Skip to content

Commit

Permalink
Update gateway-APIs to rc1 in preparation for 1.0 release (#21)
Browse files Browse the repository at this point in the history
Signed-off-by: Eitan Yarmush <[email protected]>
  • Loading branch information
EItanya authored Oct 25, 2023
1 parent aab9467 commit 53a520c
Show file tree
Hide file tree
Showing 13 changed files with 260 additions and 125 deletions.
7 changes: 5 additions & 2 deletions src/apis/experimental/gatewayclasses.rs
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
// WARNING: generated by kopium - manual changes will be overwritten
// kopium command: kopium -Af -
// kopium version: 0.15.0
// kopium version: 0.16.1

use kube::CustomResource;
use schemars::JsonSchema;
use serde::{Serialize, Deserialize};

/// Spec defines the desired state of GatewayClass.
#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, JsonSchema)]
#[kube(group = "gateway.networking.k8s.io", version = "v1beta1", kind = "GatewayClass", plural = "gatewayclasses")]
#[kube(group = "gateway.networking.k8s.io", version = "v1", kind = "GatewayClass", plural = "gatewayclasses")]
#[kube(status = "GatewayClassStatus")]
pub struct GatewayClassSpec {
/// ControllerName is the name of the controller that is managing Gateways of this class. The value of this field MUST be a domain prefixed path.
Expand Down Expand Up @@ -53,6 +53,9 @@ pub struct GatewayClassStatus {
/// Controllers should prefer to publish conditions using values of GatewayClassConditionType for the type of each Condition.
#[serde(default, skip_serializing_if = "Option::is_none")]
pub conditions: Option<Vec<GatewayClassStatusConditions>>,
/// SupportedFeatures is the set of features the GatewayClass support. It MUST be sorted in ascending alphabetical order.
#[serde(default, skip_serializing_if = "Option::is_none", rename = "supportedFeatures")]
pub supported_features: Option<Vec<String>>,
}

/// Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example,
Expand Down
80 changes: 60 additions & 20 deletions src/apis/experimental/gateways.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
// WARNING: generated by kopium - manual changes will be overwritten
// kopium command: kopium -Af -
// kopium version: 0.15.0
// kopium version: 0.16.1

use kube::CustomResource;
use schemars::JsonSchema;
Expand All @@ -9,13 +9,12 @@ use std::collections::BTreeMap;

/// Spec defines the desired state of Gateway.
#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, JsonSchema)]
#[kube(group = "gateway.networking.k8s.io", version = "v1beta1", kind = "Gateway", plural = "gateways")]
#[kube(group = "gateway.networking.k8s.io", version = "v1", kind = "Gateway", plural = "gateways")]
#[kube(namespaced)]
#[kube(status = "GatewayStatus")]
pub struct GatewaySpec {
/// Addresses requested for this Gateway. This is optional and behavior can depend on the implementation. If a value is set in the spec and the requested address is invalid or unavailable, the implementation MUST indicate this in the associated entry in GatewayStatus.Addresses.
/// The Addresses field represents a request for the address(es) on the "outside of the Gateway", that traffic bound for this Gateway will use. This could be the IP address or hostname of an external load balancer or other networking infrastructure, or some other address that traffic will be sent to.
/// The .listener.hostname field is used to route traffic that has already arrived at the Gateway to the correct in-cluster destination.
/// If no Addresses are specified, the implementation MAY schedule the Gateway in an implementation-specific manner, assigning an appropriate set of Addresses.
/// The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway and add a corresponding entry in GatewayStatus.Addresses.
/// Support: Extended
Expand All @@ -25,20 +24,38 @@ pub struct GatewaySpec {
/// GatewayClassName used for this Gateway. This is the name of a GatewayClass resource.
#[serde(rename = "gatewayClassName")]
pub gateway_class_name: String,
/// Infrastructure defines infrastructure level attributes about this Gateway instance.
/// Support: Core
///
#[serde(default, skip_serializing_if = "Option::is_none")]
pub infrastructure: Option<GatewayInfrastructure>,
/// Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified.
/// Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol.
/// Within the HTTP Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported:
/// 1. Port: 80, Protocol: HTTP 2. Port: 443, Protocol: HTTPS
/// Within the TLS Conformance Profile, the below combinations of port and protocol are considered Core and MUST be supported:
/// 1. Port: 443, Protocol: TLS
/// Port and protocol combinations not listed above are considered Extended.
/// An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are "compatible". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways.
/// For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met:
/// 1. Either each Listener within the group specifies the "HTTP" Protocol or each Listener within the group specifies either the "HTTPS" or "TLS" Protocol.
/// 2. Each Listener within the group specifies a Hostname that is unique within the group.
/// 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches.
/// If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches.
/// If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a "Conflicted" condition in the Listener status.
/// Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses "set of Listeners" rather than "Listeners in a single Gateway" because implementations MAY merge configuration from multiple Gateways onto a single data plane, and these rules _also_ apply in that case).
/// Practically, this means that each listener in a set MUST have a unique combination of Port, Protocol, and, if supported by the protocol, Hostname.
/// Some combinations of port, protocol, and TLS settings are considered Core support and MUST be supported by implementations based on their targeted conformance profile:
/// HTTP Profile
/// 1. HTTPRoute, Port: 80, Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided
/// TLS Profile
/// 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough
/// "Distinct" Listeners have the following property:
/// The implementation can match inbound requests to a single distinct Listener. When multiple Listeners share values for fields (for example, two Listeners with the same Port value), the implementation can match requests to only one of the Listeners using other Listener fields.
/// For example, the following Listener scenarios are distinct:
/// 1. Multiple Listeners with the same Port that all use the "HTTP" Protocol that all have unique Hostname values. 2. Multiple Listeners with the same Port that use either the "HTTPS" or "TLS" Protocol that all have unique Hostname values. 3. A mixture of "TCP" and "UDP" Protocol Listeners, where no Listener with the same Protocol has the same Port value.
/// Some fields in the Listener struct have possible values that affect whether the Listener is distinct. Hostname is particularly relevant for HTTP or HTTPS protocols.
/// When using the Hostname value to select between same-Port, same-Protocol Listeners, the Hostname value must be different on each Listener for the Listener to be distinct.
/// When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from the most specific to least specific Hostname values to choose the correct Listener and its associated set of Routes.
/// Exact matches must be processed before wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `"foo.example.com"` takes precedence over `"*.example.com"`, and `"*.example.com"` takes precedence over `""`.
/// Additionally, if there are multiple wildcard entries, more specific wildcard entries must be processed before less specific wildcard entries. For example, `"*.foo.example.com"` takes precedence over `"*.example.com"`. The precise definition here is that the higher the number of dots in the hostname to the right of the wildcard character, the higher the precedence.
/// The wildcard character will match any number of characters _and dots_ to the left, however, so `"*.example.com"` will match both `"foo.bar.example.com"` _and_ `"bar.example.com"`.
/// If a set of Listeners contains Listeners that are not distinct, then those Listeners are Conflicted, and the implementation MUST set the "Conflicted" condition in the Listener Status to "True".
/// Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they only accept the partial Listener set that contains no Conflicted Listeners. To put this another way, implementations may accept a partial Listener set only if they throw out *all* the conflicting Listeners. No picking one of the conflicting listeners as the winner. This also means that the Gateway must have at least one non-conflicting Listener in this case, otherwise it violates the requirement that at least one Listener must be present.
/// The implementation MUST set a "ListenersNotValid" condition on the Gateway Status when the Gateway contains Conflicted Listeners whether or not they accept the Gateway. That Condition SHOULD clearly indicate in the Message which Listeners are conflicted, and which are Accepted. Additionally, the Listener status for those listeners SHOULD indicate which Listeners are conflicted and not Accepted.
/// A Gateway's Listeners are considered "compatible" if:
/// 1. They are distinct. 2. The implementation can serve them in compliance with the Addresses requirement that all Listeners are available on all assigned addresses.
/// Compatible combinations in Extended support are expected to vary across implementations. A combination that is compatible for one implementation may not be compatible for another.
/// For example, an implementation that cannot serve both TCP and UDP listeners on the same address, or cannot mix HTTPS and generic TLS listens on the same port would not consider those cases compatible, even though they are distinct.
/// Note that requests SHOULD match at most one Listener. For example, if Listeners are defined for "foo.example.com" and "*.example.com", a request to "foo.example.com" SHOULD only be routed using routes attached to the "foo.example.com" Listener (and not the "*.example.com" Listener). This concept is known as "Listener Isolation". Implementations that do not support Listener Isolation MUST clearly document this.
/// Implementations MAY merge separate Gateways onto a single set of Addresses if all Listeners across all Gateways are compatible.
/// Support: Core
pub listeners: Vec<GatewayListeners>,
}
Expand All @@ -54,6 +71,25 @@ pub struct GatewayAddresses {
pub value: String,
}

/// Infrastructure defines infrastructure level attributes about this Gateway instance.
/// Support: Core
///
#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)]
pub struct GatewayInfrastructure {
/// Annotations that SHOULD be applied to any resources created in response to this Gateway.
/// For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources. For other implementations, this refers to any relevant (implementation specific) "annotations" concepts.
/// An implementation may chose to add additional implementation-specific annotations as they see fit.
/// Support: Extended
#[serde(default, skip_serializing_if = "Option::is_none")]
pub annotations: Option<BTreeMap<String, String>>,
/// Labels that SHOULD be applied to any resources created in response to this Gateway.
/// For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources. For other implementations, this refers to any relevant (implementation specific) "labels" concepts.
/// An implementation may chose to add additional implementation-specific labels as they see fit.
/// Support: Extended
#[serde(default, skip_serializing_if = "Option::is_none")]
pub labels: Option<BTreeMap<String, String>>,
}

/// Listener embodies the concept of a logical endpoint where a Gateway accepts network connections.
#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)]
pub struct GatewayListeners {
Expand Down Expand Up @@ -205,7 +241,7 @@ pub struct GatewayListenersTlsCertificateRefs {
pub kind: Option<String>,
/// Name is the name of the referent.
pub name: String,
/// Namespace is the namespace of the backend. When unspecified, the local namespace is inferred.
/// Namespace is the namespace of the referenced object. When unspecified, the local namespace is inferred.
/// Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
/// Support: Core
#[serde(default, skip_serializing_if = "Option::is_none")]
Expand All @@ -225,7 +261,9 @@ pub enum GatewayListenersTlsMode {
/// Status defines the current state of Gateway.
#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)]
pub struct GatewayStatus {
/// Addresses lists the IP addresses that have actually been bound to the Gateway. These addresses may differ from the addresses in the Spec, e.g. if the Gateway automatically assigns an address from a reserved pool.
/// Addresses lists the network addresses that have been bound to the Gateway.
/// This list may differ from the addresses provided in the spec under some conditions:
/// * no addresses are specified, all addresses are dynamically assigned * a combination of specified and dynamic addresses are assigned * a specified address was unusable (e.g. already in use)
///
#[serde(default, skip_serializing_if = "Option::is_none")]
pub addresses: Option<Vec<GatewayStatusAddresses>>,
Expand All @@ -240,7 +278,7 @@ pub struct GatewayStatus {
pub listeners: Option<Vec<GatewayStatusListeners>>,
}

/// GatewayStatusAddress describes an address that is bound to a Gateway.
/// GatewayStatusAddress describes a network address that is bound to a Gateway.
#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)]
pub struct GatewayStatusAddresses {
/// Type of the address.
Expand Down Expand Up @@ -286,7 +324,9 @@ pub enum GatewayStatusConditionsStatus {
/// ListenerStatus is the status associated with a Listener.
#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)]
pub struct GatewayStatusListeners {
/// AttachedRoutes represents the total number of accepted Routes that have been successfully attached to this Listener.
/// AttachedRoutes represents the total number of Routes that have been successfully attached to this Listener.
/// Successful attachment of a Route to a Listener is based solely on the combination of the AllowedRoutes field on the corresponding Listener and the Route's ParentRefs field. A Route is successfully attached to a Listener when it is selected by the Listener's AllowedRoutes field AND the Route has a valid ParentRef selecting the whole Gateway resource or a specific Listener as a parent resource (more detail on attachment semantics can be found in the documentation on the various Route kinds ParentRefs fields). Listener or Route status does not impact successful attachment, i.e. the AttachedRoutes field count MUST be set for Listeners with condition Accepted: false and MUST count successfully attached Routes that may themselves have Accepted: false conditions.
/// Uses for this field include troubleshooting Route attachment and measuring blast radius/impact of changes to a Listener.
#[serde(rename = "attachedRoutes")]
pub attached_routes: i32,
/// Conditions describe the current condition of this listener.
Expand Down
Loading

0 comments on commit 53a520c

Please sign in to comment.