\n \"TLS\" Protocol that all have unique Hostname values.\n3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener\n with the same Protocol has the same Port value.\n\n\nSome fields in the Listener struct have possible values that affect\nwhether the Listener is distinct. Hostname is particularly relevant\nfor HTTP or HTTPS protocols.\n\n\nWhen using the Hostname value to select between same-Port, same-Protocol\nListeners, the Hostname value must be different on each Listener for the\nListener to be distinct.\n\n\nWhen the Listeners are distinct based on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\n\nExact matches must be processed before wildcard matches, and wildcard\nmatches must be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are Conflicted, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners. To put this another way, implementations may\naccept a partial Listener set only if they throw out *all* the conflicting\nListeners. No picking one of the conflicting listeners as the winner.\nThis also means that the Gateway must have at least one non-conflicting\nListener in this case, otherwise it violates the requirement that at\nleast one Listener must be present.\n\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n\nA Gateway's Listeners are considered \"compatible\" if:\n\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\n\nNote that requests SHOULD match at most one Listener. For example, if\nListeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\nThis concept is known as \"Listener Isolation\". Implementations that do\nnot support Listener Isolation MUST clearly document this.\n\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.addresses + +"Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\n\nSupport: Extended\n\n\n" + +### fn spec.addresses.withType + +```ts +withType(type) +``` + +"Type of the address." + +### fn spec.addresses.withValue + +```ts +withValue(value) +``` + +"Value of the address. The validity of the values will depend\non the type and support by the controller.\n\n\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`." + +## obj spec.listeners + +"Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on their\ntargeted conformance profile:\n\n\nHTTP Profile\n\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\n\nTLS Profile\n\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\n\"Distinct\" Listeners have the following property:\n\n\nThe implementation can match inbound requests to a single distinct\nListener. When multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\n\nFor example, the following Listener scenarios are distinct:\n\n\n1. Multiple Listeners with the same Port that all use the \"HTTP\"\n Protocol that all have unique Hostname values.\n2. Multiple Listeners with the same Port that use either the \"HTTPS\" or\n \"TLS\" Protocol that all have unique Hostname values.\n3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, where no Listener\n with the same Protocol has the same Port value.\n\n\nSome fields in the Listener struct have possible values that affect\nwhether the Listener is distinct. Hostname is particularly relevant\nfor HTTP or HTTPS protocols.\n\n\nWhen using the Hostname value to select between same-Port, same-Protocol\nListeners, the Hostname value must be different on each Listener for the\nListener to be distinct.\n\n\nWhen the Listeners are distinct based on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\n\nExact matches must be processed before wildcard matches, and wildcard\nmatches must be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are Conflicted, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners. To put this another way, implementations may\naccept a partial Listener set only if they throw out *all* the conflicting\nListeners. No picking one of the conflicting listeners as the winner.\nThis also means that the Gateway must have at least one non-conflicting\nListener in this case, otherwise it violates the requirement that at\nleast one Listener must be present.\n\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n\nA Gateway's Listeners are considered \"compatible\" if:\n\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\n\nNote that requests SHOULD match at most one Listener. For example, if\nListeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\nThis concept is known as \"Listener Isolation\". Implementations that do\nnot support Listener Isolation MUST clearly document this.\n\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\n\nSupport: Core" + +### fn spec.listeners.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname specifies the virtual hostname to match for protocol types that\ndefine this concept. When unspecified, all hostnames are matched. This\nfield is ignored for protocols that don't require hostname based\nmatching.\n\n\nImplementations MUST apply Hostname matching appropriately for each of\nthe following protocols:\n\n\n* TLS: The Listener Hostname MUST match the SNI.\n* HTTP: The Listener Hostname MUST match the Host header of the request.\n* HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP\n protocol layers as described above. If an implementation does not\n ensure that both the SNI and Host header match the Listener hostname,\n it MUST clearly document that.\n\n\nFor HTTPRoute and TLSRoute resources, there is an interaction with the\n`spec.hostnames` array. When both listener and route specify hostnames,\nthere MUST be an intersection between the values for a Route to be\naccepted. For more information, refer to the Route specific Hostnames\ndocumentation.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nSupport: Core" + +### fn spec.listeners.withName + +```ts +withName(name) +``` + +"Name is the name of the Listener. This name MUST be unique within a\nGateway.\n\n\nSupport: Core" + +### fn spec.listeners.withPort + +```ts +withPort(port) +``` + +"Port is the network port. Multiple listeners may use the\nsame port, subject to the Listener compatibility rules.\n\n\nSupport: Core" + +### fn spec.listeners.withProtocol + +```ts +withProtocol(protocol) +``` + +"Protocol specifies the network protocol this listener expects to receive.\n\n\nSupport: Core" + +## obj spec.listeners.allowedRoutes + +"AllowedRoutes defines the types of routes that MAY be attached to a\nListener and the trusted namespaces where those Route resources MAY be\npresent.\n\n\nAlthough a client request may match multiple route rules, only one rule\nmay ultimately receive the request. Matching precedence MUST be\ndetermined in order of the following criteria:\n\n\n* The most specific match as defined by the Route type.\n* The oldest Route based on creation timestamp. For example, a Route with\n a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over\n a Route with a creation timestamp of \"2020-09-08 01:02:04\".\n* If everything else is equivalent, the Route appearing first in\n alphabetical order (namespace/name) should be given precedence. For\n example, foo/bar is given precedence over foo/baz.\n\n\nAll valid rules within a Route attached to this Listener should be\nimplemented. Invalid Route rules can be ignored (sometimes that will mean\nthe full Route). If a Route rule transitions from valid to invalid,\nsupport for that Route rule should be dropped to ensure consistency. For\nexample, even if a filter specified by a Route rule is invalid, the rest\nof the rules within that Route should still be supported.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.withKinds + +```ts +withKinds(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.withKindsMixin + +```ts +withKindsMixin(kinds) +``` + +"Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.kinds + +"Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.kinds.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the Route." + +### fn spec.listeners.allowedRoutes.kinds.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the Route." + +## obj spec.listeners.allowedRoutes.namespaces + +"Namespaces indicates namespaces from which Routes may be attached to this\nListener. This is restricted to the namespace of this Gateway by default.\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.namespaces.withFrom + +```ts +withFrom(from) +``` + +"From indicates where Routes will be selected for this Gateway. Possible\nvalues are:\n\n\n* All: Routes in all namespaces may be used by this Gateway.\n* Selector: Routes in namespaces selected by the selector may be used by\n this Gateway.\n* Same: Only Routes in the same namespace may be used by this Gateway.\n\n\nSupport: Core" + +## obj spec.listeners.allowedRoutes.namespaces.selector + +"Selector must be specified when From is set to \"Selector\". In that case,\nonly Routes in Namespaces matching this Selector will be selected by this\nGateway. This field is ignored for other values of \"From\".\n\n\nSupport: Core" + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressions + +```ts +withMatchExpressions(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchExpressionsMixin + +```ts +withMatchExpressionsMixin(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabels + +```ts +withMatchLabels(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.withMatchLabelsMixin + +```ts +withMatchLabelsMixin(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.allowedRoutes.namespaces.selector.matchExpressions + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withKey + +```ts +withKey(key) +``` + +"key is the label key that the selector applies to." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withOperator + +```ts +withOperator(operator) +``` + +"operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValues + +```ts +withValues(values) +``` + +"values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + +### fn spec.listeners.allowedRoutes.namespaces.selector.matchExpressions.withValuesMixin + +```ts +withValuesMixin(values) +``` + +"values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls + +"TLS is the TLS configuration for the Listener. This field is required if\nthe Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field\nif the Protocol field is \"HTTP\", \"TCP\", or \"UDP\".\n\n\nThe association of SNIs to Certificate defined in GatewayTLSConfig is\ndefined based on the Hostname field for this listener.\n\n\nThe GatewayClass MUST use the longest matching SNI out of all\navailable certificates for any TLS handshake.\n\n\nSupport: Core" + +### fn spec.listeners.tls.withCertificateRefs + +```ts +withCertificateRefs(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\n\nSupport: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.withCertificateRefsMixin + +```ts +withCertificateRefsMixin(certificateRefs) +``` + +"CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\n\nSupport: Implementation-specific (More than one reference or other resource types)" + +**Note:** This function appends passed data to existing values + +### fn spec.listeners.tls.withMode + +```ts +withMode(mode) +``` + +"Mode defines the TLS behavior for the TLS session initiated by the client.\nThere are two possible modes:\n\n\n- Terminate: The TLS session between the downstream client and the\n Gateway is terminated at the Gateway. This mode requires certificates\n to be specified in some way, such as populating the certificateRefs\n field.\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\n implies that the Gateway can't decipher the TLS stream except for\n the ClientHello message of the TLS protocol. The certificateRefs field\n is ignored in this mode.\n\n\nSupport: Core" + +### fn spec.listeners.tls.withOptions + +```ts +withOptions(options) +``` + +"Options are a list of key/value pairs to enable extended TLS\nconfiguration for each implementation. For example, configuring the\nminimum TLS version or supported cipher suites.\n\n\nA set of common keys MAY be defined by the API in the future. To avoid\nany ambiguity, implementation-specific definitions MUST use\ndomain-prefixed names, such as `example.com/my-custom-option`.\nUn-prefixed names are reserved for key names defined by Gateway API.\n\n\nSupport: Implementation-specific" + +### fn spec.listeners.tls.withOptionsMixin + +```ts +withOptionsMixin(options) +``` + +"Options are a list of key/value pairs to enable extended TLS\nconfiguration for each implementation. For example, configuring the\nminimum TLS version or supported cipher suites.\n\n\nA set of common keys MAY be defined by the API in the future. To avoid\nany ambiguity, implementation-specific definitions MUST use\ndomain-prefixed names, such as `example.com/my-custom-option`.\nUn-prefixed names are reserved for key names defined by Gateway API.\n\n\nSupport: Implementation-specific" + +**Note:** This function appends passed data to existing values + +## obj spec.listeners.tls.certificateRefs + +"CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\n\nSupport: Implementation-specific (More than one reference or other resource types)" + +### fn spec.listeners.tls.certificateRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.listeners.tls.certificateRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"Secret\"." + +### fn spec.listeners.tls.certificateRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.listeners.tls.certificateRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" \ No newline at end of file diff --git a/docs/1.1/gateway/v1beta1/gatewayClass.md b/docs/1.1/gateway/v1beta1/gatewayClass.md new file mode 100644 index 0000000..18906c2 --- /dev/null +++ b/docs/1.1/gateway/v1beta1/gatewayClass.md @@ -0,0 +1,269 @@ +--- +permalink: /1.1/gateway/v1beta1/gatewayClass/ +--- + +# gateway.v1beta1.gatewayClass + +"GatewayClass describes a class of Gateways available to the user for creating\nGateway resources.\n\n\nIt is recommended that this resource be used as a template for Gateways. This\nmeans that a Gateway is based on the state of the GatewayClass at the time it\nwas created and changes to the GatewayClass or associated parameters are not\npropagated down to existing Gateways. This recommendation is intended to\nlimit the blast radius of changes to GatewayClass or associated parameters.\nIf implementations choose to propagate GatewayClass changes to existing\nGateways, that MUST be clearly documented by the implementation.\n\n\nWhenever one or more Gateways are using a GatewayClass, implementations SHOULD\nadd the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the\nassociated GatewayClass. This ensures that a GatewayClass associated with a\nGateway is not deleted while in use.\n\n\nGatewayClass is a Cluster level resource." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withControllerName(controllerName)`](#fn-specwithcontrollername) + * [`fn withDescription(description)`](#fn-specwithdescription) + * [`obj spec.parametersRef`](#obj-specparametersref) + * [`fn withGroup(group)`](#fn-specparametersrefwithgroup) + * [`fn withKind(kind)`](#fn-specparametersrefwithkind) + * [`fn withName(name)`](#fn-specparametersrefwithname) + * [`fn withNamespace(namespace)`](#fn-specparametersrefwithnamespace) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of GatewayClass + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of GatewayClass." + +### fn spec.withControllerName + +```ts +withControllerName(controllerName) +``` + +"ControllerName is the name of the controller that is managing Gateways of\nthis class. The value of this field MUST be a domain prefixed path.\n\n\nExample: \"example.net/gateway-controller\".\n\n\nThis field is not mutable and cannot be empty.\n\n\nSupport: Core" + +### fn spec.withDescription + +```ts +withDescription(description) +``` + +"Description helps describe a GatewayClass with more details." + +## obj spec.parametersRef + +"ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the GatewayClass. This is optional if the\ncontroller does not require any additional configuration.\n\n\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\nor an implementation-specific custom resource. The resource can be\ncluster-scoped or namespace-scoped.\n\n\nIf the referent cannot be found, the GatewayClass's \"InvalidParameters\"\nstatus condition will be true.\n\n\nA Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\n\nSupport: Implementation-specific" + +### fn spec.parametersRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent." + +### fn spec.parametersRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent." + +### fn spec.parametersRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.parametersRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent.\nThis field is required when referring to a Namespace-scoped resource and\nMUST be unset when referring to a Cluster-scoped resource." \ No newline at end of file diff --git a/docs/1.1/gateway/v1beta1/httpRoute.md b/docs/1.1/gateway/v1beta1/httpRoute.md new file mode 100644 index 0000000..fb5d636 --- /dev/null +++ b/docs/1.1/gateway/v1beta1/httpRoute.md @@ -0,0 +1,1498 @@ +--- +permalink: /1.1/gateway/v1beta1/httpRoute/ +--- + +# gateway.v1beta1.httpRoute + +"HTTPRoute provides a way to route HTTP requests. This includes the capability\nto match requests by hostname, path, header, or query param. Filters can be\nused to specify additional processing steps. Backends specify where matching\nrequests should be routed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withHostnames(hostnames)`](#fn-specwithhostnames) + * [`fn withHostnamesMixin(hostnames)`](#fn-specwithhostnamesmixin) + * [`fn withParentRefs(parentRefs)`](#fn-specwithparentrefs) + * [`fn withParentRefsMixin(parentRefs)`](#fn-specwithparentrefsmixin) + * [`fn withRules(rules)`](#fn-specwithrules) + * [`fn withRulesMixin(rules)`](#fn-specwithrulesmixin) + * [`obj spec.parentRefs`](#obj-specparentrefs) + * [`fn withGroup(group)`](#fn-specparentrefswithgroup) + * [`fn withKind(kind)`](#fn-specparentrefswithkind) + * [`fn withName(name)`](#fn-specparentrefswithname) + * [`fn withNamespace(namespace)`](#fn-specparentrefswithnamespace) + * [`fn withPort(port)`](#fn-specparentrefswithport) + * [`fn withSectionName(sectionName)`](#fn-specparentrefswithsectionname) + * [`obj spec.rules`](#obj-specrules) + * [`fn withBackendRefs(backendRefs)`](#fn-specruleswithbackendrefs) + * [`fn withBackendRefsMixin(backendRefs)`](#fn-specruleswithbackendrefsmixin) + * [`fn withFilters(filters)`](#fn-specruleswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specruleswithfiltersmixin) + * [`fn withMatches(matches)`](#fn-specruleswithmatches) + * [`fn withMatchesMixin(matches)`](#fn-specruleswithmatchesmixin) + * [`obj spec.rules.backendRefs`](#obj-specrulesbackendrefs) + * [`fn withFilters(filters)`](#fn-specrulesbackendrefswithfilters) + * [`fn withFiltersMixin(filters)`](#fn-specrulesbackendrefswithfiltersmixin) + * [`fn withGroup(group)`](#fn-specrulesbackendrefswithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefswithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefswithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefswithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefswithport) + * [`fn withWeight(weight)`](#fn-specrulesbackendrefswithweight) + * [`obj spec.rules.backendRefs.filters`](#obj-specrulesbackendrefsfilters) + * [`fn withType(type)`](#fn-specrulesbackendrefsfilterswithtype) + * [`obj spec.rules.backendRefs.filters.extensionRef`](#obj-specrulesbackendrefsfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersextensionrefwithname) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier`](#obj-specrulesbackendrefsfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.add`](#obj-specrulesbackendrefsfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.requestHeaderModifier.set`](#obj-specrulesbackendrefsfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.requestMirror`](#obj-specrulesbackendrefsfiltersrequestmirror) + * [`obj spec.rules.backendRefs.filters.requestMirror.backendRef`](#obj-specrulesbackendrefsfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.backendRefs.filters.requestRedirect`](#obj-specrulesbackendrefsfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesbackendrefsfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesbackendrefsfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesbackendrefsfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.backendRefs.filters.requestRedirect.path`](#obj-specrulesbackendrefsfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersrequestredirectpathwithtype) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier`](#obj-specrulesbackendrefsfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesbackendrefsfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.add`](#obj-specrulesbackendrefsfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.backendRefs.filters.responseHeaderModifier.set`](#obj-specrulesbackendrefsfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesbackendrefsfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.backendRefs.filters.urlRewrite`](#obj-specrulesbackendrefsfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesbackendrefsfiltersurlrewritewithhostname) + * [`obj spec.rules.backendRefs.filters.urlRewrite.path`](#obj-specrulesbackendrefsfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesbackendrefsfiltersurlrewritepathwithtype) + * [`obj spec.rules.filters`](#obj-specrulesfilters) + * [`fn withType(type)`](#fn-specrulesfilterswithtype) + * [`obj spec.rules.filters.extensionRef`](#obj-specrulesfiltersextensionref) + * [`fn withGroup(group)`](#fn-specrulesfiltersextensionrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersextensionrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersextensionrefwithname) + * [`obj spec.rules.filters.requestHeaderModifier`](#obj-specrulesfiltersrequestheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersrequestheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersrequestheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersrequestheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersrequestheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersrequestheadermodifierwithsetmixin) + * [`obj spec.rules.filters.requestHeaderModifier.add`](#obj-specrulesfiltersrequestheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifieraddwithvalue) + * [`obj spec.rules.filters.requestHeaderModifier.set`](#obj-specrulesfiltersrequestheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersrequestheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersrequestheadermodifiersetwithvalue) + * [`obj spec.rules.filters.requestMirror`](#obj-specrulesfiltersrequestmirror) + * [`obj spec.rules.filters.requestMirror.backendRef`](#obj-specrulesfiltersrequestmirrorbackendref) + * [`fn withGroup(group)`](#fn-specrulesfiltersrequestmirrorbackendrefwithgroup) + * [`fn withKind(kind)`](#fn-specrulesfiltersrequestmirrorbackendrefwithkind) + * [`fn withName(name)`](#fn-specrulesfiltersrequestmirrorbackendrefwithname) + * [`fn withNamespace(namespace)`](#fn-specrulesfiltersrequestmirrorbackendrefwithnamespace) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestmirrorbackendrefwithport) + * [`obj spec.rules.filters.requestRedirect`](#obj-specrulesfiltersrequestredirect) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersrequestredirectwithhostname) + * [`fn withPort(port)`](#fn-specrulesfiltersrequestredirectwithport) + * [`fn withScheme(scheme)`](#fn-specrulesfiltersrequestredirectwithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specrulesfiltersrequestredirectwithstatuscode) + * [`obj spec.rules.filters.requestRedirect.path`](#obj-specrulesfiltersrequestredirectpath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersrequestredirectpathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersrequestredirectpathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersrequestredirectpathwithtype) + * [`obj spec.rules.filters.responseHeaderModifier`](#obj-specrulesfiltersresponseheadermodifier) + * [`fn withAdd(add)`](#fn-specrulesfiltersresponseheadermodifierwithadd) + * [`fn withAddMixin(add)`](#fn-specrulesfiltersresponseheadermodifierwithaddmixin) + * [`fn withRemove(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremove) + * [`fn withRemoveMixin(remove)`](#fn-specrulesfiltersresponseheadermodifierwithremovemixin) + * [`fn withSet(set)`](#fn-specrulesfiltersresponseheadermodifierwithset) + * [`fn withSetMixin(set)`](#fn-specrulesfiltersresponseheadermodifierwithsetmixin) + * [`obj spec.rules.filters.responseHeaderModifier.add`](#obj-specrulesfiltersresponseheadermodifieradd) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifieraddwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifieraddwithvalue) + * [`obj spec.rules.filters.responseHeaderModifier.set`](#obj-specrulesfiltersresponseheadermodifierset) + * [`fn withName(name)`](#fn-specrulesfiltersresponseheadermodifiersetwithname) + * [`fn withValue(value)`](#fn-specrulesfiltersresponseheadermodifiersetwithvalue) + * [`obj spec.rules.filters.urlRewrite`](#obj-specrulesfiltersurlrewrite) + * [`fn withHostname(hostname)`](#fn-specrulesfiltersurlrewritewithhostname) + * [`obj spec.rules.filters.urlRewrite.path`](#obj-specrulesfiltersurlrewritepath) + * [`fn withReplaceFullPath(replaceFullPath)`](#fn-specrulesfiltersurlrewritepathwithreplacefullpath) + * [`fn withReplacePrefixMatch(replacePrefixMatch)`](#fn-specrulesfiltersurlrewritepathwithreplaceprefixmatch) + * [`fn withType(type)`](#fn-specrulesfiltersurlrewritepathwithtype) + * [`obj spec.rules.matches`](#obj-specrulesmatches) + * [`fn withHeaders(headers)`](#fn-specrulesmatcheswithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specrulesmatcheswithheadersmixin) + * [`fn withMethod(method)`](#fn-specrulesmatcheswithmethod) + * [`fn withQueryParams(queryParams)`](#fn-specrulesmatcheswithqueryparams) + * [`fn withQueryParamsMixin(queryParams)`](#fn-specrulesmatcheswithqueryparamsmixin) + * [`obj spec.rules.matches.headers`](#obj-specrulesmatchesheaders) + * [`fn withName(name)`](#fn-specrulesmatchesheaderswithname) + * [`fn withType(type)`](#fn-specrulesmatchesheaderswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesheaderswithvalue) + * [`obj spec.rules.matches.path`](#obj-specrulesmatchespath) + * [`fn withType(type)`](#fn-specrulesmatchespathwithtype) + * [`fn withValue(value)`](#fn-specrulesmatchespathwithvalue) + * [`obj spec.rules.matches.queryParams`](#obj-specrulesmatchesqueryparams) + * [`fn withName(name)`](#fn-specrulesmatchesqueryparamswithname) + * [`fn withType(type)`](#fn-specrulesmatchesqueryparamswithtype) + * [`fn withValue(value)`](#fn-specrulesmatchesqueryparamswithvalue) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of HTTPRoute + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of HTTPRoute." + +### fn spec.withHostnames + +```ts +withHostnames(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host\nheader to select a HTTPRoute used to process the request. Implementations\nMUST ignore any port value specified in the HTTP Host header while\nperforming a match and (absent of any applicable header modification\nconfiguration) MUST forward this header unmodified to the backend.\n\n\nValid values for Hostnames are determined by RFC 1123 definition of a\nhostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and HTTPRoute, there\nmust be at least one intersecting hostname for the HTTPRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\n all match. On the other hand, `example.com` and `test.example.net` would\n not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, any\nHTTPRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nHTTPRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` must not be considered for a match.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, and none\nmatch with the criteria above, then the HTTPRoute is not accepted. The\nimplementation must raise an 'Accepted' Condition with a status of\n`False` in the corresponding RouteParentStatus.\n\n\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\noverlapping wildcard matching and exact matching hostnames), precedence must\nbe given to rules from the HTTPRoute with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n\n\nIf ties exist across multiple Routes, the matching precedence rules for\nHTTPRouteMatches takes over.\n\n\nSupport: Core" + +### fn spec.withHostnamesMixin + +```ts +withHostnamesMixin(hostnames) +``` + +"Hostnames defines a set of hostnames that should match against the HTTP Host\nheader to select a HTTPRoute used to process the request. Implementations\nMUST ignore any port value specified in the HTTP Host header while\nperforming a match and (absent of any applicable header modification\nconfiguration) MUST forward this header unmodified to the backend.\n\n\nValid values for Hostnames are determined by RFC 1123 definition of a\nhostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and HTTPRoute, there\nmust be at least one intersecting hostname for the HTTPRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\n all match. On the other hand, `example.com` and `test.example.net` would\n not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, any\nHTTPRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nHTTPRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` must not be considered for a match.\n\n\nIf both the Listener and HTTPRoute have specified hostnames, and none\nmatch with the criteria above, then the HTTPRoute is not accepted. The\nimplementation must raise an 'Accepted' Condition with a status of\n`False` in the corresponding RouteParentStatus.\n\n\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\noverlapping wildcard matching and exact matching hostnames), precedence must\nbe given to rules from the HTTPRoute with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n\n\nIf ties exist across multiple Routes, the matching precedence rules for\nHTTPRouteMatches takes over.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withParentRefs + +```ts +withParentRefs(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\n\n\n\n\n\n" + +### fn spec.withParentRefsMixin + +```ts +withParentRefsMixin(parentRefs) +``` + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\n\n\n\n\n\n" + +**Note:** This function appends passed data to existing values + +### fn spec.withRules + +```ts +withRules(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.withRulesMixin + +```ts +withRulesMixin(rules) +``` + +"Rules are a list of HTTP matchers, filters and actions." + +**Note:** This function appends passed data to existing values + +## obj spec.parentRefs + +"ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\n\n\n\n\n\n" + +### fn spec.parentRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core" + +### fn spec.parentRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific." + +### fn spec.parentRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent.\n\n\nSupport: Core" + +### fn spec.parentRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\n\n\nSupport: Core" + +### fn spec.parentRefs.withPort + +```ts +withPort(port) +``` + +"Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended" + +### fn spec.parentRefs.withSectionName + +```ts +withSectionName(sectionName) +``` + +"SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core" + +## obj spec.rules + +"Rules are a list of HTTP matchers, filters and actions." + +### fn spec.rules.withBackendRefs + +```ts +withBackendRefs(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.withBackendRefsMixin + +```ts +withBackendRefsMixin(backendRefs) +``` + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withFilters + +```ts +withFilters(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that can not be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation can not support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that can not be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation can not support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.withMatches + +```ts +withMatches(matches) +``` + +"Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.withMatchesMixin + +```ts +withMatchesMixin(matches) +``` + +"Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned." + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs + +"BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Extended for Kubernetes ServiceImport\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core" + +### fn spec.rules.backendRefs.withFilters + +```ts +withFilters(filters) +``` + +"Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.withFiltersMixin + +```ts +withFiltersMixin(filters) +``` + +"Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +### fn spec.rules.backendRefs.withWeight + +```ts +withWeight(weight) +``` + +"Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\n\nSupport for this field varies based on the context where used." + +## obj spec.rules.backendRefs.filters + +"Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)" + +### fn spec.rules.backendRefs.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nThis filter can be used multiple times within the same rule.\n\n\nSupport: Implementation-specific" + +### fn spec.rules.backendRefs.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.backendRefs.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.backendRefs.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.backendRefs.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\n\nSupport: Core" + +### fn spec.rules.backendRefs.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location`\nheader in the response.\n\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Core" + +## obj spec.rules.backendRefs.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.backendRefs.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.backendRefs.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during\nforwarding.\n\n\nSupport: Extended" + +## obj spec.rules.backendRefs.filters.urlRewrite.path + +"Path defines a path rewrite.\n\n\nSupport: Extended" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.backendRefs.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.filters + +"Filters define the filters that are applied to requests that match\nthis rule.\n\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that can not be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation can not support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core" + +### fn spec.rules.filters.withType + +```ts +withType(type) +``` + +"Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.filters.extensionRef + +"ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nThis filter can be used multiple times within the same rule.\n\n\nSupport: Implementation-specific" + +### fn spec.rules.filters.extensionRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.extensionRef.withKind + +```ts +withKind(kind) +``` + +"Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\"." + +### fn spec.rules.filters.extensionRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +## obj spec.rules.filters.requestHeaderModifier + +"RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.requestHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.requestHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.requestHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.requestHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.requestHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.requestHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.requestMirror + +"RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended" + +## obj spec.rules.filters.requestMirror.backendRef + +"BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource" + +### fn spec.rules.filters.requestMirror.backendRef.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred." + +### fn spec.rules.filters.requestMirror.backendRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)" + +### fn spec.rules.filters.requestMirror.backendRef.withName + +```ts +withName(name) +``` + +"Name is the name of the referent." + +### fn spec.rules.filters.requestMirror.backendRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestMirror.backendRef.withPort + +```ts +withPort(port) +``` + +"Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field." + +## obj spec.rules.filters.requestRedirect + +"RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestRedirect.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\n\nSupport: Core" + +### fn spec.rules.filters.requestRedirect.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location`\nheader in the response.\n\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\n\nSupport: Extended" + +### fn spec.rules.filters.requestRedirect.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Extended" + +### fn spec.rules.filters.requestRedirect.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\n\nSupport: Core" + +## obj spec.rules.filters.requestRedirect.path + +"Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\n\nSupport: Extended" + +### fn spec.rules.filters.requestRedirect.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.filters.requestRedirect.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.filters.requestRedirect.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.filters.responseHeaderModifier + +"ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended" + +### fn spec.rules.filters.responseHeaderModifier.withAdd + +```ts +withAdd(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.withAddMixin + +```ts +withAddMixin(add) +``` + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withRemove + +```ts +withRemove(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +### fn spec.rules.filters.responseHeaderModifier.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar" + +**Note:** This function appends passed data to existing values + +### fn spec.rules.filters.responseHeaderModifier.withSet + +```ts +withSet(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.filters.responseHeaderModifier.add + +"Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz" + +### fn spec.rules.filters.responseHeaderModifier.add.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.add.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.responseHeaderModifier.set + +"Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar" + +### fn spec.rules.filters.responseHeaderModifier.set.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent." + +### fn spec.rules.filters.responseHeaderModifier.set.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.filters.urlRewrite + +"URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\n\nSupport: Extended" + +### fn spec.rules.filters.urlRewrite.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the value to be used to replace the Host header value during\nforwarding.\n\n\nSupport: Extended" + +## obj spec.rules.filters.urlRewrite.path + +"Path defines a path rewrite.\n\n\nSupport: Extended" + +### fn spec.rules.filters.urlRewrite.path.withReplaceFullPath + +```ts +withReplaceFullPath(replaceFullPath) +``` + +"ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect." + +### fn spec.rules.filters.urlRewrite.path.withReplacePrefixMatch + +```ts +withReplacePrefixMatch(replacePrefixMatch) +``` + +"ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path\n-------------|--------------|----------------|----------\n/foo/bar | /foo | /xyz | /xyz/bar\n/foo/bar | /foo | /xyz/ | /xyz/bar\n/foo/bar | /foo/ | /xyz | /xyz/bar\n/foo/bar | /foo/ | /xyz/ | /xyz/bar\n/foo | /foo | /xyz | /xyz\n/foo/ | /foo | /xyz | /xyz/\n/foo/bar | /foo | | /bar\n/foo/ | /foo | | /\n/foo | /foo | | /\n/foo/ | /foo | / | /\n/foo | /foo | / | /" + +### fn spec.rules.filters.urlRewrite.path.withType + +```ts +withType(type) +``` + +"Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`." + +## obj spec.rules.matches + +"Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned." + +### fn spec.rules.matches.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + +### fn spec.rules.matches.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + +**Note:** This function appends passed data to existing values + +### fn spec.rules.matches.withMethod + +```ts +withMethod(method) +``` + +"Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\n\nSupport: Extended" + +### fn spec.rules.matches.withQueryParams + +```ts +withQueryParams(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + +### fn spec.rules.matches.withQueryParamsMixin + +```ts +withQueryParamsMixin(queryParams) +``` + +"QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + +**Note:** This function appends passed data to existing values + +## obj spec.rules.matches.headers + +"Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route." + +### fn spec.rules.matches.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\"." + +### fn spec.rules.matches.headers.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the header.\n\n\nSupport: Core (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect." + +### fn spec.rules.matches.headers.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP Header to be matched." + +## obj spec.rules.matches.path + +"Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided." + +### fn spec.rules.matches.path.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the path Value.\n\n\nSupport: Core (Exact, PathPrefix)\n\n\nSupport: Implementation-specific (RegularExpression)" + +### fn spec.rules.matches.path.withValue + +```ts +withValue(value) +``` + +"Value of the HTTP path to match against." + +## obj spec.rules.matches.queryParams + +"QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\n\nSupport: Extended" + +### fn spec.rules.matches.queryParams.withName + +```ts +withName(name) +``` + +"Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations." + +### fn spec.rules.matches.queryParams.withType + +```ts +withType(type) +``` + +"Type specifies how to match against the value of the query parameter.\n\n\nSupport: Extended (Exact)\n\n\nSupport: Implementation-specific (RegularExpression)\n\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect." + +### fn spec.rules.matches.queryParams.withValue + +```ts +withValue(value) +``` + +"Value is the value of HTTP query param to be matched." \ No newline at end of file diff --git a/docs/1.1/gateway/v1beta1/index.md b/docs/1.1/gateway/v1beta1/index.md new file mode 100644 index 0000000..676f89c --- /dev/null +++ b/docs/1.1/gateway/v1beta1/index.md @@ -0,0 +1,12 @@ +--- +permalink: /1.1/gateway/v1beta1/ +--- + +# gateway.v1beta1 + + + +* [gateway](gateway.md) +* [gatewayClass](gatewayClass.md) +* [httpRoute](httpRoute.md) +* [referenceGrant](referenceGrant.md) \ No newline at end of file diff --git a/docs/1.1/gateway/v1beta1/referenceGrant.md b/docs/1.1/gateway/v1beta1/referenceGrant.md new file mode 100644 index 0000000..c9166d4 --- /dev/null +++ b/docs/1.1/gateway/v1beta1/referenceGrant.md @@ -0,0 +1,314 @@ +--- +permalink: /1.1/gateway/v1beta1/referenceGrant/ +--- + +# gateway.v1beta1.referenceGrant + +"ReferenceGrant identifies kinds of resources in other namespaces that are\ntrusted to reference the specified kinds of resources in the same namespace\nas the policy.\n\n\nEach ReferenceGrant can be used to represent a unique trust relationship.\nAdditional Reference Grants can be used to add to the set of trusted\nsources of inbound references for the namespace they are defined within.\n\n\nAll cross-namespace references in Gateway API (with the exception of cross-namespace\nGateway-route attachment) require a ReferenceGrant.\n\n\nReferenceGrant is a form of runtime verification allowing users to assert\nwhich cross-namespace object references are permitted. Implementations that\nsupport ReferenceGrant MUST NOT permit cross-namespace references which have\nno grant, and MUST respond to the removal of a grant by revoking the access\nthat the grant allowed." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withFrom(from)`](#fn-specwithfrom) + * [`fn withFromMixin(from)`](#fn-specwithfrommixin) + * [`fn withTo(to)`](#fn-specwithto) + * [`fn withToMixin(to)`](#fn-specwithtomixin) + * [`obj spec.from`](#obj-specfrom) + * [`fn withGroup(group)`](#fn-specfromwithgroup) + * [`fn withKind(kind)`](#fn-specfromwithkind) + * [`fn withNamespace(namespace)`](#fn-specfromwithnamespace) + * [`obj spec.to`](#obj-specto) + * [`fn withGroup(group)`](#fn-spectowithgroup) + * [`fn withKind(kind)`](#fn-spectowithkind) + * [`fn withName(name)`](#fn-spectowithname) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of ReferenceGrant + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"Spec defines the desired state of ReferenceGrant." + +### fn spec.withFrom + +```ts +withFrom(from) +``` + +"From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.withFromMixin + +```ts +withFromMixin(from) +``` + +"From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +### fn spec.withTo + +```ts +withTo(to) +``` + +"To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.withToMixin + +```ts +withToMixin(to) +``` + +"To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\n\nSupport: Core" + +**Note:** This function appends passed data to existing values + +## obj spec.from + +"From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.from.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen empty, the Kubernetes core API group is inferred.\n\n\nSupport: Core" + +### fn spec.from.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support\nadditional resources, the following types are part of the \"Core\"\nsupport level for this field.\n\n\nWhen used to permit a SecretObjectReference:\n\n\n* Gateway\n\n\nWhen used to permit a BackendObjectReference:\n\n\n* GRPCRoute\n* HTTPRoute\n* TCPRoute\n* TLSRoute\n* UDPRoute" + +### fn spec.from.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of the referent.\n\n\nSupport: Core" + +## obj spec.to + +"To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\n\nSupport: Core" + +### fn spec.to.withGroup + +```ts +withGroup(group) +``` + +"Group is the group of the referent.\nWhen empty, the Kubernetes core API group is inferred.\n\n\nSupport: Core" + +### fn spec.to.withKind + +```ts +withKind(kind) +``` + +"Kind is the kind of the referent. Although implementations may support\nadditional resources, the following types are part of the \"Core\"\nsupport level for this field:\n\n\n* Secret when used to permit a SecretObjectReference\n* Service when used to permit a BackendObjectReference" + +### fn spec.to.withName + +```ts +withName(name) +``` + +"Name is the name of the referent. When unspecified, this policy\nrefers to all resources of the specified Group and Kind in the local\nnamespace." \ No newline at end of file diff --git a/docs/README.md b/docs/README.md index 8c68543..d69470c 100644 --- a/docs/README.md +++ b/docs/README.md @@ -5,3 +5,8 @@ This library is generated with [`k8s`](https://github.com/jsonnet-libs/k8s). - [0.7](0.7/README.md) - [0.8](0.8/README.md) - [1.0](1.0/README.md) +- [1.1](1.1/README.md) +- [0.7-experimental](0.7-experimental/README.md) +- [0.8-experimental](0.8-experimental/README.md) +- [1.0-experimental](1.0-experimental/README.md) +- [1.1-experimental](1.1-experimental/README.md)