HTTPRoute
gateway.networking.k8s.io/v1
Gateway API Versionv1.6.0
HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed.
---
config:
theme: base
themeVariables:
secondaryColor: '#ffffff'
---
block
columns 7
classDef al_ref_box fill:#F2F2F2,stroke:#555;
classDef al_mgw_box fill:#70991F,stroke:#555;
classDef al_gwapi_box fill:#326CE5,stroke:#555;
classDef al_std_box fill:#808B8F,stroke:#555;
classDef al_self_box fill:#326CE5,stroke:#777,stroke-width:5px;
space:2
block:Targets:3
columns 3
Gateway["<a href='../../../gateway-api/gateway/v1'> Gateway </a>"]
ListenerSet["<a href='../../../gateway-api/listener-set/v1'> ListenerSet </a>"]
space:1
class Gateway,ListenerSet al_gwapi_box
end
class Targets al_ref_box
space:2
space:7
block:RefBy:1
columns 1
ReferenceGrant["<a href='../../../gateway-api/reference-grant/v1'> ReferenceGrant </a>"]
space:2
class ReferenceGrant al_gwapi_box
end
class RefBy al_ref_box
space:2
HTTPRoute["<a href='../../../gateway-api/http-route/v1'> <b>HTTPRoute</b> </a>"]
class HTTPRoute al_self_box
space:2
block:Ref:1
columns 1
Service["<a href='https://kubernetes.io/docs/concepts/services-networking/service/'> Service </a>"]
space:2
class Service al_std_box
end
class Ref al_ref_box
space:7
space:2
block:TargetedBy:3
columns 3
AccessControlPolicy["<a href='../../../microgateway/access-control-policy/v1alpha1'> AccessControlPolicy </a>"]
ContentSecurityPolicy["<a href='../../../microgateway/content-security-policy/v1alpha1'> ContentSecurityPolicy </a>"]
CustomResponsePolicy["<a href='../../../microgateway/custom-response-policy/v1alpha1'> CustomResponsePolicy </a>"]
EnvoyExtensionPolicy["<a href='../../../microgateway/envoy-extension-policy/v1alpha1'> EnvoyExtensionPolicy </a>"]
ICAPPolicy["<a href='../../../microgateway/icap-policy/v1alpha1'> ICAPPolicy </a>"]
LogMaskingPolicy["<a href='../../../microgateway/log-masking-policy/v1alpha1'> LogMaskingPolicy </a>"]
RateLimitPolicy["<a href='../../../microgateway/rate-limit-policy/v1alpha1'> RateLimitPolicy </a>"]
space:2
class AccessControlPolicy,ContentSecurityPolicy,CustomResponsePolicy,EnvoyExtensionPolicy,ICAPPolicy,LogMaskingPolicy,RateLimitPolicy al_mgw_box
end
class TargetedBy al_ref_box
space:2
HTTPRoute -- "<i>attaches to</i>" --> Targets
RefBy -- "<br><i>references</i>" --> HTTPRoute
HTTPRoute -- "<br><i>references</i>" --> Ref
TargetedBy -- "<i>attaches to</i>" --> HTTPRoute
HTTPRoute
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| metadata | defines the resource’s metadata | ObjectMeta | yes | ||
| spec | defines the desired state of HTTPRoute. | object | yes | ||
| status | defines the current state of HTTPRoute. | object | no |
HTTPRoute.spec
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| hostnames | defines a set of hostnames that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match and (absent of any applicable header modification configuration) MUST forward this header unmodified to the backend. Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions:
*.) are interpreted as a suffix match. That means that a match for *.example.com would match both test.example.com, and foo.test.example.com, but not example.com. If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified *.example.com, and the HTTPRoute specified test.example.com and test.example.net, test.example.net must not be considered for a match. If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an ‘Accepted’ Condition with a status of False in the corresponding RouteParentStatus. In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of:
|
string[] | no | ||
| parentRefs |
ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a “producer” route, or the mesh implementation must support and allow “consumer” routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a “producer” route for a Service in a different namespace from the Route. ParentRefs must be distinct. This means either that:
Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. Note: This section only applies to the Gateway API experimental channel ParentRefs from a Route to a Service in the same namespace are “producer” routes, which apply default routing rules to inbound connections from any namespace to the Service. ParentRefs from a Route to a Service in a different namespace are “consumer” routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. Supported kinds: Gateway, ListenerSet |
object[] | no | ||
| rules | are a list of HTTP matchers, filters and actions. | object[] | no | ||
| useDefaultGateways | Not supported | enum | no | All, None |
HTTPRoute.spec.parentRefs[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| group |
Group is the group of the referent.
Supported groups: |
string | no | gateway.networking.k8s.io |
|
| kind |
Kind is kind of the referent. Supported kinds: Gateway, ListenerSet |
string | no | Gateway |
|
| name | is the name of the referent. | string | yes | ||
| namespace | is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. Note: This section only applies to the Gateway API experimental channel ParentRefs from a Route to a Service in the same namespace are “producer” routes, which apply default routing rules to inbound connections from any namespace to the Service. ParentRefs from a Route to a Service in a different namespace are “consumer” routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. |
string | no | ||
| port | is the network port this Route targets. It can be interpreted differently based on the type of parent resource. When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It’s not recommended to set Port unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. Note: This section only applies to the Gateway API experimental channel When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. |
int32 | no | [1, 65535] |
|
| sectionName | is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following:
If that is the case, they MUST clearly document how SectionName is interpreted. When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. |
string | no |
HTTPRoute.spec.rules[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| backendRefs |
BackendRefs defines the backend(s) where matching requests should be sent. Supported kinds: Service |
object[] | no | ||
| filters | define the filters that are applied to requests that match this rule. Wherever possible, implementations SHOULD implement filters in the order they are specified. Implementations MAY choose to implement this ordering strictly, rejecting any combination or order of filters that cannot be supported. If implementations choose a strict interpretation of filter ordering, they MUST clearly document that behavior. To reject an invalid combination or order of filters, implementations SHOULD consider the Route Rules with this configuration invalid. If all Route Rules in a Route are invalid, the entire Route would be considered invalid. If only a portion of Route Rules are invalid, implementations MUST set the “PartiallyInvalid” condition for the Route. Conformance-levels at this level are defined based on the type of filter:
All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation cannot support other combinations of filters, they must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the Accepted condition to be set to status False, implementations may use the IncompatibleFilters reason to specify this configuration error. |
object[] | no | ||
| matches | define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if any one of the matches is satisfied. For example, take the following matches configuration: For a request to match against this rule, a request must satisfy EITHER of the two conditions:
If no matches are specified, the default is a prefix path match on “/”, which has the effect of matching every HTTP request. Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having:
If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties:
When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned. |
object[] | no | ||
| name | is the name of the route rule. This name MUST be unique within a Route if it is set. | string | no | ||
| retry | defines the configuration for when to retry an HTTP request. Support: Extended Note: This property is only available in the Gateway API experimental channel |
object | no | ||
| sessionPersistence | Not supported | object | no | ||
| timeouts | defines the timeouts that can be configured for an HTTP request. | object | no |
HTTPRoute.spec.rules[].backendRefs[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| filters | Not supported | object[] | no | ||
| group |
Group is the group of the referent. For example, “gateway.networking.k8s.io”.
Supported groups: |
string | no | "" |
|
| kind |
Kind is the Kubernetes resource kind of the referent. For example “Service”. Supported kinds: Service |
string | no | Service |
|
| name | is the name of the referent. | string | yes | ||
| namespace | is the namespace of the backend. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace’s owner to accept the reference. See the ReferenceGrant documentation for details. |
string | no | ||
| port | specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. |
int32 | no | [1, 65535] |
|
| weight | specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. Support for this field varies based on the context where used. |
int32 | no | 1 |
[0, 1000000] |
HTTPRoute.spec.rules[].backendRefs[].filters[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| cors | Not supported | object | no | ||
| extensionRef | Not supported | object | no | ||
| externalAuth | Not supported | object | no | ||
| requestHeaderModifier | Not supported | object | no | ||
| requestMirror | Not supported | object | no | ||
| requestRedirect | Not supported | object | no | ||
| responseHeaderModifier | Not supported | object | no | ||
| type | Not supported | string | yes | CORS, ExtensionRef, RequestHeaderModifier, RequestMirror, RequestRedirect, ResponseHeaderModifier, URLRewrite |
|
| urlRewrite | Not supported | object | no |
HTTPRoute.spec.rules[].backendRefs[].filters[].cors
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| allowCredentials | Not supported | bool | no | true, false |
|
| allowHeaders | Not supported | string[] | no | ||
| allowMethods | Not supported | enum[] | no | *, CONNECT, DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT, TRACE |
|
| allowOrigins | Not supported | string[] | no | ||
| exposeHeaders | Not supported | string[] | no | ||
| maxAge | Not supported | int32 | no | 5 |
[1, 2147483647] |
HTTPRoute.spec.rules[].backendRefs[].filters[].extensionRef
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| group | Not supported | string | yes | ||
| kind | Not supported | string | yes | ||
| name | Not supported | string | yes |
HTTPRoute.spec.rules[].backendRefs[].filters[].externalAuth
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| backendRef | Not supported | object | yes | ||
| forwardBody | Not supported | object | no | ||
| grpc | Not supported | object | no | ||
| http | Not supported | object | no | ||
| protocol | Not supported | string | yes | GRPC, HTTP |
HTTPRoute.spec.rules[].backendRefs[].filters[].externalAuth.backendRef
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| group | Not supported | string | no | "" |
|
| kind | Not supported | string | no | Service |
|
| name | Not supported | string | yes | ||
| namespace | Not supported | string | no | ||
| port | Not supported | int32 | no | [1, 65535] |
HTTPRoute.spec.rules[].backendRefs[].filters[].externalAuth.forwardBody
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| maxSize | Not supported | uint16 | no | [0, 65535] |
HTTPRoute.spec.rules[].backendRefs[].filters[].externalAuth.grpc
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| allowedHeaders | Not supported | string[] | no |
HTTPRoute.spec.rules[].backendRefs[].filters[].externalAuth.http
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| allowedHeaders | Not supported | string[] | no | ||
| allowedResponseHeaders | Not supported | string[] | no | ||
| path | Not supported | string | no |
HTTPRoute.spec.rules[].backendRefs[].filters[].requestHeaderModifier
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| add | Not supported | object[] | no | ||
| remove | Not supported | string[] | no | ||
| set | Not supported | object[] | no |
HTTPRoute.spec.rules[].backendRefs[].filters[].requestHeaderModifier.add[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | Not supported | string | yes | ||
| value | Not supported | string | yes |
HTTPRoute.spec.rules[].backendRefs[].filters[].requestHeaderModifier.set[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | Not supported | string | yes | ||
| value | Not supported | string | yes |
HTTPRoute.spec.rules[].backendRefs[].filters[].requestMirror
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| backendRef | Not supported | object | yes | ||
| fraction | Not supported | object | no | ||
| percent | Not supported | int32 | no | [0, 100] |
HTTPRoute.spec.rules[].backendRefs[].filters[].requestMirror.backendRef
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| group | Not supported | string | no | "" |
|
| kind | Not supported | string | no | Service |
|
| name | Not supported | string | yes | ||
| namespace | Not supported | string | no | ||
| port | Not supported | int32 | no | [1, 65535] |
HTTPRoute.spec.rules[].backendRefs[].filters[].requestMirror.fraction
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| denominator | Not supported | int32 | no | 100 |
[1, 2147483647] |
| numerator | Not supported | int32 | yes | [0, 2147483647] |
HTTPRoute.spec.rules[].backendRefs[].filters[].requestRedirect
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| hostname | Not supported | string | no | ||
| path | Not supported | object | no | ||
| port | Not supported | int32 | no | [1, 65535] |
|
| scheme | Not supported | string | no | http, https |
|
| statusCode | Not supported | int | no | 302 |
301, 302, 303, 307, 308 |
HTTPRoute.spec.rules[].backendRefs[].filters[].requestRedirect.path
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| replaceFullPath | Not supported | string | no | ||
| replacePrefixMatch | Not supported | string | no | ||
| type | Not supported | string | yes | ReplaceFullPath, ReplacePrefixMatch |
HTTPRoute.spec.rules[].backendRefs[].filters[].responseHeaderModifier
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| add | Not supported | object[] | no | ||
| remove | Not supported | string[] | no | ||
| set | Not supported | object[] | no |
HTTPRoute.spec.rules[].backendRefs[].filters[].responseHeaderModifier.add[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | Not supported | string | yes | ||
| value | Not supported | string | yes |
HTTPRoute.spec.rules[].backendRefs[].filters[].responseHeaderModifier.set[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | Not supported | string | yes | ||
| value | Not supported | string | yes |
HTTPRoute.spec.rules[].backendRefs[].filters[].urlRewrite
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| hostname | Not supported | string | no | ||
| path | Not supported | object | no |
HTTPRoute.spec.rules[].backendRefs[].filters[].urlRewrite.path
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| replaceFullPath | Not supported | string | no | ||
| replacePrefixMatch | Not supported | string | no | ||
| type | Not supported | string | yes | ReplaceFullPath, ReplacePrefixMatch |
HTTPRoute.spec.rules[].filters[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| cors | defines a schema for a filter that responds to the cross-origin request based on HTTP response header. | object | no | ||
| extensionRef | Not supported | object | no | ||
| externalAuth | Not supported | object | no | ||
| requestHeaderModifier | defines a schema for a filter that modifies request headers. | object | no | ||
| requestMirror | Not supported | object | no | ||
| requestRedirect | defines a schema for a filter that responds to the request with an HTTP redirection. | object | no | ||
| responseHeaderModifier | defines a schema for a filter that modifies response headers. | object | no | ||
| type |
Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels:
If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. Unknown values here must result in the implementation setting the Accepted Condition for the Route to status: False, with a Reason of UnsupportedValue.
Supported types:
|
string | yes | CORS, ExtensionRef, RequestHeaderModifier, RequestMirror, RequestRedirect, ResponseHeaderModifier, URLRewrite |
|
| urlRewrite | defines a schema for a filter that modifies a request during forwarding. | object | no |
HTTPRoute.spec.rules[].filters[].cors
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| allowCredentials | indicates whether the actual cross-origin request allows to include credentials. When set to true, the gateway will include the Access-Control-Allow-Credentials response header with value true (case-sensitive). When set to false or omitted the gateway will omit the header Access-Control-Allow-Credentials entirely (this is the standard CORS behavior). |
bool | no | true, false |
|
| allowHeaders | indicates which HTTP request headers are supported for accessing the requested resource. Header names are not case-sensitive. Multiple header names in the value of the Access-Control-Allow-Headers response header are separated by a comma (","). When the allowHeaders field is configured with one or more headers, the gateway must return the Access-Control-Allow-Headers response header which value is present in the allowHeaders field. If any header name in the Access-Control-Request-Headers request header is not included in the list of header names specified by the response header Access-Control-Allow-Headers, it will present an error on the client side. If any header name in the Access-Control-Allow-Headers response header does not recognize by the client, it will also occur an error on the client side. A wildcard indicates that the requests with all HTTP headers are allowed. If the configuration contains the wildcard * in allowHeaders and allowCredentials is set to false, the Access-Control-Allow-Headers response header may either contain the wildcard * or echo the value of the Access-Control-Request-Headers request header. If the configuration contains the wildcard * in allowHeaders and allowCredentials is set to true, the gateway must not return * in the Access-Control-Allow-Headers response header. Instead, it must return one or more header names matching the value of the Access-Control-Request-Headers request header. If the Access-Control-Request-Headers header is not present in the request, the gateway must omit the Access-Control-Allow-Headers response header. |
string[] | no | ||
| allowMethods | indicates which HTTP methods are supported for accessing the requested resource. Valid values are any method defined by RFC9110, along with the special value *, which represents all HTTP methods are allowed. Method names are case-sensitive, so these values are also case-sensitive. (See https://www.rfc-editor.org/rfc/rfc2616#section-5.1.1) Multiple method names in the value of the Access-Control-Allow-Methods response header are separated by a comma (","). A CORS-safelisted method is a method that is GET, HEAD, or POST. (See https://fetch.spec.whatwg.org/#cors-safelisted-method) The CORS-safelisted methods are always allowed, regardless of whether they are specified in the allowMethods field. When the allowMethods field is configured with one or more methods, the gateway must return the Access-Control-Allow-Methods response header which value is present in the allowMethods field. If the HTTP method of the Access-Control-Request-Method request header is not included in the list of methods specified by the response header Access-Control-Allow-Methods, it will present an error on the client side. If the configuration contains the wildcard * in allowMethods and allowCredentials is set to false, the Access-Control-Allow-Methods response header may either contain the wildcard * or echo the value of the Access-Control-Request-Method request header. If the configuration contains the wildcard * in allowMethods and allowCredentials is set to true, the gateway must not return * in the Access-Control-Allow-Methods response header. Instead, it must return a single HTTP method matching the value of the Access-Control-Request-Method request header. If the Access-Control-Request-Method header is not present in the request, the gateway must omit the Access-Control-Allow-Methods response header. |
enum[] | no | *, CONNECT, DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT, TRACE |
|
| allowOrigins | indicates whether the response can be shared with requested resource from the given Origin. The Origin consists of a scheme and a host, with an optional port, and takes the form <scheme>://<host>(:<port>). Valid values for scheme are: http and https. Valid values for port are any integer between 1 and 65535 (the list of available TCP/UDP ports). Note that, if not included, port 80 is assumed for http scheme origins, and port 443 is assumed for https origins. This may affect origin matching. The host part of the origin may contain the wildcard character *. These wildcard characters behave as follows:
* character indicates requests from all Origins are allowed. When the allowOrigins field is configured with multiple origins, it means the server supports clients from multiple origins. If the request Origin matches the configured allowed origins, the gateway must return the given Origin and sets value of the header Access-Control-Allow-Origin same as the Origin header provided by the client. The status code of a successful response to a “preflight” request is always an OK status (i.e., 204 or 200). If the request Origin does not match the configured allowed origins, the gateway returns 204/200 response but doesn’t set the relevant cross-origin response headers. Alternatively, the gateway responds with 403 status to the “preflight” request is denied, coupled with omitting the CORS headers. The cross-origin request fails on the client side. Therefore, the client doesn’t attempt the actual cross-origin request. Conversely, if the request Origin matches one of the configured allowed origins, the gateway sets the response header Access-Control-Allow-Origin to the same value as the Origin header provided by the client. If the configuration contains the wildcard * in allowOrigins and allowCredentials is set to false, the Access-Control-Allow-Origin response header may either contain the wildcard * or echo the value of the Origin request header. If the configuration contains the wildcard * in allowOrigins and allowCredentials is set to true, the gateway must not return * in the Access-Control-Allow-Origin response header. Instead, it must return a single origin matching the value of the Origin request header. |
string[] | no | ||
| exposeHeaders | indicates which HTTP response headers can be exposed to client-side scripts in response to a cross-origin request. A CORS-safelisted response header is an HTTP header in a CORS response that it is considered safe to expose to the client scripts. The CORS-safelisted response headers include the following headers: Cache-Control Content-Language Content-Length Content-Type Expires Last-Modified Pragma (See https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name) The CORS-safelisted response headers are exposed to client by default. When an HTTP header name is specified using the exposeHeaders field, this additional header will be exposed as part of the response to the client. Header names are not case-sensitive. Multiple header names in the value of the Access-Control-Expose-Headers response header are separated by a comma (","). A wildcard indicates that the responses with all HTTP headers are exposed to clients. If the configuration contains the wildcard * in exposeHeaders and allowCredentials is set to false, the Access-Control-Expose-Headers response header can contain the wildcard *. If the configuration contains the wildcard * in exposeHeaders and allowCredentials is set to true, the gateway cannot use the * in the Access-Control-Expose-Headers response header. |
string[] | no | ||
| maxAge | indicates the duration (in seconds) for the client to cache the results of a “preflight” request. The information provided by the Access-Control-Allow-Methods and Access-Control-Allow-Headers response headers can be cached by the client until the time specified by Access-Control-Max-Age elapses. The default value of Access-Control-Max-Age response header is 5 (seconds). When the MaxAge field is unspecified, the gateway sets the response header “Access-Control-Max-Age: 5” by default. |
int32 | no | 5 |
[1, 2147483647] |
HTTPRoute.spec.rules[].filters[].extensionRef
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| group | Not supported | string | yes | ||
| kind | Not supported | string | yes | ||
| name | Not supported | string | yes |
HTTPRoute.spec.rules[].filters[].externalAuth
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| backendRef | Not supported | object | yes | ||
| forwardBody | Not supported | object | no | ||
| grpc | Not supported | object | no | ||
| http | Not supported | object | no | ||
| protocol | Not supported | string | yes | GRPC, HTTP |
HTTPRoute.spec.rules[].filters[].externalAuth.backendRef
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| group | Not supported | string | no | "" |
|
| kind | Not supported | string | no | Service |
|
| name | Not supported | string | yes | ||
| namespace | Not supported | string | no | ||
| port | Not supported | int32 | no | [1, 65535] |
HTTPRoute.spec.rules[].filters[].externalAuth.forwardBody
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| maxSize | Not supported | uint16 | no | [0, 65535] |
HTTPRoute.spec.rules[].filters[].externalAuth.grpc
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| allowedHeaders | Not supported | string[] | no |
HTTPRoute.spec.rules[].filters[].externalAuth.http
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| allowedHeaders | Not supported | string[] | no | ||
| allowedResponseHeaders | Not supported | string[] | no | ||
| path | Not supported | string | no |
HTTPRoute.spec.rules[].filters[].requestHeaderModifier
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| add | adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. Input: GET /foo HTTP/1.1 my-header: foo Config: add:
GET /foo HTTP/1.1 my-header: foo,bar,baz |
object[] | no | ||
| remove | the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz Config: remove: [“my-header1”, “my-header3”] Output: GET /foo HTTP/1.1 my-header2: bar |
string[] | no | ||
| set | overwrites the request with the given header (name, value) before the action. Input: GET /foo HTTP/1.1 my-header: foo Config: set:
GET /foo HTTP/1.1 my-header: bar |
object[] | no |
HTTPRoute.spec.rules[].filters[].requestHeaderModifier.add[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, “foo” and “Foo” are considered equivalent. |
string | yes | ||
| value | is the value of HTTP Header to be matched. Note: This section only applies to the Gateway API experimental channel Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 |
string | yes |
HTTPRoute.spec.rules[].filters[].requestHeaderModifier.set[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, “foo” and “Foo” are considered equivalent. |
string | yes | ||
| value | is the value of HTTP Header to be matched. Note: This section only applies to the Gateway API experimental channel Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 |
string | yes |
HTTPRoute.spec.rules[].filters[].requestMirror
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| backendRef | Not supported | object | yes | ||
| fraction | Not supported | object | no | ||
| percent | Not supported | int32 | no | [0, 100] |
HTTPRoute.spec.rules[].filters[].requestMirror.backendRef
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| group | Not supported | string | no | "" |
|
| kind | Not supported | string | no | Service |
|
| name | Not supported | string | yes | ||
| namespace | Not supported | string | no | ||
| port | Not supported | int32 | no | [1, 65535] |
HTTPRoute.spec.rules[].filters[].requestMirror.fraction
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| denominator | Not supported | int32 | no | 100 |
[1, 2147483647] |
| numerator | Not supported | int32 | yes | [0, 2147483647] |
HTTPRoute.spec.rules[].filters[].requestRedirect
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| hostname | is the hostname to be used in the value of the Location header in the response. When empty, the hostname in the Host header of the request is used. |
string | no | ||
| path | defines parameters used to modify the path of the incoming request. The modified path is then used to construct the Location header. When empty, the request path is used as-is. |
object | no | ||
| port | is the port to be used in the value of the Location header in the response. If no port is specified, the redirect port MUST be derived using the following rules:
|
int32 | no | [1, 65535] |
|
| scheme | is the scheme to be used in the value of the Location header in the response. When empty, the scheme of the request is used. Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. Unknown values here must result in the implementation setting the Accepted Condition for the Route to status: False, with a Reason of UnsupportedValue. |
string | no | http, https |
|
| statusCode | is the HTTP status code to be used in response. Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. Unknown values here must result in the implementation setting the Accepted Condition for the Route to status: False, with a Reason of UnsupportedValue. |
int | no | 302 |
301, 302, 303, 307, 308 |
HTTPRoute.spec.rules[].filters[].requestRedirect.path
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| replaceFullPath | specifies the value with which to replace the full path of a request during a rewrite or redirect. | string | no | ||
| replacePrefixMatch | specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to “/foo/bar” with a prefix match of “/foo” and a ReplacePrefixMatch of “/xyz” would be modified to “/xyz/bar”. Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the / separator. When specified, a trailing / is ignored. For example, the paths /abc, /abc/, and /abc/def would all match the prefix /abc, but the path /abcd would not. ReplacePrefixMatch is only compatible with a PathPrefix HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to status: False. Request Path | Prefix Match | Replace Prefix | Modified Path |
string | no | ||
| type | defines the type of path modifier. Additional types may be added in a future release of the API. Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. Unknown values here must result in the implementation setting the Accepted Condition for the Route to status: False, with a Reason of UnsupportedValue. |
string | yes | ReplaceFullPath, ReplacePrefixMatch |
HTTPRoute.spec.rules[].filters[].responseHeaderModifier
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| add | adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. Input: GET /foo HTTP/1.1 my-header: foo Config: add:
GET /foo HTTP/1.1 my-header: foo,bar,baz |
object[] | no | ||
| remove | the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz Config: remove: [“my-header1”, “my-header3”] Output: GET /foo HTTP/1.1 my-header2: bar |
string[] | no | ||
| set | overwrites the request with the given header (name, value) before the action. Input: GET /foo HTTP/1.1 my-header: foo Config: set:
GET /foo HTTP/1.1 my-header: bar |
object[] | no |
HTTPRoute.spec.rules[].filters[].responseHeaderModifier.add[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, “foo” and “Foo” are considered equivalent. |
string | yes | ||
| value | is the value of HTTP Header to be matched. Note: This section only applies to the Gateway API experimental channel Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 |
string | yes |
HTTPRoute.spec.rules[].filters[].responseHeaderModifier.set[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, “foo” and “Foo” are considered equivalent. |
string | yes | ||
| value | is the value of HTTP Header to be matched. Note: This section only applies to the Gateway API experimental channel Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 |
string | yes |
HTTPRoute.spec.rules[].filters[].urlRewrite
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| hostname | is the value to be used to replace the Host header value during forwarding. | string | no | ||
| path | defines a path rewrite. | object | no |
HTTPRoute.spec.rules[].filters[].urlRewrite.path
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| replaceFullPath | specifies the value with which to replace the full path of a request during a rewrite or redirect. | string | no | ||
| replacePrefixMatch | specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to “/foo/bar” with a prefix match of “/foo” and a ReplacePrefixMatch of “/xyz” would be modified to “/xyz/bar”. Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the / separator. When specified, a trailing / is ignored. For example, the paths /abc, /abc/, and /abc/def would all match the prefix /abc, but the path /abcd would not. ReplacePrefixMatch is only compatible with a PathPrefix HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to status: False. Request Path | Prefix Match | Replace Prefix | Modified Path |
string | no | ||
| type | defines the type of path modifier. Additional types may be added in a future release of the API. Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. Unknown values here must result in the implementation setting the Accepted Condition for the Route to status: False, with a Reason of UnsupportedValue. |
string | yes | ReplaceFullPath, ReplacePrefixMatch |
HTTPRoute.spec.rules[].matches[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| headers | specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route. | object[] | no | ||
| method | specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. |
enum | no | CONNECT, DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT, TRACE |
|
| path | specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the “/” path is provided. | object | no | ||
| queryParams | specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. | object[] | no |
HTTPRoute.spec.rules[].matches[].headers[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, “foo” and “Foo” are considered equivalent. When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for “Set-Cookie”. |
string | yes | ||
| type | specifies how to match against the value of the header. Support: Core (Exact) Support: Implementation-specific (RegularExpression) Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation’s documentation to determine the supported dialect. |
enum | no | Exact |
Exact, RegularExpression |
| value | is the value of HTTP Header to be matched. Note: This section only applies to the Gateway API experimental channel Must consist of printable US-ASCII characters, optionally separated by single tabs or spaces. See: https://tools.ietf.org/html/rfc7230#section-3.2 |
string | yes |
HTTPRoute.spec.rules[].matches[].path
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| type | specifies how to match against the path Value. Support: Core (Exact, PathPrefix) Support: Implementation-specific (RegularExpression) |
enum | no | PathPrefix |
Exact, PathPrefix, RegularExpression |
| value | of the HTTP path to match against. | string | no | / |
HTTPRoute.spec.rules[].matches[].queryParams[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is recommended that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations. |
string | yes | ||
| type | specifies how to match against the value of the query parameter. Support: Extended (Exact) Support: Implementation-specific (RegularExpression) Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation’s documentation to determine the supported dialect. |
enum | no | Exact |
Exact, RegularExpression |
| value | is the value of HTTP query param to be matched. | string | yes |
HTTPRoute.spec.rules[].retry
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| attempts | specifies the maximum number of times an individual request from the gateway to a backend should be retried. If the maximum number of retries has been attempted without a successful response from the backend, the Gateway MUST return an error. When this field is unspecified, the number of times to attempt to retry a backend request is implementation-specific. |
int | no | [1, 9223372036854775807] |
|
| backoff | specifies the minimum duration a Gateway should wait between retry attempts and is represented in Gateway API Duration formatting. For example, setting the rules[].retry.backoff field to the value 100ms will cause a backend request to first be retried approximately 100 milliseconds after timing out or receiving a response code configured to be retriable. An implementation MAY use an exponential or alternative backoff strategy for subsequent retry attempts, MAY cap the maximum backoff duration to some amount greater than the specified minimum, and MAY add arbitrary jitter to stagger requests, as long as unsuccessful backend requests are not retried before the configured minimum duration. If a Request timeout ( rules[].timeouts.request) is configured on the route, the entire duration of the initial request and any retry attempts MUST not exceed the Request timeout duration. If any retry attempts are still in progress when the Request timeout duration has been reached, these SHOULD be canceled if possible and the Gateway MUST immediately return a timeout error. If a BackendRequest timeout ( rules[].timeouts.backendRequest) is configured on the route, any retry attempts which reach the configured BackendRequest timeout duration without a response SHOULD be canceled if possible and the Gateway should wait for at least the specified backoff duration before attempting to retry the backend request again. If a BackendRequest timeout is not configured on the route, retry attempts MAY time out after an implementation default duration, or MAY remain pending until a configured Request timeout or implementation default duration for total request time is reached. When this field is unspecified, the time to wait between retry attempts is implementation-specific. |
string | no | ||
| codes | defines the HTTP response status codes for which a backend request should be retried. | int[] | no |
HTTPRoute.spec.rules[].sessionPersistence
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| absoluteTimeout | Not supported | string | no | ||
| cookieConfig | Not supported | object | no | ||
| sessionName | Not supported | string | no | ||
| type | Not supported | enum | no | Cookie |
Cookie, Header |
HTTPRoute.spec.rules[].sessionPersistence.cookieConfig
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| lifetimeType | Not supported | enum | no | Session |
Permanent, Session |
HTTPRoute.spec.rules[].timeouts
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| backendRequest | specifies a timeout for an individual request from the gateway to a backend. This covers the time from when the request first starts being sent from the gateway to when the full response has been received from the backend. Setting a timeout to the zero duration (e.g. “0s”) SHOULD disable the timeout completely. Implementations that cannot completely disable the timeout MUST instead interpret the zero duration as the longest possible value to which the timeout can be set. An entire client HTTP transaction with a gateway, covered by the Request timeout, may result in more than one call from the gateway to the destination backend, for example, if automatic retries are supported. The value of BackendRequest must be a Gateway API Duration string as defined by GEP-2257. When this field is unspecified, its behavior is implementation-specific; when specified, the value of BackendRequest must be no more than the value of the Request timeout (since the Request timeout encompasses the BackendRequest timeout). |
string | no | ||
| request | specifies the maximum duration for a gateway to respond to an HTTP request. If the gateway has not been able to respond before this deadline is met, the gateway MUST return a timeout error. For example, setting the rules.timeouts.request field to the value 10s in an HTTPRoute will cause a timeout if a client request is taking longer than 10 seconds to complete. Setting a timeout to the zero duration (e.g. “0s”) SHOULD disable the timeout completely. Implementations that cannot completely disable the timeout MUST instead interpret the zero duration as the longest possible value to which the timeout can be set. This timeout is intended to cover as close to the whole request-response transaction as possible although an implementation MAY choose to start the timeout after the entire request stream has been received instead of immediately after the transaction is initiated by the client. The value of Request is a Gateway API Duration string as defined by GEP-2257. When this field is unspecified, request timeout is set to 15s. |
string | no |
HTTPRoute.status
| Field | Description | Type |
|---|---|---|
| parents | is a list of parent resources (usually Gateways) that are associated with the route, and the status of the route with respect to each parent. When this route attaches to a parent, the controller that manages the parent must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route or gateway is modified. Note that parent references that cannot be resolved by an implementation of this API will not be added to this list. Implementations of this API can only populate Route status for the Gateways/parent resources they are responsible for. A maximum of 32 Gateways will be represented in this list. An empty list means the route has not been attached to any Gateway. |
object[] |
HTTPRoute.status.parents[]
| Field | Description | Type |
|---|---|---|
| conditions |
Conditions describes the status of the route with respect to the Gateway.
Possible conditions:
|
Condition[] |
| controllerName | is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. Example: “example.net/gateway-controller”. The format of this field is DOMAIN “/” PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary. |
string |
| parentRef | corresponds with a ParentRef in the spec that this RouteParentStatus struct describes the status of. | object |
HTTPRoute.status.parents[].parentRef
| Field | Description | Type |
|---|---|---|
| group | is the group of the referent. When unspecified, “gateway.networking.k8s.io” is inferred. To set the core API group (such as for a “Service” kind referent), Group must be explicitly set to "" (empty string). |
string |
| kind | is kind of the referent. There are two kinds of parent resources with “Core” support: Support for other resources is Implementation-Specific. |
string |
| name | is the name of the referent. | string |
| namespace | is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. Note: This section only applies to the Gateway API experimental channel ParentRefs from a Route to a Service in the same namespace are “producer” routes, which apply default routing rules to inbound connections from any namespace to the Service. ParentRefs from a Route to a Service in a different namespace are “consumer” routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. |
string |
| port | is the network port this Route targets. It can be interpreted differently based on the type of parent resource. When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It’s not recommended to set Port unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. Note: This section only applies to the Gateway API experimental channel When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. |
int32 |
| sectionName | is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following:
If that is the case, they MUST clearly document how SectionName is interpreted. When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. |
string |