Traefik & Kubernetes with Gateway API

The Kubernetes Gateway API, The Experimental Way.

Gateway API is the evolution of Kubernetes APIs that relate to Services, such as Ingress. The Gateway API project is part of Kubernetes, working under SIG-NETWORK.

The Kubernetes Gateway provider is a Traefik implementation of the Gateway API specifications from the Kubernetes Special Interest Groups (SIGs).

This provider is proposed as an experimental feature and partially supports the Gateway API v0.4.0 specification.

Enabling The Experimental Kubernetes Gateway Provider

Since this provider is still experimental, it needs to be activated in the experimental section of the static configuration.

File (YAML)

  1. experimental:
  2. kubernetesGateway: true
  3. providers:
  4. kubernetesGateway: {}
  5. #...

File (TOML)

  1. [experimental]
  2. kubernetesGateway = true
  3. [providers.kubernetesGateway]
  4. #...

CLI

  1. --experimental.kubernetesgateway=true --providers.kubernetesgateway=true #...

Configuration Requirements

All Steps for a Successful Deployment

  • Add/update the Kubernetes Gateway API definitions.
  • Add/update the RBAC for the Traefik custom resources.
  • Add all needed Kubernetes Gateway API resources.

Examples

Kubernetes Gateway Provider Basic Example

Gateway API

  1. ---
  2. apiVersion: gateway.networking.k8s.io/v1alpha2
  3. kind: GatewayClass
  4. metadata:
  5. name: my-gateway-class
  6. spec:
  7. controllerName: traefik.io/gateway-controller
  8. ---
  9. apiVersion: gateway.networking.k8s.io/v1alpha2
  10. kind: Gateway
  11. metadata:
  12. name: my-gateway
  13. spec:
  14. gatewayClassName: my-gateway-class
  15. listeners:
  16. - name: https
  17. protocol: HTTPS
  18. port: 443
  19. tls:
  20. certificateRefs:
  21. - kind: Secret
  22. name: mysecret
  23. ---
  24. apiVersion: gateway.networking.k8s.io/v1alpha2
  25. kind: HTTPRoute
  26. metadata:
  27. name: http-app
  28. namespace: default
  29. spec:
  30. parentRefs:
  31. - name: my-gateway
  32. hostnames:
  33. - whoami
  34. rules:
  35. - matches:
  36. - path:
  37. type: Exact
  38. value: /foo
  39. backendRefs:
  40. - name: whoami
  41. port: 80
  42. weight: 1

Whoami Service

  1. ---
  2. apiVersion: apps/v1
  3. kind: Deployment
  4. metadata:
  5. name: whoami
  6. spec:
  7. replicas: 2
  8. selector:
  9. matchLabels:
  10. app: whoami
  11. template:
  12. metadata:
  13. labels:
  14. app: whoami
  15. spec:
  16. containers:
  17. - name: whoami
  18. image: traefik/whoami
  19. ---
  20. apiVersion: v1
  21. kind: Service
  22. metadata:
  23. name: whoami
  24. spec:
  25. selector:
  26. app: whoami
  27. ports:
  28. - protocol: TCP
  29. port: 80

Traefik Service

  1. ---
  2. apiVersion: v1
  3. kind: ServiceAccount
  4. metadata:
  5. name: traefik-controller
  6. ---
  7. apiVersion: apps/v1
  8. kind: Deployment
  9. metadata:
  10. name: traefik
  11. spec:
  12. replicas: 1
  13. selector:
  14. matchLabels:
  15. app: traefik-lb
  16. template:
  17. metadata:
  18. labels:
  19. app: traefik-lb
  20. spec:
  21. serviceAccountName: traefik-controller
  22. containers:
  23. - name: traefik
  24. image: traefik:v2.11
  25. args:
  26. - --entrypoints.web.address=:80
  27. - --entrypoints.websecure.address=:443
  28. - --experimental.kubernetesgateway
  29. - --providers.kubernetesgateway
  30. ports:
  31. - name: web
  32. containerPort: 80
  33. - name: websecure
  34. containerPort: 443
  35. ---
  36. apiVersion: v1
  37. kind: Service
  38. metadata:
  39. name: traefik
  40. spec:
  41. type: LoadBalancer
  42. selector:
  43. app: traefik-lb
  44. ports:
  45. - protocol: TCP
  46. port: 80
  47. targetPort: web
  48. name: web
  49. - protocol: TCP
  50. port: 443
  51. targetPort: websecure
  52. name: websecure

Gateway API CRDs

  1. # All resources definition must be declared
  2. ---
  3. apiVersion: apiextensions.k8s.io/v1
  4. kind: CustomResourceDefinition
  5. metadata:
  6. annotations:
  7. api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/891
  8. creationTimestamp: null
  9. name: gatewayclasses.gateway.networking.k8s.io
  10. spec:
  11. group: gateway.networking.k8s.io
  12. names:
  13. categories:
  14. - gateway-api
  15. kind: GatewayClass
  16. listKind: GatewayClassList
  17. plural: gatewayclasses
  18. shortNames:
  19. - gc
  20. singular: gatewayclass
  21. scope: Cluster
  22. versions:
  23. - additionalPrinterColumns:
  24. - jsonPath: .spec.controller
  25. name: Controller
  26. type: string
  27. - jsonPath: .metadata.creationTimestamp
  28. name: Age
  29. type: date
  30. - jsonPath: .spec.description
  31. name: Description
  32. priority: 1
  33. type: string
  34. name: v1alpha2
  35. schema:
  36. openAPIV3Schema:
  37. description: "GatewayClass describes a class of Gateways available to the
  38. user for creating Gateway resources. \n It is recommended that this resource
  39. be used as a template for Gateways. This means that a Gateway is based on
  40. the state of the GatewayClass at the time it was created and changes to
  41. the GatewayClass or associated parameters are not propagated down to existing
  42. Gateways. This recommendation is intended to limit the blast radius of changes
  43. to GatewayClass or associated parameters. If implementations choose to propagate
  44. GatewayClass changes to existing Gateways, that MUST be clearly documented
  45. by the implementation. \n Whenever one or more Gateways are using a GatewayClass,
  46. implementations MUST add the `gateway-exists-finalizer.gateway.networking.k8s.io`
  47. finalizer on the associated GatewayClass. This ensures that a GatewayClass
  48. associated with a Gateway is not deleted while in use. \n GatewayClass is
  49. a Cluster level resource."
  50. properties:
  51. apiVersion:
  52. description: 'APIVersion defines the versioned schema of this representation
  53. of an object. Servers should convert recognized schemas to the latest
  54. internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  55. type: string
  56. kind:
  57. description: 'Kind is a string value representing the REST resource this
  58. object represents. Servers may infer this from the endpoint the client
  59. submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  60. type: string
  61. metadata:
  62. type: object
  63. spec:
  64. description: Spec defines the desired state of GatewayClass.
  65. properties:
  66. controllerName:
  67. description: "ControllerName is the name of the controller that is
  68. managing Gateways of this class. The value of this field MUST be
  69. a domain prefixed path. \n Example: \"example.net/gateway-controller\".
  70. \n This field is not mutable and cannot be empty. \n Support: Core"
  71. maxLength: 253
  72. minLength: 1
  73. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
  74. type: string
  75. description:
  76. description: Description helps describe a GatewayClass with more details.
  77. maxLength: 64
  78. type: string
  79. parametersRef:
  80. description: "ParametersRef is a reference to a resource that contains
  81. the configuration parameters corresponding to the GatewayClass.
  82. This is optional if the controller does not require any additional
  83. configuration. \n ParametersRef can reference a standard Kubernetes
  84. resource, i.e. ConfigMap, or an implementation-specific custom resource.
  85. The resource can be cluster-scoped or namespace-scoped. \n If the
  86. referent cannot be found, the GatewayClass's \"InvalidParameters\"
  87. status condition will be true. \n Support: Custom"
  88. properties:
  89. group:
  90. description: Group is the group of the referent.
  91. maxLength: 253
  92. pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  93. type: string
  94. kind:
  95. description: Kind is kind of the referent.
  96. maxLength: 63
  97. minLength: 1
  98. pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
  99. type: string
  100. name:
  101. description: Name is the name of the referent.
  102. maxLength: 253
  103. minLength: 1
  104. type: string
  105. namespace:
  106. description: Namespace is the namespace of the referent. This
  107. field is required when referring to a Namespace-scoped resource
  108. and MUST be unset when referring to a Cluster-scoped resource.
  109. maxLength: 63
  110. minLength: 1
  111. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
  112. type: string
  113. required:
  114. - group
  115. - kind
  116. - name
  117. type: object
  118. required:
  119. - controllerName
  120. type: object
  121. status:
  122. default:
  123. conditions:
  124. - lastTransitionTime: "1970-01-01T00:00:00Z"
  125. message: Waiting for controller
  126. reason: Waiting
  127. status: Unknown
  128. type: Accepted
  129. description: Status defines the current state of GatewayClass.
  130. properties:
  131. conditions:
  132. default:
  133. - lastTransitionTime: "1970-01-01T00:00:00Z"
  134. message: Waiting for controller
  135. reason: Waiting
  136. status: Unknown
  137. type: Accepted
  138. description: "Conditions is the current status from the controller
  139. for this GatewayClass. \n Controllers should prefer to publish conditions
  140. using values of GatewayClassConditionType for the type of each Condition."
  141. items:
  142. description: "Condition contains details for one aspect of the current
  143. state of this API Resource. --- This struct is intended for direct
  144. use as an array at the field path .status.conditions. For example,
  145. type FooStatus struct{ // Represents the observations of a
  146. foo's current state. // Known .status.conditions.type are:
  147. \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
  148. \ // +patchStrategy=merge // +listType=map // +listMapKey=type
  149. \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
  150. patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
  151. \n // other fields }"
  152. properties:
  153. lastTransitionTime:
  154. description: lastTransitionTime is the last time the condition
  155. transitioned from one status to another. This should be when
  156. the underlying condition changed. If that is not known, then
  157. using the time when the API field changed is acceptable.
  158. format: date-time
  159. type: string
  160. message:
  161. description: message is a human readable message indicating
  162. details about the transition. This may be an empty string.
  163. maxLength: 32768
  164. type: string
  165. observedGeneration:
  166. description: observedGeneration represents the .metadata.generation
  167. that the condition was set based upon. For instance, if .metadata.generation
  168. is currently 12, but the .status.conditions[x].observedGeneration
  169. is 9, the condition is out of date with respect to the current
  170. state of the instance.
  171. format: int64
  172. minimum: 0
  173. type: integer
  174. reason:
  175. description: reason contains a programmatic identifier indicating
  176. the reason for the condition's last transition. Producers
  177. of specific condition types may define expected values and
  178. meanings for this field, and whether the values are considered
  179. a guaranteed API. The value should be a CamelCase string.
  180. This field may not be empty.
  181. maxLength: 1024
  182. minLength: 1
  183. pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
  184. type: string
  185. status:
  186. description: status of the condition, one of True, False, Unknown.
  187. enum:
  188. - "True"
  189. - "False"
  190. - Unknown
  191. type: string
  192. type:
  193. description: type of condition in CamelCase or in foo.example.com/CamelCase.
  194. --- Many .condition.type values are consistent across resources
  195. like Available, but because arbitrary conditions can be useful
  196. (see .node.status.conditions), the ability to deconflict is
  197. important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
  198. maxLength: 316
  199. pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
  200. type: string
  201. required:
  202. - lastTransitionTime
  203. - message
  204. - reason
  205. - status
  206. - type
  207. type: object
  208. maxItems: 8
  209. type: array
  210. x-kubernetes-list-map-keys:
  211. - type
  212. x-kubernetes-list-type: map
  213. type: object
  214. required:
  215. - spec
  216. type: object
  217. served: true
  218. storage: true
  219. subresources:
  220. status: {}
  221. status:
  222. acceptedNames:
  223. kind: ""
  224. plural: ""
  225. conditions: []
  226. storedVersions: []
  227. ---
  228. apiVersion: apiextensions.k8s.io/v1
  229. kind: CustomResourceDefinition
  230. metadata:
  231. annotations:
  232. api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/891
  233. creationTimestamp: null
  234. name: gateways.gateway.networking.k8s.io
  235. spec:
  236. group: gateway.networking.k8s.io
  237. names:
  238. categories:
  239. - gateway-api
  240. kind: Gateway
  241. listKind: GatewayList
  242. plural: gateways
  243. shortNames:
  244. - gtw
  245. singular: gateway
  246. scope: Namespaced
  247. versions:
  248. - additionalPrinterColumns:
  249. - jsonPath: .spec.gatewayClassName
  250. name: Class
  251. type: string
  252. - jsonPath: .status.addresses[*].value
  253. name: Address
  254. type: string
  255. - jsonPath: .status.conditions[?(@.type=="Ready")].status
  256. name: Ready
  257. type: string
  258. - jsonPath: .metadata.creationTimestamp
  259. name: Age
  260. type: date
  261. name: v1alpha2
  262. schema:
  263. openAPIV3Schema:
  264. description: Gateway represents an instance of a service-traffic handling
  265. infrastructure by binding Listeners to a set of IP addresses.
  266. properties:
  267. apiVersion:
  268. description: 'APIVersion defines the versioned schema of this representation
  269. of an object. Servers should convert recognized schemas to the latest
  270. internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  271. type: string
  272. kind:
  273. description: 'Kind is a string value representing the REST resource this
  274. object represents. Servers may infer this from the endpoint the client
  275. submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  276. type: string
  277. metadata:
  278. type: object
  279. spec:
  280. description: Spec defines the desired state of Gateway.
  281. properties:
  282. addresses:
  283. description: "Addresses requested for this Gateway. This is optional
  284. and behavior can depend on the implementation. If a value is set
  285. in the spec and the requested address is invalid or unavailable,
  286. the implementation MUST indicate this in the associated entry in
  287. GatewayStatus.Addresses. \n The Addresses field represents a request
  288. for the address(es) on the \"outside of the Gateway\", that traffic
  289. bound for this Gateway will use. This could be the IP address or
  290. hostname of an external load balancer or other networking infrastructure,
  291. or some other address that traffic will be sent to. \n The .listener.hostname
  292. field is used to route traffic that has already arrived at the Gateway
  293. to the correct in-cluster destination. \n If no Addresses are specified,
  294. the implementation MAY schedule the Gateway in an implementation-specific
  295. manner, assigning an appropriate set of Addresses. \n The implementation
  296. MUST bind all Listeners to every GatewayAddress that it assigns
  297. to the Gateway and add a corresponding entry in GatewayStatus.Addresses.
  298. \n Support: Core"
  299. items:
  300. description: GatewayAddress describes an address that can be bound
  301. to a Gateway.
  302. properties:
  303. type:
  304. default: IPAddress
  305. description: Type of the address.
  306. enum:
  307. - IPAddress
  308. - Hostname
  309. - NamedAddress
  310. type: string
  311. value:
  312. description: "Value of the address. The validity of the values
  313. will depend on the type and support by the controller. \n
  314. Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
  315. maxLength: 253
  316. minLength: 1
  317. type: string
  318. required:
  319. - value
  320. type: object
  321. maxItems: 16
  322. type: array
  323. gatewayClassName:
  324. description: GatewayClassName used for this Gateway. This is the name
  325. of a GatewayClass resource.
  326. maxLength: 253
  327. minLength: 1
  328. type: string
  329. listeners:
  330. description: "Listeners associated with this Gateway. Listeners define
  331. logical endpoints that are bound on this Gateway's addresses. At
  332. least one Listener MUST be specified. \n Each listener in a Gateway
  333. must have a unique combination of Hostname, Port, and Protocol.
  334. \n An implementation MAY group Listeners by Port and then collapse
  335. each group of Listeners into a single Listener if the implementation
  336. determines that the Listeners in the group are \"compatible\". An
  337. implementation MAY also group together and collapse compatible Listeners
  338. belonging to different Gateways. \n For example, an implementation
  339. might consider Listeners to be compatible with each other if all
  340. of the following conditions are met: \n 1. Either each Listener
  341. within the group specifies the \"HTTP\" Protocol or each Listener
  342. within the group specifies either the \"HTTPS\" or \"TLS\" Protocol.
  343. \n 2. Each Listener within the group specifies a Hostname that is
  344. unique within the group. \n 3. As a special case, one Listener
  345. within a group may omit Hostname, in which case this Listener
  346. matches when no other Listener matches. \n If the implementation
  347. does collapse compatible Listeners, the hostname provided in the
  348. incoming client request MUST be matched to a Listener to find the
  349. correct set of Routes. The incoming hostname MUST be matched using
  350. the Hostname field for each Listener in order of most to least specific.
  351. That is, exact matches must be processed before wildcard matches.
  352. \n If this field specifies multiple Listeners that have the same
  353. Port value but are not compatible, the implementation must raise
  354. a \"Conflicted\" condition in the Listener status. \n Support: Core"
  355. items:
  356. description: Listener embodies the concept of a logical endpoint
  357. where a Gateway accepts network connections.
  358. properties:
  359. allowedRoutes:
  360. default:
  361. namespaces:
  362. from: Same
  363. description: "AllowedRoutes defines the types of routes that
  364. MAY be attached to a Listener and the trusted namespaces where
  365. those Route resources MAY be present. \n Although a client
  366. request may match multiple route rules, only one rule may
  367. ultimately receive the request. Matching precedence MUST be
  368. determined in order of the following criteria: \n * The most
  369. specific match as defined by the Route type. * The oldest
  370. Route based on creation timestamp. For example, a Route with
  371. \ a creation timestamp of \"2020-09-08 01:02:03\" is given
  372. precedence over a Route with a creation timestamp of \"2020-09-08
  373. 01:02:04\". * If everything else is equivalent, the Route
  374. appearing first in alphabetical order (namespace/name) should
  375. be given precedence. For example, foo/bar is given precedence
  376. over foo/baz. \n All valid rules within a Route attached to
  377. this Listener should be implemented. Invalid Route rules can
  378. be ignored (sometimes that will mean the full Route). If a
  379. Route rule transitions from valid to invalid, support for
  380. that Route rule should be dropped to ensure consistency. For
  381. example, even if a filter specified by a Route rule is invalid,
  382. the rest of the rules within that Route should still be supported.
  383. \n Support: Core"
  384. properties:
  385. kinds:
  386. description: "Kinds specifies the groups and kinds of Routes
  387. that are allowed to bind to this Gateway Listener. When
  388. unspecified or empty, the kinds of Routes selected are
  389. determined using the Listener protocol. \n A RouteGroupKind
  390. MUST correspond to kinds of Routes that are compatible
  391. with the application protocol specified in the Listener's
  392. Protocol field. If an implementation does not support
  393. or recognize this resource type, it MUST set the \"ResolvedRefs\"
  394. condition to False for this Listener with the \"InvalidRoutesRef\"
  395. reason. \n Support: Core"
  396. items:
  397. description: RouteGroupKind indicates the group and kind
  398. of a Route resource.
  399. properties:
  400. group:
  401. default: gateway.networking.k8s.io
  402. description: Group is the group of the Route.
  403. maxLength: 253
  404. pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  405. type: string
  406. kind:
  407. description: Kind is the kind of the Route.
  408. maxLength: 63
  409. minLength: 1
  410. pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
  411. type: string
  412. required:
  413. - kind
  414. type: object
  415. maxItems: 8
  416. type: array
  417. namespaces:
  418. default:
  419. from: Same
  420. description: "Namespaces indicates namespaces from which
  421. Routes may be attached to this Listener. This is restricted
  422. to the namespace of this Gateway by default. \n Support:
  423. Core"
  424. properties:
  425. from:
  426. default: Same
  427. description: "From indicates where Routes will be selected
  428. for this Gateway. Possible values are: * All: Routes
  429. in all namespaces may be used by this Gateway. * Selector:
  430. Routes in namespaces selected by the selector may
  431. be used by this Gateway. * Same: Only Routes in
  432. the same namespace may be used by this Gateway. \n
  433. Support: Core"
  434. enum:
  435. - All
  436. - Selector
  437. - Same
  438. type: string
  439. selector:
  440. description: "Selector must be specified when From is
  441. set to \"Selector\". In that case, only Routes in
  442. Namespaces matching this Selector will be selected
  443. by this Gateway. This field is ignored for other values
  444. of \"From\". \n Support: Core"
  445. properties:
  446. matchExpressions:
  447. description: matchExpressions is a list of label
  448. selector requirements. The requirements are ANDed.
  449. items:
  450. description: A label selector requirement is a
  451. selector that contains values, a key, and an
  452. operator that relates the key and values.
  453. properties:
  454. key:
  455. description: key is the label key that the
  456. selector applies to.
  457. type: string
  458. operator:
  459. description: operator represents a key's relationship
  460. to a set of values. Valid operators are
  461. In, NotIn, Exists and DoesNotExist.
  462. type: string
  463. values:
  464. description: values is an array of string
  465. values. If the operator is In or NotIn,
  466. the values array must be non-empty. If the
  467. operator is Exists or DoesNotExist, the
  468. values array must be empty. This array is
  469. replaced during a strategic merge patch.
  470. items:
  471. type: string
  472. type: array
  473. required:
  474. - key
  475. - operator
  476. type: object
  477. type: array
  478. matchLabels:
  479. additionalProperties:
  480. type: string
  481. description: matchLabels is a map of {key,value}
  482. pairs. A single {key,value} in the matchLabels
  483. map is equivalent to an element of matchExpressions,
  484. whose key field is "key", the operator is "In",
  485. and the values array contains only "value". The
  486. requirements are ANDed.
  487. type: object
  488. type: object
  489. type: object
  490. type: object
  491. hostname:
  492. description: "Hostname specifies the virtual hostname to match
  493. for protocol types that define this concept. When unspecified,
  494. all hostnames are matched. This field is ignored for protocols
  495. that don't require hostname based matching. \n Implementations
  496. MUST apply Hostname matching appropriately for each of the
  497. following protocols: \n * TLS: The Listener Hostname MUST
  498. match the SNI. * HTTP: The Listener Hostname MUST match the
  499. Host header of the request. * HTTPS: The Listener Hostname
  500. SHOULD match at both the TLS and HTTP protocol layers as
  501. described above. If an implementation does not ensure that
  502. both the SNI and Host header match the Listener hostname,
  503. \ it MUST clearly document that. \n For HTTPRoute and TLSRoute
  504. resources, there is an interaction with the `spec.hostnames`
  505. array. When both listener and route specify hostnames, there
  506. MUST be an intersection between the values for a Route to
  507. be accepted. For more information, refer to the Route specific
  508. Hostnames documentation. \n Support: Core"
  509. maxLength: 253
  510. minLength: 1
  511. pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  512. type: string
  513. name:
  514. description: "Name is the name of the Listener. \n Support:
  515. Core"
  516. maxLength: 253
  517. minLength: 1
  518. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  519. type: string
  520. port:
  521. description: "Port is the network port. Multiple listeners may
  522. use the same port, subject to the Listener compatibility rules.
  523. \n Support: Core"
  524. format: int32
  525. maximum: 65535
  526. minimum: 1
  527. type: integer
  528. protocol:
  529. description: "Protocol specifies the network protocol this listener
  530. expects to receive. \n Support: Core"
  531. maxLength: 255
  532. minLength: 1
  533. pattern: ^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$
  534. type: string
  535. tls:
  536. description: "TLS is the TLS configuration for the Listener.
  537. This field is required if the Protocol field is \"HTTPS\"
  538. or \"TLS\". It is invalid to set this field if the Protocol
  539. field is \"HTTP\", \"TCP\", or \"UDP\". \n The association
  540. of SNIs to Certificate defined in GatewayTLSConfig is defined
  541. based on the Hostname field for this listener. \n The GatewayClass
  542. MUST use the longest matching SNI out of all available certificates
  543. for any TLS handshake. \n Support: Core"
  544. properties:
  545. certificateRefs:
  546. description: "CertificateRefs contains a series of references
  547. to Kubernetes objects that contains TLS certificates and
  548. private keys. These certificates are used to establish
  549. a TLS handshake for requests that match the hostname of
  550. the associated listener. \n A single CertificateRef to
  551. a Kubernetes Secret has \"Core\" support. Implementations
  552. MAY choose to support attaching multiple certificates
  553. to a Listener, but this behavior is implementation-specific.
  554. \n References to a resource in different namespace are
  555. invalid UNLESS there is a ReferencePolicy in the target
  556. namespace that allows the certificate to be attached.
  557. If a ReferencePolicy does not allow this reference, the
  558. \"ResolvedRefs\" condition MUST be set to False for this
  559. listener with the \"InvalidCertificateRef\" reason. \n
  560. This field is required to have at least one element when
  561. the mode is set to \"Terminate\" (default) and is optional
  562. otherwise. \n CertificateRefs can reference to standard
  563. Kubernetes resources, i.e. Secret, or implementation-specific
  564. custom resources. \n Support: Core - A single reference
  565. to a Kubernetes Secret \n Support: Implementation-specific
  566. (More than one reference or other resource types)"
  567. items:
  568. description: "SecretObjectReference identifies an API
  569. object including its namespace, defaulting to Secret.
  570. \n The API object must be valid in the cluster; the
  571. Group and Kind must be registered in the cluster for
  572. this reference to be valid. \n References to objects
  573. with invalid Group and Kind are not valid, and must
  574. be rejected by the implementation, with appropriate
  575. Conditions set on the containing object."
  576. properties:
  577. group:
  578. default: ""
  579. description: Group is the group of the referent. For
  580. example, "networking.k8s.io". When unspecified (empty
  581. string), core API group is inferred.
  582. maxLength: 253
  583. pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  584. type: string
  585. kind:
  586. default: Secret
  587. description: Kind is kind of the referent. For example
  588. "HTTPRoute" or "Service".
  589. maxLength: 63
  590. minLength: 1
  591. pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
  592. type: string
  593. name:
  594. description: Name is the name of the referent.
  595. maxLength: 253
  596. minLength: 1
  597. type: string
  598. namespace:
  599. description: "Namespace is the namespace of the backend.
  600. When unspecified, the local namespace is inferred.
  601. \n Note that when a namespace is specified, a ReferencePolicy
  602. object is required in the referent namespace to
  603. allow that namespace's owner to accept the reference.
  604. See the ReferencePolicy documentation for details.
  605. \n Support: Core"
  606. maxLength: 63
  607. minLength: 1
  608. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
  609. type: string
  610. required:
  611. - name
  612. type: object
  613. maxItems: 64
  614. type: array
  615. mode:
  616. default: Terminate
  617. description: "Mode defines the TLS behavior for the TLS
  618. session initiated by the client. There are two possible
  619. modes: \n - Terminate: The TLS session between the downstream
  620. client and the Gateway is terminated at the Gateway.
  621. This mode requires certificateRefs to be set and contain
  622. at least one element. - Passthrough: The TLS session is
  623. NOT terminated by the Gateway. This implies that the
  624. Gateway can't decipher the TLS stream except for the
  625. ClientHello message of the TLS protocol. CertificateRefs
  626. field is ignored in this mode. \n Support: Core"
  627. enum:
  628. - Terminate
  629. - Passthrough
  630. type: string
  631. options:
  632. additionalProperties:
  633. description: AnnotationValue is the value of an annotation
  634. in Gateway API. This is used for validation of maps
  635. such as TLS options. This roughly matches Kubernetes
  636. annotation validation, although the length validation
  637. in that case is based on the entire size of the annotations
  638. struct.
  639. maxLength: 4096
  640. minLength: 0
  641. type: string
  642. description: "Options are a list of key/value pairs to enable
  643. extended TLS configuration for each implementation. For
  644. example, configuring the minimum TLS version or supported
  645. cipher suites. \n A set of common keys MAY be defined
  646. by the API in the future. To avoid any ambiguity, implementation-specific
  647. definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`.
  648. Un-prefixed names are reserved for key names defined by
  649. Gateway API. \n Support: Implementation-specific"
  650. maxProperties: 16
  651. type: object
  652. type: object
  653. required:
  654. - name
  655. - port
  656. - protocol
  657. type: object
  658. maxItems: 64
  659. minItems: 1
  660. type: array
  661. x-kubernetes-list-map-keys:
  662. - name
  663. x-kubernetes-list-type: map
  664. required:
  665. - gatewayClassName
  666. - listeners
  667. type: object
  668. status:
  669. default:
  670. conditions:
  671. - lastTransitionTime: "1970-01-01T00:00:00Z"
  672. message: Waiting for controller
  673. reason: NotReconciled
  674. status: Unknown
  675. type: Scheduled
  676. description: Status defines the current state of Gateway.
  677. properties:
  678. addresses:
  679. description: Addresses lists the IP addresses that have actually been
  680. bound to the Gateway. These addresses may differ from the addresses
  681. in the Spec, e.g. if the Gateway automatically assigns an address
  682. from a reserved pool.
  683. items:
  684. description: GatewayAddress describes an address that can be bound
  685. to a Gateway.
  686. properties:
  687. type:
  688. default: IPAddress
  689. description: Type of the address.
  690. enum:
  691. - IPAddress
  692. - Hostname
  693. - NamedAddress
  694. type: string
  695. value:
  696. description: "Value of the address. The validity of the values
  697. will depend on the type and support by the controller. \n
  698. Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
  699. maxLength: 253
  700. minLength: 1
  701. type: string
  702. required:
  703. - value
  704. type: object
  705. maxItems: 16
  706. type: array
  707. conditions:
  708. default:
  709. - lastTransitionTime: "1970-01-01T00:00:00Z"
  710. message: Waiting for controller
  711. reason: NotReconciled
  712. status: Unknown
  713. type: Scheduled
  714. description: "Conditions describe the current conditions of the Gateway.
  715. \n Implementations should prefer to express Gateway conditions using
  716. the `GatewayConditionType` and `GatewayConditionReason` constants
  717. so that operators and tools can converge on a common vocabulary
  718. to describe Gateway state. \n Known condition types are: \n * \"Scheduled\"
  719. * \"Ready\""
  720. items:
  721. description: "Condition contains details for one aspect of the current
  722. state of this API Resource. --- This struct is intended for direct
  723. use as an array at the field path .status.conditions. For example,
  724. type FooStatus struct{ // Represents the observations of a
  725. foo's current state. // Known .status.conditions.type are:
  726. \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
  727. \ // +patchStrategy=merge // +listType=map // +listMapKey=type
  728. \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
  729. patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
  730. \n // other fields }"
  731. properties:
  732. lastTransitionTime:
  733. description: lastTransitionTime is the last time the condition
  734. transitioned from one status to another. This should be when
  735. the underlying condition changed. If that is not known, then
  736. using the time when the API field changed is acceptable.
  737. format: date-time
  738. type: string
  739. message:
  740. description: message is a human readable message indicating
  741. details about the transition. This may be an empty string.
  742. maxLength: 32768
  743. type: string
  744. observedGeneration:
  745. description: observedGeneration represents the .metadata.generation
  746. that the condition was set based upon. For instance, if .metadata.generation
  747. is currently 12, but the .status.conditions[x].observedGeneration
  748. is 9, the condition is out of date with respect to the current
  749. state of the instance.
  750. format: int64
  751. minimum: 0
  752. type: integer
  753. reason:
  754. description: reason contains a programmatic identifier indicating
  755. the reason for the condition's last transition. Producers
  756. of specific condition types may define expected values and
  757. meanings for this field, and whether the values are considered
  758. a guaranteed API. The value should be a CamelCase string.
  759. This field may not be empty.
  760. maxLength: 1024
  761. minLength: 1
  762. pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
  763. type: string
  764. status:
  765. description: status of the condition, one of True, False, Unknown.
  766. enum:
  767. - "True"
  768. - "False"
  769. - Unknown
  770. type: string
  771. type:
  772. description: type of condition in CamelCase or in foo.example.com/CamelCase.
  773. --- Many .condition.type values are consistent across resources
  774. like Available, but because arbitrary conditions can be useful
  775. (see .node.status.conditions), the ability to deconflict is
  776. important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
  777. maxLength: 316
  778. pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
  779. type: string
  780. required:
  781. - lastTransitionTime
  782. - message
  783. - reason
  784. - status
  785. - type
  786. type: object
  787. maxItems: 8
  788. type: array
  789. x-kubernetes-list-map-keys:
  790. - type
  791. x-kubernetes-list-type: map
  792. listeners:
  793. description: Listeners provide status for each unique listener port
  794. defined in the Spec.
  795. items:
  796. description: ListenerStatus is the status associated with a Listener.
  797. properties:
  798. attachedRoutes:
  799. description: AttachedRoutes represents the total number of Routes
  800. that have been successfully attached to this Listener.
  801. format: int32
  802. type: integer
  803. conditions:
  804. description: Conditions describe the current condition of this
  805. listener.
  806. items:
  807. description: "Condition contains details for one aspect of
  808. the current state of this API Resource. --- This struct
  809. is intended for direct use as an array at the field path
  810. .status.conditions. For example, type FooStatus struct{
  811. \ // Represents the observations of a foo's current state.
  812. \ // Known .status.conditions.type are: \"Available\",
  813. \"Progressing\", and \"Degraded\" // +patchMergeKey=type
  814. \ // +patchStrategy=merge // +listType=map //
  815. +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
  816. patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
  817. \n // other fields }"
  818. properties:
  819. lastTransitionTime:
  820. description: lastTransitionTime is the last time the condition
  821. transitioned from one status to another. This should
  822. be when the underlying condition changed. If that is
  823. not known, then using the time when the API field changed
  824. is acceptable.
  825. format: date-time
  826. type: string
  827. message:
  828. description: message is a human readable message indicating
  829. details about the transition. This may be an empty string.
  830. maxLength: 32768
  831. type: string
  832. observedGeneration:
  833. description: observedGeneration represents the .metadata.generation
  834. that the condition was set based upon. For instance,
  835. if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
  836. is 9, the condition is out of date with respect to the
  837. current state of the instance.
  838. format: int64
  839. minimum: 0
  840. type: integer
  841. reason:
  842. description: reason contains a programmatic identifier
  843. indicating the reason for the condition's last transition.
  844. Producers of specific condition types may define expected
  845. values and meanings for this field, and whether the
  846. values are considered a guaranteed API. The value should
  847. be a CamelCase string. This field may not be empty.
  848. maxLength: 1024
  849. minLength: 1
  850. pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
  851. type: string
  852. status:
  853. description: status of the condition, one of True, False,
  854. Unknown.
  855. enum:
  856. - "True"
  857. - "False"
  858. - Unknown
  859. type: string
  860. type:
  861. description: type of condition in CamelCase or in foo.example.com/CamelCase.
  862. --- Many .condition.type values are consistent across
  863. resources like Available, but because arbitrary conditions
  864. can be useful (see .node.status.conditions), the ability
  865. to deconflict is important. The regex it matches is
  866. (dns1123SubdomainFmt/)?(qualifiedNameFmt)
  867. maxLength: 316
  868. pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
  869. type: string
  870. required:
  871. - lastTransitionTime
  872. - message
  873. - reason
  874. - status
  875. - type
  876. type: object
  877. maxItems: 8
  878. type: array
  879. x-kubernetes-list-map-keys:
  880. - type
  881. x-kubernetes-list-type: map
  882. name:
  883. description: Name is the name of the Listener that this status
  884. corresponds to.
  885. maxLength: 253
  886. minLength: 1
  887. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  888. type: string
  889. supportedKinds:
  890. description: "SupportedKinds is the list indicating the Kinds
  891. supported by this listener. This MUST represent the kinds
  892. an implementation supports for that Listener configuration.
  893. \n If kinds are specified in Spec that are not supported,
  894. they MUST NOT appear in this list and an implementation MUST
  895. set the \"ResolvedRefs\" condition to \"False\" with the \"InvalidRouteKinds\"
  896. reason. If both valid and invalid Route kinds are specified,
  897. the implementation MUST reference the valid Route kinds that
  898. have been specified."
  899. items:
  900. description: RouteGroupKind indicates the group and kind of
  901. a Route resource.
  902. properties:
  903. group:
  904. default: gateway.networking.k8s.io
  905. description: Group is the group of the Route.
  906. maxLength: 253
  907. pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  908. type: string
  909. kind:
  910. description: Kind is the kind of the Route.
  911. maxLength: 63
  912. minLength: 1
  913. pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
  914. type: string
  915. required:
  916. - kind
  917. type: object
  918. maxItems: 8
  919. type: array
  920. required:
  921. - attachedRoutes
  922. - conditions
  923. - name
  924. - supportedKinds
  925. type: object
  926. maxItems: 64
  927. type: array
  928. x-kubernetes-list-map-keys:
  929. - name
  930. x-kubernetes-list-type: map
  931. type: object
  932. required:
  933. - spec
  934. type: object
  935. served: true
  936. storage: true
  937. subresources:
  938. status: {}
  939. status:
  940. acceptedNames:
  941. kind: ""
  942. plural: ""
  943. conditions: []
  944. storedVersions: []
  945. ---
  946. apiVersion: apiextensions.k8s.io/v1
  947. kind: CustomResourceDefinition
  948. metadata:
  949. annotations:
  950. api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/891
  951. creationTimestamp: null
  952. name: httproutes.gateway.networking.k8s.io
  953. spec:
  954. group: gateway.networking.k8s.io
  955. names:
  956. categories:
  957. - gateway-api
  958. kind: HTTPRoute
  959. listKind: HTTPRouteList
  960. plural: httproutes
  961. singular: httproute
  962. scope: Namespaced
  963. versions:
  964. - additionalPrinterColumns:
  965. - jsonPath: .spec.hostnames
  966. name: Hostnames
  967. type: string
  968. - jsonPath: .metadata.creationTimestamp
  969. name: Age
  970. type: date
  971. name: v1alpha2
  972. schema:
  973. openAPIV3Schema:
  974. description: HTTPRoute provides a way to route HTTP requests. This includes
  975. the capability to match requests by hostname, path, header, or query param.
  976. Filters can be used to specify additional processing steps. Backends specify
  977. where matching requests should be routed.
  978. properties:
  979. apiVersion:
  980. description: 'APIVersion defines the versioned schema of this representation
  981. of an object. Servers should convert recognized schemas to the latest
  982. internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  983. type: string
  984. kind:
  985. description: 'Kind is a string value representing the REST resource this
  986. object represents. Servers may infer this from the endpoint the client
  987. submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  988. type: string
  989. metadata:
  990. type: object
  991. spec:
  992. description: Spec defines the desired state of HTTPRoute.
  993. properties:
  994. hostnames:
  995. description: "Hostnames defines a set of hostname that should match
  996. against the HTTP Host header to select a HTTPRoute to process the
  997. request. This matches the RFC 1123 definition of a hostname with
  998. 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may
  999. be prefixed with a wildcard label (`*.`). The wildcard label
  1000. must appear by itself as the first label. \n If a hostname is specified
  1001. by both the Listener and HTTPRoute, there must be at least one intersecting
  1002. hostname for the HTTPRoute to be attached to the Listener. For example:
  1003. \n * A Listener with `test.example.com` as the hostname matches
  1004. HTTPRoutes that have either not specified any hostnames, or have
  1005. specified at least one of `test.example.com` or `*.example.com`.
  1006. * A Listener with `*.example.com` as the hostname matches HTTPRoutes
  1007. \ that have either not specified any hostnames or have specified
  1008. at least one hostname that matches the Listener hostname. For
  1009. example, `test.example.com` and `*.example.com` would both match.
  1010. On the other hand, `example.com` and `test.example.net` would
  1011. not match. \n If both the Listener and HTTPRoute have specified
  1012. hostnames, any HTTPRoute hostnames that do not match the Listener
  1013. hostname MUST be ignored. For example, if a Listener specified `*.example.com`,
  1014. and the HTTPRoute specified `test.example.com` and `test.example.net`,
  1015. `test.example.net` must not be considered for a match. \n If both
  1016. the Listener and HTTPRoute have specified hostnames, and none match
  1017. with the criteria above, then the HTTPRoute is not accepted. The
  1018. implementation must raise an 'Accepted' Condition with a status
  1019. of `False` in the corresponding RouteParentStatus. \n Support: Core"
  1020. items:
  1021. description: "Hostname is the fully qualified domain name of a network
  1022. host. This matches the RFC 1123 definition of a hostname with
  1023. 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
  1024. may be prefixed with a wildcard label (`*.`). The wildcard label
  1025. must appear by itself as the first label. \n Hostname can be \"precise\"
  1026. which is a domain name without the terminating dot of a network
  1027. host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
  1028. name prefixed with a single wildcard label (e.g. `*.example.com`).
  1029. \n Note that as per RFC1035 and RFC1123, a *label* must consist
  1030. of lower case alphanumeric characters or '-', and must start and
  1031. end with an alphanumeric character. No other punctuation is allowed."
  1032. maxLength: 253
  1033. minLength: 1
  1034. pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  1035. type: string
  1036. maxItems: 16
  1037. type: array
  1038. parentRefs:
  1039. description: "ParentRefs references the resources (usually Gateways)
  1040. that a Route wants to be attached to. Note that the referenced parent
  1041. resource needs to allow this for the attachment to be complete.
  1042. For Gateways, that means the Gateway needs to allow attachment from
  1043. Routes of this kind and namespace. \n The only kind of parent resource
  1044. with \"Core\" support is Gateway. This API may be extended in the
  1045. future to support additional kinds of parent resources such as one
  1046. of the route kinds. \n It is invalid to reference an identical parent
  1047. more than once. It is valid to reference multiple distinct sections
  1048. within the same parent resource, such as 2 Listeners within a Gateway.
  1049. \n It is possible to separately reference multiple distinct objects
  1050. that may be collapsed by an implementation. For example, some implementations
  1051. may choose to merge compatible Gateway Listeners together. If that
  1052. is the case, the list of routes attached to those resources should
  1053. also be merged."
  1054. items:
  1055. description: "ParentRef identifies an API object (usually a Gateway)
  1056. that can be considered a parent of this resource (usually a route).
  1057. The only kind of parent resource with \"Core\" support is Gateway.
  1058. This API may be extended in the future to support additional kinds
  1059. of parent resources, such as HTTPRoute. \n The API object must
  1060. be valid in the cluster; the Group and Kind must be registered
  1061. in the cluster for this reference to be valid. \n References to
  1062. objects with invalid Group and Kind are not valid, and must be
  1063. rejected by the implementation, with appropriate Conditions set
  1064. on the containing object."
  1065. properties:
  1066. group:
  1067. default: gateway.networking.k8s.io
  1068. description: "Group is the group of the referent. \n Support:
  1069. Core"
  1070. maxLength: 253
  1071. pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  1072. type: string
  1073. kind:
  1074. default: Gateway
  1075. description: "Kind is kind of the referent. \n Support: Core
  1076. (Gateway) Support: Custom (Other Resources)"
  1077. maxLength: 63
  1078. minLength: 1
  1079. pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
  1080. type: string
  1081. name:
  1082. description: "Name is the name of the referent. \n Support:
  1083. Core"
  1084. maxLength: 253
  1085. minLength: 1
  1086. type: string
  1087. namespace:
  1088. description: "Namespace is the namespace of the referent. When
  1089. unspecified (or empty string), this refers to the local namespace
  1090. of the Route. \n Support: Core"
  1091. maxLength: 63
  1092. minLength: 1
  1093. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
  1094. type: string
  1095. sectionName:
  1096. description: "SectionName is the name of a section within the
  1097. target resource. In the following resources, SectionName is
  1098. interpreted as the following: \n * Gateway: Listener Name
  1099. \n Implementations MAY choose to support attaching Routes
  1100. to other resources. If that is the case, they MUST clearly
  1101. document how SectionName is interpreted. \n When unspecified
  1102. (empty string), this will reference the entire resource. For
  1103. the purpose of status, an attachment is considered successful
  1104. if at least one section in the parent resource accepts it.
  1105. For example, Gateway listeners can restrict which Routes can
  1106. attach to them by Route kind, namespace, or hostname. If 1
  1107. of 2 Gateway listeners accept attachment from the referencing
  1108. Route, the Route MUST be considered successfully attached.
  1109. If no Gateway listeners accept attachment from this Route,
  1110. the Route MUST be considered detached from the Gateway. \n
  1111. Support: Core"
  1112. maxLength: 253
  1113. minLength: 1
  1114. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  1115. type: string
  1116. required:
  1117. - name
  1118. type: object
  1119. maxItems: 32
  1120. type: array
  1121. rules:
  1122. default:
  1123. - matches:
  1124. - path:
  1125. type: PathPrefix
  1126. value: /
  1127. description: Rules are a list of HTTP matchers, filters and actions.
  1128. items:
  1129. description: HTTPRouteRule defines semantics for matching an HTTP
  1130. request based on conditions (matches), processing it (filters),
  1131. and forwarding the request to an API object (backendRefs).
  1132. properties:
  1133. backendRefs:
  1134. description: "If unspecified or invalid (refers to a non-existent
  1135. resource or a Service with no endpoints), the rule performs
  1136. no forwarding. If there are also no filters specified that
  1137. would result in a response being sent, a HTTP 503 status code
  1138. is returned. 503 responses must be sent so that the overall
  1139. weight is respected; if an invalid backend is requested to
  1140. have 80% of requests, then 80% of requests must get a 503
  1141. instead. \n Support: Core for Kubernetes Service Support:
  1142. Custom for any other resource \n Support for weight: Core"
  1143. items:
  1144. description: HTTPBackendRef defines how a HTTPRoute should
  1145. forward an HTTP request.
  1146. properties:
  1147. filters:
  1148. description: "Filters defined at this level should be
  1149. executed if and only if the request is being forwarded
  1150. to the backend defined here. \n Support: Custom (For
  1151. broader support of filters, use the Filters field in
  1152. HTTPRouteRule.)"
  1153. items:
  1154. description: HTTPRouteFilter defines processing steps
  1155. that must be completed during the request or response
  1156. lifecycle. HTTPRouteFilters are meant as an extension
  1157. point to express processing that may be done in Gateway
  1158. implementations. Some examples include request or
  1159. response modification, implementing authentication
  1160. strategies, rate-limiting, and traffic shaping. API
  1161. guarantee/conformance is defined based on the type
  1162. of the filter.
  1163. properties:
  1164. extensionRef:
  1165. description: "ExtensionRef is an optional, implementation-specific
  1166. extension to the \"filter\" behavior. For example,
  1167. resource \"myroutefilter\" in group \"networking.example.net\").
  1168. ExtensionRef MUST NOT be used for core and extended
  1169. filters. \n Support: Implementation-specific"
  1170. properties:
  1171. group:
  1172. description: Group is the group of the referent.
  1173. For example, "networking.k8s.io". When unspecified
  1174. (empty string), core API group is inferred.
  1175. maxLength: 253
  1176. pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  1177. type: string
  1178. kind:
  1179. description: Kind is kind of the referent. For
  1180. example "HTTPRoute" or "Service".
  1181. maxLength: 63
  1182. minLength: 1
  1183. pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
  1184. type: string
  1185. name:
  1186. description: Name is the name of the referent.
  1187. maxLength: 253
  1188. minLength: 1
  1189. type: string
  1190. required:
  1191. - group
  1192. - kind
  1193. - name
  1194. type: object
  1195. requestHeaderModifier:
  1196. description: "RequestHeaderModifier defines a schema
  1197. for a filter that modifies request headers. \n
  1198. Support: Core"
  1199. properties:
  1200. add:
  1201. description: "Add adds the given header(s) (name,
  1202. value) to the request before the action. It
  1203. appends to any existing values associated
  1204. with the header name. \n Input: GET /foo
  1205. HTTP/1.1 my-header: foo \n Config: add:
  1206. \ - name: \"my-header\" value: \"bar\"
  1207. \n Output: GET /foo HTTP/1.1 my-header:
  1208. foo my-header: bar"
  1209. items:
  1210. description: HTTPHeader represents an HTTP
  1211. Header name and value as defined by RFC
  1212. 7230.
  1213. properties:
  1214. name:
  1215. description: "Name is the name of the
  1216. HTTP Header to be matched. Name matching
  1217. MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
  1218. \n If multiple entries specify equivalent
  1219. header names, the first entry with an
  1220. equivalent name MUST be considered for
  1221. a match. Subsequent entries with an
  1222. equivalent header name MUST be ignored.
  1223. Due to the case-insensitivity of header
  1224. names, \"foo\" and \"Foo\" are considered
  1225. equivalent."
  1226. maxLength: 256
  1227. minLength: 1
  1228. pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
  1229. type: string
  1230. value:
  1231. description: Value is the value of HTTP
  1232. Header to be matched.
  1233. maxLength: 4096
  1234. minLength: 1
  1235. type: string
  1236. required:
  1237. - name
  1238. - value
  1239. type: object
  1240. maxItems: 16
  1241. type: array
  1242. x-kubernetes-list-map-keys:
  1243. - name
  1244. x-kubernetes-list-type: map
  1245. remove:
  1246. description: "Remove the given header(s) from
  1247. the HTTP request before the action. The value
  1248. of Remove is a list of HTTP header names.
  1249. Note that the header names are case-insensitive
  1250. (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
  1251. \n Input: GET /foo HTTP/1.1 my-header1:
  1252. foo my-header2: bar my-header3: baz \n
  1253. Config: remove: [\"my-header1\", \"my-header3\"]
  1254. \n Output: GET /foo HTTP/1.1 my-header2:
  1255. bar"
  1256. items:
  1257. type: string
  1258. maxItems: 16
  1259. type: array
  1260. set:
  1261. description: "Set overwrites the request with
  1262. the given header (name, value) before the
  1263. action. \n Input: GET /foo HTTP/1.1 my-header:
  1264. foo \n Config: set: - name: \"my-header\"
  1265. \ value: \"bar\" \n Output: GET /foo
  1266. HTTP/1.1 my-header: bar"
  1267. items:
  1268. description: HTTPHeader represents an HTTP
  1269. Header name and value as defined by RFC
  1270. 7230.
  1271. properties:
  1272. name:
  1273. description: "Name is the name of the
  1274. HTTP Header to be matched. Name matching
  1275. MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
  1276. \n If multiple entries specify equivalent
  1277. header names, the first entry with an
  1278. equivalent name MUST be considered for
  1279. a match. Subsequent entries with an
  1280. equivalent header name MUST be ignored.
  1281. Due to the case-insensitivity of header
  1282. names, \"foo\" and \"Foo\" are considered
  1283. equivalent."
  1284. maxLength: 256
  1285. minLength: 1
  1286. pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
  1287. type: string
  1288. value:
  1289. description: Value is the value of HTTP
  1290. Header to be matched.
  1291. maxLength: 4096
  1292. minLength: 1
  1293. type: string
  1294. required:
  1295. - name
  1296. - value
  1297. type: object
  1298. maxItems: 16
  1299. type: array
  1300. x-kubernetes-list-map-keys:
  1301. - name
  1302. x-kubernetes-list-type: map
  1303. type: object
  1304. requestMirror:
  1305. description: "RequestMirror defines a schema for
  1306. a filter that mirrors requests. Requests are sent
  1307. to the specified destination, but responses from
  1308. that destination are ignored. \n Support: Extended"
  1309. properties:
  1310. backendRef:
  1311. description: "BackendRef references a resource
  1312. where mirrored requests are sent. \n If the
  1313. referent cannot be found, this BackendRef
  1314. is invalid and must be dropped from the Gateway.
  1315. The controller must ensure the \"ResolvedRefs\"
  1316. condition on the Route status is set to `status:
  1317. False` and not configure this backend in the
  1318. underlying implementation. \n If there is
  1319. a cross-namespace reference to an *existing*
  1320. object that is not allowed by a ReferencePolicy,
  1321. the controller must ensure the \"ResolvedRefs\"
  1322. \ condition on the Route is set to `status:
  1323. False`, with the \"RefNotPermitted\" reason
  1324. and not configure this backend in the underlying
  1325. implementation. \n In either error case, the
  1326. Message of the `ResolvedRefs` Condition should
  1327. be used to provide more detail about the problem.
  1328. \n Support: Extended for Kubernetes Service
  1329. Support: Custom for any other resource"
  1330. properties:
  1331. group:
  1332. default: ""
  1333. description: Group is the group of the referent.
  1334. For example, "networking.k8s.io". When
  1335. unspecified (empty string), core API group
  1336. is inferred.
  1337. maxLength: 253
  1338. pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  1339. type: string
  1340. kind:
  1341. default: Service
  1342. description: Kind is kind of the referent.
  1343. For example "HTTPRoute" or "Service".
  1344. maxLength: 63
  1345. minLength: 1
  1346. pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
  1347. type: string
  1348. name:
  1349. description: Name is the name of the referent.
  1350. maxLength: 253
  1351. minLength: 1
  1352. type: string
  1353. namespace:
  1354. description: "Namespace is the namespace
  1355. of the backend. When unspecified, the
  1356. local namespace is inferred. \n Note that
  1357. when a namespace is specified, a ReferencePolicy
  1358. object is required in the referent namespace
  1359. to allow that namespace's owner to accept
  1360. the reference. See the ReferencePolicy
  1361. documentation for details. \n Support:
  1362. Core"
  1363. maxLength: 63
  1364. minLength: 1
  1365. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
  1366. type: string
  1367. port:
  1368. description: Port specifies the destination
  1369. port number to use for this resource.
  1370. Port is required when the referent is
  1371. a Kubernetes Service. For other resources,
  1372. destination port might be derived from
  1373. the referent resource or this field.
  1374. format: int32
  1375. maximum: 65535
  1376. minimum: 1
  1377. type: integer
  1378. required:
  1379. - name
  1380. type: object
  1381. required:
  1382. - backendRef
  1383. type: object
  1384. requestRedirect:
  1385. description: "RequestRedirect defines a schema for
  1386. a filter that responds to the request with an
  1387. HTTP redirection. \n Support: Core"
  1388. properties:
  1389. hostname:
  1390. description: "Hostname is the hostname to be
  1391. used in the value of the `Location` header
  1392. in the response. When empty, the hostname
  1393. of the request is used. \n Support: Core"
  1394. maxLength: 253
  1395. minLength: 1
  1396. pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  1397. type: string
  1398. port:
  1399. description: "Port is the port to be used in
  1400. the value of the `Location` header in the
  1401. response. When empty, port (if specified)
  1402. of the request is used. \n Support: Extended"
  1403. format: int32
  1404. maximum: 65535
  1405. minimum: 1
  1406. type: integer
  1407. scheme:
  1408. description: "Scheme is the scheme to be used
  1409. in the value of the `Location` header in the
  1410. response. When empty, the scheme of the request
  1411. is used. \n Support: Extended"
  1412. enum:
  1413. - http
  1414. - https
  1415. type: string
  1416. statusCode:
  1417. default: 302
  1418. description: "StatusCode is the HTTP status
  1419. code to be used in response. \n Support: Core"
  1420. enum:
  1421. - 301
  1422. - 302
  1423. type: integer
  1424. type: object
  1425. type:
  1426. description: "Type identifies the type of filter
  1427. to apply. As with other API fields, types are
  1428. classified into three conformance levels: \n -
  1429. Core: Filter types and their corresponding configuration
  1430. defined by \"Support: Core\" in this package,
  1431. e.g. \"RequestHeaderModifier\". All implementations
  1432. must support core filters. \n - Extended: Filter
  1433. types and their corresponding configuration defined
  1434. by \"Support: Extended\" in this package, e.g.
  1435. \"RequestMirror\". Implementers are encouraged
  1436. to support extended filters. \n - Custom: Filters
  1437. that are defined and supported by specific vendors.
  1438. \ In the future, filters showing convergence
  1439. in behavior across multiple implementations
  1440. will be considered for inclusion in extended or
  1441. core conformance levels. Filter-specific configuration
  1442. for such filters is specified using the ExtensionRef
  1443. field. `Type` should be set to \"ExtensionRef\"
  1444. for custom filters. \n Implementers are encouraged
  1445. to define custom implementation types to extend
  1446. the core API with implementation-specific behavior.
  1447. \n If a reference to a custom filter type cannot
  1448. be resolved, the filter MUST NOT be skipped. Instead,
  1449. requests that would have been processed by that
  1450. filter MUST receive a HTTP error response."
  1451. enum:
  1452. - RequestHeaderModifier
  1453. - RequestMirror
  1454. - RequestRedirect
  1455. - ExtensionRef
  1456. type: string
  1457. required:
  1458. - type
  1459. type: object
  1460. maxItems: 16
  1461. type: array
  1462. group:
  1463. default: ""
  1464. description: Group is the group of the referent. For example,
  1465. "networking.k8s.io". When unspecified (empty string),
  1466. core API group is inferred.
  1467. maxLength: 253
  1468. pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  1469. type: string
  1470. kind:
  1471. default: Service
  1472. description: Kind is kind of the referent. For example
  1473. "HTTPRoute" or "Service".
  1474. maxLength: 63
  1475. minLength: 1
  1476. pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
  1477. type: string
  1478. name:
  1479. description: Name is the name of the referent.
  1480. maxLength: 253
  1481. minLength: 1
  1482. type: string
  1483. namespace:
  1484. description: "Namespace is the namespace of the backend.
  1485. When unspecified, the local namespace is inferred. \n
  1486. Note that when a namespace is specified, a ReferencePolicy
  1487. object is required in the referent namespace to allow
  1488. that namespace's owner to accept the reference. See
  1489. the ReferencePolicy documentation for details. \n Support:
  1490. Core"
  1491. maxLength: 63
  1492. minLength: 1
  1493. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
  1494. type: string
  1495. port:
  1496. description: Port specifies the destination port number
  1497. to use for this resource. Port is required when the
  1498. referent is a Kubernetes Service. For other resources,
  1499. destination port might be derived from the referent
  1500. resource or this field.
  1501. format: int32
  1502. maximum: 65535
  1503. minimum: 1
  1504. type: integer
  1505. weight:
  1506. default: 1
  1507. description: "Weight specifies the proportion of requests
  1508. forwarded to the referenced backend. This is computed
  1509. as weight/(sum of all weights in this BackendRefs list).
  1510. For non-zero values, there may be some epsilon from
  1511. the exact proportion defined here depending on the precision
  1512. an implementation supports. Weight is not a percentage
  1513. and the sum of weights does not need to equal 100. \n
  1514. If only one backend is specified and it has a weight
  1515. greater than 0, 100% of the traffic is forwarded to
  1516. that backend. If weight is set to 0, no traffic should
  1517. be forwarded for this entry. If unspecified, weight
  1518. defaults to 1. \n Support for this field varies based
  1519. on the context where used."
  1520. format: int32
  1521. maximum: 1000000
  1522. minimum: 0
  1523. type: integer
  1524. required:
  1525. - name
  1526. type: object
  1527. maxItems: 16
  1528. type: array
  1529. filters:
  1530. description: "Filters define the filters that are applied to
  1531. requests that match this rule. \n The effects of ordering
  1532. of multiple behaviors are currently unspecified. This can
  1533. change in the future based on feedback during the alpha stage.
  1534. \n Conformance-levels at this level are defined based on the
  1535. type of filter: \n - ALL core filters MUST be supported by
  1536. all implementations. - Implementers are encouraged to support
  1537. extended filters. - Implementation-specific custom filters
  1538. have no API guarantees across implementations. \n Specifying
  1539. a core filter multiple times has unspecified or custom conformance.
  1540. \n Support: Core"
  1541. items:
  1542. description: HTTPRouteFilter defines processing steps that
  1543. must be completed during the request or response lifecycle.
  1544. HTTPRouteFilters are meant as an extension point to express
  1545. processing that may be done in Gateway implementations.
  1546. Some examples include request or response modification,
  1547. implementing authentication strategies, rate-limiting, and
  1548. traffic shaping. API guarantee/conformance is defined based
  1549. on the type of the filter.
  1550. properties:
  1551. extensionRef:
  1552. description: "ExtensionRef is an optional, implementation-specific
  1553. extension to the \"filter\" behavior. For example,
  1554. resource \"myroutefilter\" in group \"networking.example.net\").
  1555. ExtensionRef MUST NOT be used for core and extended
  1556. filters. \n Support: Implementation-specific"
  1557. properties:
  1558. group:
  1559. description: Group is the group of the referent. For
  1560. example, "networking.k8s.io". When unspecified (empty
  1561. string), core API group is inferred.
  1562. maxLength: 253
  1563. pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  1564. type: string
  1565. kind:
  1566. description: Kind is kind of the referent. For example
  1567. "HTTPRoute" or "Service".
  1568. maxLength: 63
  1569. minLength: 1
  1570. pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
  1571. type: string
  1572. name:
  1573. description: Name is the name of the referent.
  1574. maxLength: 253
  1575. minLength: 1
  1576. type: string
  1577. required:
  1578. - group
  1579. - kind
  1580. - name
  1581. type: object
  1582. requestHeaderModifier:
  1583. description: "RequestHeaderModifier defines a schema for
  1584. a filter that modifies request headers. \n Support:
  1585. Core"
  1586. properties:
  1587. add:
  1588. description: "Add adds the given header(s) (name,
  1589. value) to the request before the action. It appends
  1590. to any existing values associated with the header
  1591. name. \n Input: GET /foo HTTP/1.1 my-header:
  1592. foo \n Config: add: - name: \"my-header\" value:
  1593. \"bar\" \n Output: GET /foo HTTP/1.1 my-header:
  1594. foo my-header: bar"
  1595. items:
  1596. description: HTTPHeader represents an HTTP Header
  1597. name and value as defined by RFC 7230.
  1598. properties:
  1599. name:
  1600. description: "Name is the name of the HTTP Header
  1601. to be matched. Name matching MUST be case
  1602. insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
  1603. \n If multiple entries specify equivalent
  1604. header names, the first entry with an equivalent
  1605. name MUST be considered for a match. Subsequent
  1606. entries with an equivalent header name MUST
  1607. be ignored. Due to the case-insensitivity
  1608. of header names, \"foo\" and \"Foo\" are considered
  1609. equivalent."
  1610. maxLength: 256
  1611. minLength: 1
  1612. pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
  1613. type: string
  1614. value:
  1615. description: Value is the value of HTTP Header
  1616. to be matched.
  1617. maxLength: 4096
  1618. minLength: 1
  1619. type: string
  1620. required:
  1621. - name
  1622. - value
  1623. type: object
  1624. maxItems: 16
  1625. type: array
  1626. x-kubernetes-list-map-keys:
  1627. - name
  1628. x-kubernetes-list-type: map
  1629. remove:
  1630. description: "Remove the given header(s) from the
  1631. HTTP request before the action. The value of Remove
  1632. is a list of HTTP header names. Note that the header
  1633. names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
  1634. \n Input: GET /foo HTTP/1.1 my-header1: foo
  1635. \ my-header2: bar my-header3: baz \n Config:
  1636. \ remove: [\"my-header1\", \"my-header3\"] \n Output:
  1637. \ GET /foo HTTP/1.1 my-header2: bar"
  1638. items:
  1639. type: string
  1640. maxItems: 16
  1641. type: array
  1642. set:
  1643. description: "Set overwrites the request with the
  1644. given header (name, value) before the action. \n
  1645. Input: GET /foo HTTP/1.1 my-header: foo \n Config:
  1646. \ set: - name: \"my-header\" value: \"bar\"
  1647. \n Output: GET /foo HTTP/1.1 my-header: bar"
  1648. items:
  1649. description: HTTPHeader represents an HTTP Header
  1650. name and value as defined by RFC 7230.
  1651. properties:
  1652. name:
  1653. description: "Name is the name of the HTTP Header
  1654. to be matched. Name matching MUST be case
  1655. insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
  1656. \n If multiple entries specify equivalent
  1657. header names, the first entry with an equivalent
  1658. name MUST be considered for a match. Subsequent
  1659. entries with an equivalent header name MUST
  1660. be ignored. Due to the case-insensitivity
  1661. of header names, \"foo\" and \"Foo\" are considered
  1662. equivalent."
  1663. maxLength: 256
  1664. minLength: 1
  1665. pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
  1666. type: string
  1667. value:
  1668. description: Value is the value of HTTP Header
  1669. to be matched.
  1670. maxLength: 4096
  1671. minLength: 1
  1672. type: string
  1673. required:
  1674. - name
  1675. - value
  1676. type: object
  1677. maxItems: 16
  1678. type: array
  1679. x-kubernetes-list-map-keys:
  1680. - name
  1681. x-kubernetes-list-type: map
  1682. type: object
  1683. requestMirror:
  1684. description: "RequestMirror defines a schema for a filter
  1685. that mirrors requests. Requests are sent to the specified
  1686. destination, but responses from that destination are
  1687. ignored. \n Support: Extended"
  1688. properties:
  1689. backendRef:
  1690. description: "BackendRef references a resource where
  1691. mirrored requests are sent. \n If the referent cannot
  1692. be found, this BackendRef is invalid and must be
  1693. dropped from the Gateway. The controller must ensure
  1694. the \"ResolvedRefs\" condition on the Route status
  1695. is set to `status: False` and not configure this
  1696. backend in the underlying implementation. \n If
  1697. there is a cross-namespace reference to an *existing*
  1698. object that is not allowed by a ReferencePolicy,
  1699. the controller must ensure the \"ResolvedRefs\"
  1700. \ condition on the Route is set to `status: False`,
  1701. with the \"RefNotPermitted\" reason and not configure
  1702. this backend in the underlying implementation. \n
  1703. In either error case, the Message of the `ResolvedRefs`
  1704. Condition should be used to provide more detail
  1705. about the problem. \n Support: Extended for Kubernetes
  1706. Service Support: Custom for any other resource"
  1707. properties:
  1708. group:
  1709. default: ""
  1710. description: Group is the group of the referent.
  1711. For example, "networking.k8s.io". When unspecified
  1712. (empty string), core API group is inferred.
  1713. maxLength: 253
  1714. pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  1715. type: string
  1716. kind:
  1717. default: Service
  1718. description: Kind is kind of the referent. For
  1719. example "HTTPRoute" or "Service".
  1720. maxLength: 63
  1721. minLength: 1
  1722. pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
  1723. type: string
  1724. name:
  1725. description: Name is the name of the referent.
  1726. maxLength: 253
  1727. minLength: 1
  1728. type: string
  1729. namespace:
  1730. description: "Namespace is the namespace of the
  1731. backend. When unspecified, the local namespace
  1732. is inferred. \n Note that when a namespace is
  1733. specified, a ReferencePolicy object is required
  1734. in the referent namespace to allow that namespace's
  1735. owner to accept the reference. See the ReferencePolicy
  1736. documentation for details. \n Support: Core"
  1737. maxLength: 63
  1738. minLength: 1
  1739. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
  1740. type: string
  1741. port:
  1742. description: Port specifies the destination port
  1743. number to use for this resource. Port is required
  1744. when the referent is a Kubernetes Service. For
  1745. other resources, destination port might be derived
  1746. from the referent resource or this field.
  1747. format: int32
  1748. maximum: 65535
  1749. minimum: 1
  1750. type: integer
  1751. required:
  1752. - name
  1753. type: object
  1754. required:
  1755. - backendRef
  1756. type: object
  1757. requestRedirect:
  1758. description: "RequestRedirect defines a schema for a filter
  1759. that responds to the request with an HTTP redirection.
  1760. \n Support: Core"
  1761. properties:
  1762. hostname:
  1763. description: "Hostname is the hostname to be used
  1764. in the value of the `Location` header in the response.
  1765. When empty, the hostname of the request is used.
  1766. \n Support: Core"
  1767. maxLength: 253
  1768. minLength: 1
  1769. pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  1770. type: string
  1771. port:
  1772. description: "Port is the port to be used in the value
  1773. of the `Location` header in the response. When empty,
  1774. port (if specified) of the request is used. \n Support:
  1775. Extended"
  1776. format: int32
  1777. maximum: 65535
  1778. minimum: 1
  1779. type: integer
  1780. scheme:
  1781. description: "Scheme is the scheme to be used in the
  1782. value of the `Location` header in the response.
  1783. When empty, the scheme of the request is used. \n
  1784. Support: Extended"
  1785. enum:
  1786. - http
  1787. - https
  1788. type: string
  1789. statusCode:
  1790. default: 302
  1791. description: "StatusCode is the HTTP status code to
  1792. be used in response. \n Support: Core"
  1793. enum:
  1794. - 301
  1795. - 302
  1796. type: integer
  1797. type: object
  1798. type:
  1799. description: "Type identifies the type of filter to apply.
  1800. As with other API fields, types are classified into
  1801. three conformance levels: \n - Core: Filter types and
  1802. their corresponding configuration defined by \"Support:
  1803. Core\" in this package, e.g. \"RequestHeaderModifier\".
  1804. All implementations must support core filters. \n
  1805. - Extended: Filter types and their corresponding configuration
  1806. defined by \"Support: Extended\" in this package,
  1807. e.g. \"RequestMirror\". Implementers are encouraged
  1808. to support extended filters. \n - Custom: Filters that
  1809. are defined and supported by specific vendors. In
  1810. the future, filters showing convergence in behavior
  1811. across multiple implementations will be considered
  1812. for inclusion in extended or core conformance levels.
  1813. Filter-specific configuration for such filters is
  1814. specified using the ExtensionRef field. `Type` should
  1815. be set to \"ExtensionRef\" for custom filters. \n
  1816. Implementers are encouraged to define custom implementation
  1817. types to extend the core API with implementation-specific
  1818. behavior. \n If a reference to a custom filter type
  1819. cannot be resolved, the filter MUST NOT be skipped.
  1820. Instead, requests that would have been processed by
  1821. that filter MUST receive a HTTP error response."
  1822. enum:
  1823. - RequestHeaderModifier
  1824. - RequestMirror
  1825. - RequestRedirect
  1826. - ExtensionRef
  1827. type: string
  1828. required:
  1829. - type
  1830. type: object
  1831. maxItems: 16
  1832. type: array
  1833. matches:
  1834. default:
  1835. - path:
  1836. type: PathPrefix
  1837. value: /
  1838. description: "Matches define conditions used for matching the
  1839. rule against incoming HTTP requests. Each match is independent,
  1840. i.e. this rule will be matched if **any** one of the matches
  1841. is satisfied. \n For example, take the following matches configuration:
  1842. \n ``` matches: - path: value: \"/foo\" headers: -
  1843. name: \"version\" value: \"v2\" - path: value: \"/v2/foo\"
  1844. ``` \n For a request to match against this rule, a request
  1845. must satisfy EITHER of the two conditions: \n - path prefixed
  1846. with `/foo` AND contains the header `version: v2` - path prefix
  1847. of `/v2/foo` \n See the documentation for HTTPRouteMatch on
  1848. how to specify multiple match conditions that should be ANDed
  1849. together. \n If no matches are specified, the default is a
  1850. prefix path match on \"/\", which has the effect of matching
  1851. every HTTP request. \n Proxy or Load Balancer routing configuration
  1852. generated from HTTPRoutes MUST prioritize rules based on the
  1853. following criteria, continuing on ties. Precedence must be
  1854. given to the the Rule with the largest number of: \n * Characters
  1855. in a matching non-wildcard hostname. * Characters in a matching
  1856. hostname. * Characters in a matching path. * Header matches.
  1857. * Query param matches. \n If ties still exist across multiple
  1858. Routes, matching precedence MUST be determined in order of
  1859. the following criteria, continuing on ties: \n * The oldest
  1860. Route based on creation timestamp. * The Route appearing first
  1861. in alphabetical order by \"<namespace>/<name>\". \n If ties
  1862. still exist within the Route that has been given precedence,
  1863. matching precedence MUST be granted to the first matching
  1864. rule meeting the above criteria."
  1865. items:
  1866. description: "HTTPRouteMatch defines the predicate used to
  1867. match requests to a given action. Multiple match types are
  1868. ANDed together, i.e. the match will evaluate to true only
  1869. if all conditions are satisfied. \n For example, the match
  1870. below will match a HTTP request only if its path starts
  1871. with `/foo` AND it contains the `version: v1` header: \n
  1872. ``` match: path: value: \"/foo\" headers: - name:
  1873. \"version\" value \"v1\" ```"
  1874. properties:
  1875. headers:
  1876. description: Headers specifies HTTP request header matchers.
  1877. Multiple match values are ANDed together, meaning, a
  1878. request must match all the specified headers to select
  1879. the route.
  1880. items:
  1881. description: HTTPHeaderMatch describes how to select
  1882. a HTTP route by matching HTTP request headers.
  1883. properties:
  1884. name:
  1885. description: "Name is the name of the HTTP Header
  1886. to be matched. Name matching MUST be case insensitive.
  1887. (See https://tools.ietf.org/html/rfc7230#section-3.2).
  1888. \n If multiple entries specify equivalent header
  1889. names, only the first entry with an equivalent
  1890. name MUST be considered for a match. Subsequent
  1891. entries with an equivalent header name MUST be
  1892. ignored. Due to the case-insensitivity of header
  1893. names, \"foo\" and \"Foo\" are considered equivalent.
  1894. \n When a header is repeated in an HTTP request,
  1895. it is implementation-specific behavior as to how
  1896. this is represented. Generally, proxies should
  1897. follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
  1898. regarding processing a repeated header, with special
  1899. handling for \"Set-Cookie\"."
  1900. maxLength: 256
  1901. minLength: 1
  1902. pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
  1903. type: string
  1904. type:
  1905. default: Exact
  1906. description: "Type specifies how to match against
  1907. the value of the header. \n Support: Core (Exact)
  1908. \n Support: Custom (RegularExpression) \n Since
  1909. RegularExpression HeaderMatchType has custom conformance,
  1910. implementations can support POSIX, PCRE or any
  1911. other dialects of regular expressions. Please
  1912. read the implementation's documentation to determine
  1913. the supported dialect."
  1914. enum:
  1915. - Exact
  1916. - RegularExpression
  1917. type: string
  1918. value:
  1919. description: Value is the value of HTTP Header to
  1920. be matched.
  1921. maxLength: 4096
  1922. minLength: 1
  1923. type: string
  1924. required:
  1925. - name
  1926. - value
  1927. type: object
  1928. maxItems: 16
  1929. type: array
  1930. x-kubernetes-list-map-keys:
  1931. - name
  1932. x-kubernetes-list-type: map
  1933. method:
  1934. description: "Method specifies HTTP method matcher. When
  1935. specified, this route will be matched only if the request
  1936. has the specified method. \n Support: Extended"
  1937. enum:
  1938. - GET
  1939. - HEAD
  1940. - POST
  1941. - PUT
  1942. - DELETE
  1943. - CONNECT
  1944. - OPTIONS
  1945. - TRACE
  1946. - PATCH
  1947. type: string
  1948. path:
  1949. default:
  1950. type: PathPrefix
  1951. value: /
  1952. description: Path specifies a HTTP request path matcher.
  1953. If this field is not specified, a default prefix match
  1954. on the "/" path is provided.
  1955. properties:
  1956. type:
  1957. default: PathPrefix
  1958. description: "Type specifies how to match against
  1959. the path Value. \n Support: Core (Exact, PathPrefix)
  1960. \n Support: Custom (RegularExpression)"
  1961. enum:
  1962. - Exact
  1963. - PathPrefix
  1964. - RegularExpression
  1965. type: string
  1966. value:
  1967. default: /
  1968. description: Value of the HTTP path to match against.
  1969. maxLength: 1024
  1970. type: string
  1971. type: object
  1972. queryParams:
  1973. description: QueryParams specifies HTTP query parameter
  1974. matchers. Multiple match values are ANDed together,
  1975. meaning, a request must match all the specified query
  1976. parameters to select the route.
  1977. items:
  1978. description: HTTPQueryParamMatch describes how to select
  1979. a HTTP route by matching HTTP query parameters.
  1980. properties:
  1981. name:
  1982. description: Name is the name of the HTTP query
  1983. param to be matched. This must be an exact string
  1984. match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
  1985. maxLength: 256
  1986. minLength: 1
  1987. type: string
  1988. type:
  1989. default: Exact
  1990. description: "Type specifies how to match against
  1991. the value of the query parameter. \n Support:
  1992. Extended (Exact) \n Support: Custom (RegularExpression)
  1993. \n Since RegularExpression QueryParamMatchType
  1994. has custom conformance, implementations can support
  1995. POSIX, PCRE or any other dialects of regular expressions.
  1996. Please read the implementation's documentation
  1997. to determine the supported dialect."
  1998. enum:
  1999. - Exact
  2000. - RegularExpression
  2001. type: string
  2002. value:
  2003. description: Value is the value of HTTP query param
  2004. to be matched.
  2005. maxLength: 1024
  2006. minLength: 1
  2007. type: string
  2008. required:
  2009. - name
  2010. - value
  2011. type: object
  2012. maxItems: 16
  2013. type: array
  2014. x-kubernetes-list-map-keys:
  2015. - name
  2016. x-kubernetes-list-type: map
  2017. type: object
  2018. maxItems: 8
  2019. type: array
  2020. type: object
  2021. maxItems: 16
  2022. type: array
  2023. type: object
  2024. status:
  2025. description: Status defines the current state of HTTPRoute.
  2026. properties:
  2027. parents:
  2028. description: "Parents is a list of parent resources (usually Gateways)
  2029. that are associated with the route, and the status of the route
  2030. with respect to each parent. When this route attaches to a parent,
  2031. the controller that manages the parent must add an entry to this
  2032. list when the controller first sees the route and should update
  2033. the entry as appropriate when the route or gateway is modified.
  2034. \n Note that parent references that cannot be resolved by an implementation
  2035. of this API will not be added to this list. Implementations of this
  2036. API can only populate Route status for the Gateways/parent resources
  2037. they are responsible for. \n A maximum of 32 Gateways will be represented
  2038. in this list. An empty list means the route has not been attached
  2039. to any Gateway."
  2040. items:
  2041. description: RouteParentStatus describes the status of a route with
  2042. respect to an associated Parent.
  2043. properties:
  2044. conditions:
  2045. description: "Conditions describes the status of the route with
  2046. respect to the Gateway. Note that the route's availability
  2047. is also subject to the Gateway's own status conditions and
  2048. listener status. \n If the Route's ParentRef specifies an
  2049. existing Gateway that supports Routes of this kind AND that
  2050. Gateway's controller has sufficient access, then that Gateway's
  2051. controller MUST set the \"Accepted\" condition on the Route,
  2052. to indicate whether the route has been accepted or rejected
  2053. by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
  2054. if at least one of the Route's rules is implemented by the
  2055. Gateway. \n There are a number of cases where the \"Accepted\"
  2056. condition may not be set due to lack of controller visibility,
  2057. that includes when: \n * The Route refers to a non-existent
  2058. parent. * The Route is of a type that the controller does
  2059. not support. * The Route is in a namespace the the controller
  2060. does not have access to."
  2061. items:
  2062. description: "Condition contains details for one aspect of
  2063. the current state of this API Resource. --- This struct
  2064. is intended for direct use as an array at the field path
  2065. .status.conditions. For example, type FooStatus struct{
  2066. \ // Represents the observations of a foo's current state.
  2067. \ // Known .status.conditions.type are: \"Available\",
  2068. \"Progressing\", and \"Degraded\" // +patchMergeKey=type
  2069. \ // +patchStrategy=merge // +listType=map //
  2070. +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
  2071. patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
  2072. \n // other fields }"
  2073. properties:
  2074. lastTransitionTime:
  2075. description: lastTransitionTime is the last time the condition
  2076. transitioned from one status to another. This should
  2077. be when the underlying condition changed. If that is
  2078. not known, then using the time when the API field changed
  2079. is acceptable.
  2080. format: date-time
  2081. type: string
  2082. message:
  2083. description: message is a human readable message indicating
  2084. details about the transition. This may be an empty string.
  2085. maxLength: 32768
  2086. type: string
  2087. observedGeneration:
  2088. description: observedGeneration represents the .metadata.generation
  2089. that the condition was set based upon. For instance,
  2090. if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
  2091. is 9, the condition is out of date with respect to the
  2092. current state of the instance.
  2093. format: int64
  2094. minimum: 0
  2095. type: integer
  2096. reason:
  2097. description: reason contains a programmatic identifier
  2098. indicating the reason for the condition's last transition.
  2099. Producers of specific condition types may define expected
  2100. values and meanings for this field, and whether the
  2101. values are considered a guaranteed API. The value should
  2102. be a CamelCase string. This field may not be empty.
  2103. maxLength: 1024
  2104. minLength: 1
  2105. pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
  2106. type: string
  2107. status:
  2108. description: status of the condition, one of True, False,
  2109. Unknown.
  2110. enum:
  2111. - "True"
  2112. - "False"
  2113. - Unknown
  2114. type: string
  2115. type:
  2116. description: type of condition in CamelCase or in foo.example.com/CamelCase.
  2117. --- Many .condition.type values are consistent across
  2118. resources like Available, but because arbitrary conditions
  2119. can be useful (see .node.status.conditions), the ability
  2120. to deconflict is important. The regex it matches is
  2121. (dns1123SubdomainFmt/)?(qualifiedNameFmt)
  2122. maxLength: 316
  2123. pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
  2124. type: string
  2125. required:
  2126. - lastTransitionTime
  2127. - message
  2128. - reason
  2129. - status
  2130. - type
  2131. type: object
  2132. maxItems: 8
  2133. minItems: 1
  2134. type: array
  2135. x-kubernetes-list-map-keys:
  2136. - type
  2137. x-kubernetes-list-type: map
  2138. controllerName:
  2139. description: "ControllerName is a domain/path string that indicates
  2140. the name of the controller that wrote this status. This corresponds
  2141. with the controllerName field on GatewayClass. \n Example:
  2142. \"example.net/gateway-controller\". \n The format of this
  2143. field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
  2144. Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)."
  2145. maxLength: 253
  2146. minLength: 1
  2147. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
  2148. type: string
  2149. parentRef:
  2150. description: ParentRef corresponds with a ParentRef in the spec
  2151. that this RouteParentStatus struct describes the status of.
  2152. properties:
  2153. group:
  2154. default: gateway.networking.k8s.io
  2155. description: "Group is the group of the referent. \n Support:
  2156. Core"
  2157. maxLength: 253
  2158. pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  2159. type: string
  2160. kind:
  2161. default: Gateway
  2162. description: "Kind is kind of the referent. \n Support:
  2163. Core (Gateway) Support: Custom (Other Resources)"
  2164. maxLength: 63
  2165. minLength: 1
  2166. pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
  2167. type: string
  2168. name:
  2169. description: "Name is the name of the referent. \n Support:
  2170. Core"
  2171. maxLength: 253
  2172. minLength: 1
  2173. type: string
  2174. namespace:
  2175. description: "Namespace is the namespace of the referent.
  2176. When unspecified (or empty string), this refers to the
  2177. local namespace of the Route. \n Support: Core"
  2178. maxLength: 63
  2179. minLength: 1
  2180. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
  2181. type: string
  2182. sectionName:
  2183. description: "SectionName is the name of a section within
  2184. the target resource. In the following resources, SectionName
  2185. is interpreted as the following: \n * Gateway: Listener
  2186. Name \n Implementations MAY choose to support attaching
  2187. Routes to other resources. If that is the case, they MUST
  2188. clearly document how SectionName is interpreted. \n When
  2189. unspecified (empty string), this will reference the entire
  2190. resource. For the purpose of status, an attachment is
  2191. considered successful if at least one section in the parent
  2192. resource accepts it. For example, Gateway listeners can
  2193. restrict which Routes can attach to them by Route kind,
  2194. namespace, or hostname. If 1 of 2 Gateway listeners accept
  2195. attachment from the referencing Route, the Route MUST
  2196. be considered successfully attached. If no Gateway listeners
  2197. accept attachment from this Route, the Route MUST be considered
  2198. detached from the Gateway. \n Support: Core"
  2199. maxLength: 253
  2200. minLength: 1
  2201. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  2202. type: string
  2203. required:
  2204. - name
  2205. type: object
  2206. required:
  2207. - controllerName
  2208. - parentRef
  2209. type: object
  2210. maxItems: 32
  2211. type: array
  2212. required:
  2213. - parents
  2214. type: object
  2215. required:
  2216. - spec
  2217. type: object
  2218. served: true
  2219. storage: true
  2220. subresources:
  2221. status: {}
  2222. status:
  2223. acceptedNames:
  2224. kind: ""
  2225. plural: ""
  2226. conditions: []
  2227. storedVersions: []

RBAC

  1. ---
  2. apiVersion: rbac.authorization.k8s.io/v1
  3. kind: ClusterRole
  4. metadata:
  5. name: gateway-role
  6. rules:
  7. - apiGroups:
  8. - ""
  9. resources:
  10. - namespaces
  11. verbs:
  12. - list
  13. - watch
  14. - apiGroups:
  15. - ""
  16. resources:
  17. - services
  18. - endpoints
  19. - secrets
  20. verbs:
  21. - get
  22. - list
  23. - watch
  24. - apiGroups:
  25. - gateway.networking.k8s.io
  26. resources:
  27. - gatewayclasses
  28. - gateways
  29. - httproutes
  30. - tcproutes
  31. - tlsroutes
  32. verbs:
  33. - get
  34. - list
  35. - watch
  36. - apiGroups:
  37. - gateway.networking.k8s.io
  38. resources:
  39. - gatewayclasses/status
  40. - gateways/status
  41. - httproutes/status
  42. - tcproutes/status
  43. - tlsroutes/status
  44. verbs:
  45. - update
  46. ---
  47. apiVersion: rbac.authorization.k8s.io/v1
  48. kind: ClusterRoleBinding
  49. metadata:
  50. name: gateway-controller
  51. roleRef:
  52. apiGroup: rbac.authorization.k8s.io
  53. kind: ClusterRole
  54. name: gateway-role
  55. subjects:
  56. - kind: ServiceAccount
  57. name: traefik-controller
  58. namespace: default

The Kubernetes Gateway API project provides several guides on how to use the APIs. These guides can help you to go further than the example above. The getting started guide details how to install the CRDs from their repository.

Keep in mind that the Traefik Gateway provider only supports the v0.4.0 (v1alpha2).

For now, the Traefik Gateway Provider can be used while following the below guides:

Resource Configuration

When using Kubernetes Gateway API as a provider, Traefik uses Kubernetes Custom Resource Definitions to retrieve its routing configuration.

All concepts can be found in the official API concepts documentation. Traefik implements the following resources:

  • GatewayClass defines a set of Gateways that share a common configuration and behaviour.
  • Gateway describes how traffic can be translated to Services within the cluster.
  • HTTPRoute defines HTTP rules for mapping requests from a Gateway to Kubernetes Services.
  • TCPRoute defines TCP rules for mapping requests from a Gateway to Kubernetes Services.
  • TLSRoute defines TLS rules for mapping requests from a Gateway to Kubernetes Services.

Provider Configuration

endpoint

Optional, Default=””

The Kubernetes server endpoint URL.

When deployed into Kubernetes, Traefik reads the environment variables KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT or KUBECONFIG to construct the endpoint.

The access token is looked up in /var/run/secrets/kubernetes.io/serviceaccount/token and the SSL CA certificate in /var/run/secrets/kubernetes.io/serviceaccount/ca.crt. Both are mounted automatically when deployed inside Kubernetes.

The endpoint may be specified to override the environment variable values inside a cluster.

When the environment variables are not found, Traefik tries to connect to the Kubernetes API server with an external-cluster client. In this case, the endpoint is required. Specifically, it may be set to the URL used by kubectl proxy to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.

File (YAML)

  1. providers:
  2. kubernetesGateway:
  3. endpoint: "http://localhost:8080"
  4. # ...

File (TOML)

  1. [providers.kubernetesGateway]
  2. endpoint = "http://localhost:8080"
  3. # ...

CLI

  1. --providers.kubernetesgateway.endpoint=http://localhost:8080

token

Optional, Default=””

Bearer token used for the Kubernetes client configuration.

File (YAML)

  1. providers:
  2. kubernetesGateway:
  3. token: "mytoken"
  4. # ...

File (TOML)

  1. [providers.kubernetesGateway]
  2. token = "mytoken"
  3. # ...

CLI

  1. --providers.kubernetesgateway.token=mytoken

certAuthFilePath

Optional, Default=””

Path to the certificate authority file. Used for the Kubernetes client configuration.

File (YAML)

  1. providers:
  2. kubernetesGateway:
  3. certAuthFilePath: "/my/ca.crt"
  4. # ...

File (TOML)

  1. [providers.kubernetesGateway]
  2. certAuthFilePath = "/my/ca.crt"
  3. # ...

CLI

  1. --providers.kubernetesgateway.certauthfilepath=/my/ca.crt

namespaces

Optional, Default: []

Array of namespaces to watch. If left empty, Traefik watches all namespaces.

File (YAML)

  1. providers:
  2. kubernetesGateway:
  3. namespaces:
  4. - "default"
  5. - "production"
  6. # ...

File (TOML)

  1. [providers.kubernetesGateway]
  2. namespaces = ["default", "production"]
  3. # ...

CLI

  1. --providers.kubernetesgateway.namespaces=default,production

labelselector

Optional, Default: “”

A label selector can be defined to filter on specific GatewayClass objects only. If left empty, Traefik processes all GatewayClass objects in the configured namespaces.

See label-selectors for details.

File (YAML)

  1. providers:
  2. kubernetesGateway:
  3. labelselector: "app=traefik"
  4. # ...

File (TOML)

  1. [providers.kubernetesGateway]
  2. labelselector = "app=traefik"
  3. # ...

CLI

  1. --providers.kubernetesgateway.labelselector="app=traefik"

throttleDuration

Optional, Default: 0

The throttleDuration option defines how often the provider is allowed to handle events from Kubernetes. This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.

If left empty, the provider does not apply any throttling and does not drop any Kubernetes events.

The value of throttleDuration should be provided in seconds or as a valid duration format, see time.ParseDuration.

File (YAML)

  1. providers:
  2. kubernetesGateway:
  3. throttleDuration: "10s"
  4. # ...

File (TOML)

  1. [providers.kubernetesGateway]
  2. throttleDuration = "10s"
  3. # ...

CLI

  1. --providers.kubernetesgateway.throttleDuration=10s

Using Traefik for Business Applications?

If you are using Traefik in your organization, consider our enterprise-grade solutions:

These tools help businesses discover, deploy, secure, and manage microservices and APIs easily, at scale, across any environment.