@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
33kind : CustomResourceDefinition
44metadata :
55 annotations :
6- controller-gen.kubebuilder.io/version : v0.15.0
6+ controller-gen.kubebuilder.io/version : v0.16.1
77 labels :
88 gateway.networking.k8s.io/policy : inherited
99 name : clientsettingspolicies.gateway.nginx.org
@@ -160,27 +160,22 @@ spec:
160160 the controller first sees the policy and SHOULD update the entry as
161161 appropriate when the relevant ancestor is modified.
162162
163-
164163 Note that choosing the relevant ancestor is left to the Policy designers;
165164 an important part of Policy design is designing the right object level at
166165 which to namespace this status.
167166
168-
169167 Note also that implementations MUST ONLY populate ancestor status for
170168 the Ancestor resources they are responsible for. Implementations MUST
171169 use the ControllerName field to uniquely identify the entries in this list
172170 that they are responsible for.
173171
174-
175172 Note that to achieve this, the list of PolicyAncestorStatus structs
176173 MUST be treated as a map with a composite key, made up of the AncestorRef
177174 and ControllerName fields combined.
178175
179-
180176 A maximum of 16 ancestors will be represented in this list. An empty list
181177 means the Policy is not relevant for any ancestors.
182178
183-
184179 If this slice is full, implementations MUST NOT add further entries.
185180 Instead they MUST consider the policy unimplementable and signal that
186181 on any related resources such as the ancestor that would be referenced
@@ -192,7 +187,6 @@ spec:
192187 PolicyAncestorStatus describes the status of a route with respect to an
193188 associated Ancestor.
194189
195-
196190 Ancestors refer to objects that are either the Target of a policy or above it
197191 in terms of object hierarchy. For example, if a policy targets a Service, the
198192 Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and
@@ -201,28 +195,23 @@ spec:
201195 SHOULD use Gateway as the PolicyAncestorStatus object unless the designers
202196 have a _very_ good reason otherwise.
203197
204-
205198 In the context of policy attachment, the Ancestor is used to distinguish which
206199 resource results in a distinct application of this policy. For example, if a policy
207200 targets a Service, it may have a distinct result per attached Gateway.
208201
209-
210202 Policies targeting the same resource may have different effects depending on the
211203 ancestors of those resources. For example, different Gateways targeting the same
212204 Service may have different capabilities, especially if they have different underlying
213205 implementations.
214206
215-
216207 For example, in BackendTLSPolicy, the Policy attaches to a Service that is
217208 used as a backend in a HTTPRoute that is itself attached to a Gateway.
218209 In this case, the relevant object for status is the Gateway, and that is the
219210 ancestor object referred to in this status.
220211
221-
222212 Note that a parent is also an ancestor, so for objects where the parent is the
223213 relevant object for status, this struct SHOULD still be used.
224214
225-
226215 This struct is intended to be used in a slice that's effectively a map,
227216 with a composite key made up of the AncestorRef and the ControllerName.
228217properties :
@@ -239,7 +228,6 @@ spec:
239228 To set the core API group (such as for a "Service" kind referent),
240229 Group must be explicitly set to "" (empty string).
241230
242-
243231 Support: Core
244232maxLength : 253
245233 pattern : ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -249,14 +237,11 @@ spec:
249237 description : |-
250238 Kind is kind of the referent.
251239
252-
253240 There are two kinds of parent resources with "Core" support:
254241
255-
256242 * Gateway (Gateway conformance profile)
257243 * Service (Mesh conformance profile, ClusterIP Services only)
258244
259-
260245 Support for other resources is Implementation-Specific.
261246maxLength : 63
262247 minLength : 1
@@ -266,7 +251,6 @@ spec:
266251 description : |-
267252 Name is the name of the referent.
268253
269-
270254 Support: Core
271255maxLength : 253
272256 minLength : 1
@@ -276,28 +260,24 @@ spec:
276260 Namespace is the namespace of the referent. When unspecified, this refers
277261 to the local namespace of the Route.
278262
279-
280263 Note that there are specific rules for ParentRefs which cross namespace
281264 boundaries. Cross-namespace references are only valid if they are explicitly
282265 allowed by something in the namespace they are referring to. For example:
283266 Gateway has the AllowedRoutes field, and ReferenceGrant provides a
284267 generic way to enable any other kind of cross-namespace reference.
285268
286-
287269 <gateway:experimental:description>
288270 ParentRefs from a Route to a Service in the same namespace are "producer"
289271 routes, which apply default routing rules to inbound connections from
290272 any namespace to the Service.
291273
292-
293274 ParentRefs from a Route to a Service in a different namespace are
294275 "consumer" routes, and these routing rules are only applied to outbound
295276 connections originating from the same namespace as the Route, for which
296277 the intended destination of the connections are a Service targeted as a
297278 ParentRef of the Route.
298279 </gateway:experimental:description>
299280
300-
301281 Support: Core
302282maxLength : 63
303283 minLength : 1
@@ -308,7 +288,6 @@ spec:
308288 Port is the network port this Route targets. It can be interpreted
309289 differently based on the type of parent resource.
310290
311-
312291 When the parent resource is a Gateway, this targets all listeners
313292 listening on the specified port that also support this kind of Route(and
314293 select this Route). It's not recommended to set `Port` unless the
@@ -317,19 +296,16 @@ spec:
317296 and SectionName are specified, the name and port of the selected listener
318297 must match both specified values.
319298
320-
321299 <gateway:experimental:description>
322300 When the parent resource is a Service, this targets a specific port in the
323301 Service spec. When both Port (experimental) and SectionName are specified,
324302 the name and port of the selected port must match both specified values.
325303 </gateway:experimental:description>
326304
327-
328305 Implementations MAY choose to support other parent resources.
329306 Implementations supporting other types of parent resources MUST clearly
330307 document how/if Port is interpreted.
331308
332-
333309 For the purpose of status, an attachment is considered successful as
334310 long as the parent resource accepts it partially. For example, Gateway
335311 listeners can restrict which Routes can attach to them by Route kind,
@@ -338,7 +314,6 @@ spec:
338314 attached. If no Gateway listeners accept attachment from this Route,
339315 the Route MUST be considered detached from the Gateway.
340316
341-
342317 Support: Extended
343318format : int32
344319 maximum : 65535
@@ -349,20 +324,17 @@ spec:
349324 SectionName is the name of a section within the target resource. In the
350325 following resources, SectionName is interpreted as the following:
351326
352-
353327 * Gateway: Listener name. When both Port (experimental) and SectionName
354328 are specified, the name and port of the selected listener must match
355329 both specified values.
356330 * Service: Port name. When both Port (experimental) and SectionName
357331 are specified, the name and port of the selected listener must match
358332 both specified values.
359333
360-
361334 Implementations MAY choose to support attaching Routes to other resources.
362335 If that is the case, they MUST clearly document how SectionName is
363336 interpreted.
364337
365-
366338 When unspecified (empty string), this will reference the entire resource.
367339 For the purpose of status, an attachment is considered successful if at
368340 least one section in the parent resource accepts it. For example, Gateway
@@ -372,7 +344,6 @@ spec:
372344 attached. If no Gateway listeners accept attachment from this Route, the
373345 Route MUST be considered detached from the Gateway.
374346
375-
376347 Support: Core
377348maxLength : 253
378349 minLength : 1
@@ -385,18 +356,8 @@ spec:
385356 description : Conditions describes the status of the Policy with
386357 respect to the given Ancestor.
387358 items :
388- description : " Condition contains details for one aspect of
389- the current state of this API Resource.\n ---\n This struct
390- is intended for direct use as an array at the field path
391- .status.conditions. For example,\n\n\n\t type FooStatus
392- struct{\n\t // Represents the observations of a foo's
393- current state.\n\t // Known .status.conditions.type are:
394- \" Available\" , \" Progressing\" , and \" Degraded\"\n\t //
395- +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
396- +listType=map\n\t // +listMapKey=type\n\t Conditions
397- []metav1.Condition `json:\" conditions,omitempty\" patchStrategy:\" merge\"
398- patchMergeKey:\" type\" protobuf:\" bytes,1,rep,name=conditions\" `\n\n\n\t
399- \ // other fields\n\t }"
359+ description : Condition contains details for one aspect of
360+ the current state of this API Resource.
400361 properties :
401362 lastTransitionTime :
402363 description : |-
@@ -438,12 +399,7 @@ spec:
438399 - Unknown
439400 type : string
440401 type :
441- description : |-
442- type of condition in CamelCase or in foo.example.com/CamelCase.
443- ---
444- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
445- useful (see .node.status.conditions), the ability to deconflict is important.
446- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
402+ description : type of condition in CamelCase or in foo.example.com/CamelCase.
447403 maxLength : 316
448404 pattern : ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
449405 type : string
@@ -466,15 +422,12 @@ spec:
466422 controller that wrote this status. This corresponds with the
467423 controllerName field on GatewayClass.
468424
469-
470425 Example: "example.net/gateway-controller".
471426
472-
473427 The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
474428 valid Kubernetes names
475429 (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
476430
477-
478431 Controllers MUST populate this field when writing status. Controllers should ensure that
479432 entries to status populated with their ControllerName are cleaned up when they are no
480433 longer necessary.
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
0 commit comments