gateway_api/apis/experimental/udproutes.rs
1// WARNING: generated by kopium - manual changes will be overwritten
2// kopium command: kopium --schema=derived --derive=JsonSchema --derive=Default --derive=PartialEq --docs -f -
3// kopium version: 0.21.2
4
5#[allow(unused_imports)]
6mod prelude {
7 pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition;
8 pub use kube::CustomResource;
9 pub use schemars::JsonSchema;
10 pub use serde::{Deserialize, Serialize};
11}
12use self::prelude::*;
13
14/// Spec defines the desired state of UDPRoute.
15#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)]
16#[kube(
17 group = "gateway.networking.k8s.io",
18 version = "v1alpha2",
19 kind = "UDPRoute",
20 plural = "udproutes"
21)]
22#[kube(namespaced)]
23#[kube(status = "UDPRouteStatus")]
24#[kube(derive = "Default")]
25#[kube(derive = "PartialEq")]
26pub struct UDPRouteSpec {
27 /// ParentRefs references the resources (usually Gateways) that a Route wants
28 /// to be attached to. Note that the referenced parent resource needs to
29 /// allow this for the attachment to be complete. For Gateways, that means
30 /// the Gateway needs to allow attachment from Routes of this kind and
31 /// namespace. For Services, that means the Service must either be in the same
32 /// namespace for a "producer" route, or the mesh implementation must support
33 /// and allow "consumer" routes for the referenced Service. ReferenceGrant is
34 /// not applicable for governing ParentRefs to Services - it is not possible to
35 /// create a "producer" route for a Service in a different namespace from the
36 /// Route.
37 ///
38 /// There are two kinds of parent resources with "Core" support:
39 ///
40 /// * Gateway (Gateway conformance profile)
41 /// * Service (Mesh conformance profile, ClusterIP Services only)
42 ///
43 /// This API may be extended in the future to support additional kinds of parent
44 /// resources.
45 ///
46 /// ParentRefs must be _distinct_. This means either that:
47 ///
48 /// * They select different objects. If this is the case, then parentRef
49 /// entries are distinct. In terms of fields, this means that the
50 /// multi-part key defined by `group`, `kind`, `namespace`, and `name` must
51 /// be unique across all parentRef entries in the Route.
52 /// * They do not select different objects, but for each optional field used,
53 /// each ParentRef that selects the same object must set the same set of
54 /// optional fields to different values. If one ParentRef sets a
55 /// combination of optional fields, all must set the same combination.
56 ///
57 /// Some examples:
58 ///
59 /// * If one ParentRef sets `sectionName`, all ParentRefs referencing the
60 /// same object must also set `sectionName`.
61 /// * If one ParentRef sets `port`, all ParentRefs referencing the same
62 /// object must also set `port`.
63 /// * If one ParentRef sets `sectionName` and `port`, all ParentRefs
64 /// referencing the same object must also set `sectionName` and `port`.
65 ///
66 /// It is possible to separately reference multiple distinct objects that may
67 /// be collapsed by an implementation. For example, some implementations may
68 /// choose to merge compatible Gateway Listeners together. If that is the
69 /// case, the list of routes attached to those resources should also be
70 /// merged.
71 ///
72 /// Note that for ParentRefs that cross namespace boundaries, there are specific
73 /// rules. Cross-namespace references are only valid if they are explicitly
74 /// allowed by something in the namespace they are referring to. For example,
75 /// Gateway has the AllowedRoutes field, and ReferenceGrant provides a
76 /// generic way to enable other kinds of cross-namespace reference.
77 ///
78 ///
79 /// ParentRefs from a Route to a Service in the same namespace are "producer"
80 /// routes, which apply default routing rules to inbound connections from
81 /// any namespace to the Service.
82 ///
83 /// ParentRefs from a Route to a Service in a different namespace are
84 /// "consumer" routes, and these routing rules are only applied to outbound
85 /// connections originating from the same namespace as the Route, for which
86 /// the intended destination of the connections are a Service targeted as a
87 /// ParentRef of the Route.
88 ///
89 ///
90 ///
91 ///
92 ///
93 ///
94 #[serde(
95 default,
96 skip_serializing_if = "Option::is_none",
97 rename = "parentRefs"
98 )]
99 pub parent_refs: Option<Vec<UDPRouteParentRefs>>,
100 /// Rules are a list of UDP matchers and actions.
101 ///
102 ///
103 pub rules: Vec<UDPRouteRules>,
104}
105
106/// ParentReference identifies an API object (usually a Gateway) that can be considered
107/// a parent of this resource (usually a route). There are two kinds of parent resources
108/// with "Core" support:
109///
110/// * Gateway (Gateway conformance profile)
111/// * Service (Mesh conformance profile, ClusterIP Services only)
112///
113/// This API may be extended in the future to support additional kinds of parent
114/// resources.
115///
116/// The API object must be valid in the cluster; the Group and Kind must
117/// be registered in the cluster for this reference to be valid.
118#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)]
119pub struct UDPRouteParentRefs {
120 /// Group is the group of the referent.
121 /// When unspecified, "gateway.networking.k8s.io" is inferred.
122 /// To set the core API group (such as for a "Service" kind referent),
123 /// Group must be explicitly set to "" (empty string).
124 ///
125 /// Support: Core
126 #[serde(default, skip_serializing_if = "Option::is_none")]
127 pub group: Option<String>,
128 /// Kind is kind of the referent.
129 ///
130 /// There are two kinds of parent resources with "Core" support:
131 ///
132 /// * Gateway (Gateway conformance profile)
133 /// * Service (Mesh conformance profile, ClusterIP Services only)
134 ///
135 /// Support for other resources is Implementation-Specific.
136 #[serde(default, skip_serializing_if = "Option::is_none")]
137 pub kind: Option<String>,
138 /// Name is the name of the referent.
139 ///
140 /// Support: Core
141 pub name: String,
142 /// Namespace is the namespace of the referent. When unspecified, this refers
143 /// to the local namespace of the Route.
144 ///
145 /// Note that there are specific rules for ParentRefs which cross namespace
146 /// boundaries. Cross-namespace references are only valid if they are explicitly
147 /// allowed by something in the namespace they are referring to. For example:
148 /// Gateway has the AllowedRoutes field, and ReferenceGrant provides a
149 /// generic way to enable any other kind of cross-namespace reference.
150 ///
151 ///
152 /// ParentRefs from a Route to a Service in the same namespace are "producer"
153 /// routes, which apply default routing rules to inbound connections from
154 /// any namespace to the Service.
155 ///
156 /// ParentRefs from a Route to a Service in a different namespace are
157 /// "consumer" routes, and these routing rules are only applied to outbound
158 /// connections originating from the same namespace as the Route, for which
159 /// the intended destination of the connections are a Service targeted as a
160 /// ParentRef of the Route.
161 ///
162 ///
163 /// Support: Core
164 #[serde(default, skip_serializing_if = "Option::is_none")]
165 pub namespace: Option<String>,
166 /// Port is the network port this Route targets. It can be interpreted
167 /// differently based on the type of parent resource.
168 ///
169 /// When the parent resource is a Gateway, this targets all listeners
170 /// listening on the specified port that also support this kind of Route(and
171 /// select this Route). It's not recommended to set `Port` unless the
172 /// networking behaviors specified in a Route must apply to a specific port
173 /// as opposed to a listener(s) whose port(s) may be changed. When both Port
174 /// and SectionName are specified, the name and port of the selected listener
175 /// must match both specified values.
176 ///
177 ///
178 /// When the parent resource is a Service, this targets a specific port in the
179 /// Service spec. When both Port (experimental) and SectionName are specified,
180 /// the name and port of the selected port must match both specified values.
181 ///
182 ///
183 /// Implementations MAY choose to support other parent resources.
184 /// Implementations supporting other types of parent resources MUST clearly
185 /// document how/if Port is interpreted.
186 ///
187 /// For the purpose of status, an attachment is considered successful as
188 /// long as the parent resource accepts it partially. For example, Gateway
189 /// listeners can restrict which Routes can attach to them by Route kind,
190 /// namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
191 /// from the referencing Route, the Route MUST be considered successfully
192 /// attached. If no Gateway listeners accept attachment from this Route,
193 /// the Route MUST be considered detached from the Gateway.
194 ///
195 /// Support: Extended
196 #[serde(default, skip_serializing_if = "Option::is_none")]
197 pub port: Option<i32>,
198 /// SectionName is the name of a section within the target resource. In the
199 /// following resources, SectionName is interpreted as the following:
200 ///
201 /// * Gateway: Listener name. When both Port (experimental) and SectionName
202 /// are specified, the name and port of the selected listener must match
203 /// both specified values.
204 /// * Service: Port name. When both Port (experimental) and SectionName
205 /// are specified, the name and port of the selected listener must match
206 /// both specified values.
207 ///
208 /// Implementations MAY choose to support attaching Routes to other resources.
209 /// If that is the case, they MUST clearly document how SectionName is
210 /// interpreted.
211 ///
212 /// When unspecified (empty string), this will reference the entire resource.
213 /// For the purpose of status, an attachment is considered successful if at
214 /// least one section in the parent resource accepts it. For example, Gateway
215 /// listeners can restrict which Routes can attach to them by Route kind,
216 /// namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
217 /// the referencing Route, the Route MUST be considered successfully
218 /// attached. If no Gateway listeners accept attachment from this Route, the
219 /// Route MUST be considered detached from the Gateway.
220 ///
221 /// Support: Core
222 #[serde(
223 default,
224 skip_serializing_if = "Option::is_none",
225 rename = "sectionName"
226 )]
227 pub section_name: Option<String>,
228}
229
230/// UDPRouteRule is the configuration for a given rule.
231#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)]
232pub struct UDPRouteRules {
233 /// BackendRefs defines the backend(s) where matching requests should be
234 /// sent. If unspecified or invalid (refers to a non-existent resource or a
235 /// Service with no endpoints), the underlying implementation MUST actively
236 /// reject connection attempts to this backend. Packet drops must
237 /// respect weight; if an invalid backend is requested to have 80% of
238 /// the packets, then 80% of packets must be dropped instead.
239 ///
240 /// Support: Core for Kubernetes Service
241 ///
242 /// Support: Extended for Kubernetes ServiceImport
243 ///
244 /// Support: Implementation-specific for any other resource
245 ///
246 /// Support for weight: Extended
247 #[serde(
248 default,
249 skip_serializing_if = "Option::is_none",
250 rename = "backendRefs"
251 )]
252 pub backend_refs: Option<Vec<UDPRouteRulesBackendRefs>>,
253 /// Name is the name of the route rule. This name MUST be unique within a Route if it is set.
254 ///
255 /// Support: Extended
256 #[serde(default, skip_serializing_if = "Option::is_none")]
257 pub name: Option<String>,
258}
259
260/// BackendRef defines how a Route should forward a request to a Kubernetes
261/// resource.
262///
263/// Note that when a namespace different than the local namespace is specified, a
264/// ReferenceGrant object is required in the referent namespace to allow that
265/// namespace's owner to accept the reference. See the ReferenceGrant
266/// documentation for details.
267///
268/// <gateway:experimental:description>
269///
270/// When the BackendRef points to a Kubernetes Service, implementations SHOULD
271/// honor the appProtocol field if it is set for the target Service Port.
272///
273/// Implementations supporting appProtocol SHOULD recognize the Kubernetes
274/// Standard Application Protocols defined in KEP-3726.
275///
276/// If a Service appProtocol isn't specified, an implementation MAY infer the
277/// backend protocol through its own means. Implementations MAY infer the
278/// protocol from the Route type referring to the backend Service.
279///
280/// If a Route is not able to send traffic to the backend using the specified
281/// protocol then the backend is considered invalid. Implementations MUST set the
282/// "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason.
283///
284/// </gateway:experimental:description>
285///
286/// Note that when the BackendTLSPolicy object is enabled by the implementation,
287/// there are some extra rules about validity to consider here. See the fields
288/// where this struct is used for more information about the exact behavior.
289#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)]
290pub struct UDPRouteRulesBackendRefs {
291 /// Group is the group of the referent. For example, "gateway.networking.k8s.io".
292 /// When unspecified or empty string, core API group is inferred.
293 #[serde(default, skip_serializing_if = "Option::is_none")]
294 pub group: Option<String>,
295 /// Kind is the Kubernetes resource kind of the referent. For example
296 /// "Service".
297 ///
298 /// Defaults to "Service" when not specified.
299 ///
300 /// ExternalName services can refer to CNAME DNS records that may live
301 /// outside of the cluster and as such are difficult to reason about in
302 /// terms of conformance. They also may not be safe to forward to (see
303 /// CVE-2021-25740 for more information). Implementations SHOULD NOT
304 /// support ExternalName Services.
305 ///
306 /// Support: Core (Services with a type other than ExternalName)
307 ///
308 /// Support: Implementation-specific (Services with type ExternalName)
309 #[serde(default, skip_serializing_if = "Option::is_none")]
310 pub kind: Option<String>,
311 /// Name is the name of the referent.
312 pub name: String,
313 /// Namespace is the namespace of the backend. When unspecified, the local
314 /// namespace is inferred.
315 ///
316 /// Note that when a namespace different than the local namespace is specified,
317 /// a ReferenceGrant object is required in the referent namespace to allow that
318 /// namespace's owner to accept the reference. See the ReferenceGrant
319 /// documentation for details.
320 ///
321 /// Support: Core
322 #[serde(default, skip_serializing_if = "Option::is_none")]
323 pub namespace: Option<String>,
324 /// Port specifies the destination port number to use for this resource.
325 /// Port is required when the referent is a Kubernetes Service. In this
326 /// case, the port number is the service port number, not the target port.
327 /// For other resources, destination port might be derived from the referent
328 /// resource or this field.
329 #[serde(default, skip_serializing_if = "Option::is_none")]
330 pub port: Option<i32>,
331 /// Weight specifies the proportion of requests forwarded to the referenced
332 /// backend. This is computed as weight/(sum of all weights in this
333 /// BackendRefs list). For non-zero values, there may be some epsilon from
334 /// the exact proportion defined here depending on the precision an
335 /// implementation supports. Weight is not a percentage and the sum of
336 /// weights does not need to equal 100.
337 ///
338 /// If only one backend is specified and it has a weight greater than 0, 100%
339 /// of the traffic is forwarded to that backend. If weight is set to 0, no
340 /// traffic should be forwarded for this entry. If unspecified, weight
341 /// defaults to 1.
342 ///
343 /// Support for this field varies based on the context where used.
344 #[serde(default, skip_serializing_if = "Option::is_none")]
345 pub weight: Option<i32>,
346}
347
348/// Status defines the current state of UDPRoute.
349#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)]
350pub struct UDPRouteStatus {
351 /// Parents is a list of parent resources (usually Gateways) that are
352 /// associated with the route, and the status of the route with respect to
353 /// each parent. When this route attaches to a parent, the controller that
354 /// manages the parent must add an entry to this list when the controller
355 /// first sees the route and should update the entry as appropriate when the
356 /// route or gateway is modified.
357 ///
358 /// Note that parent references that cannot be resolved by an implementation
359 /// of this API will not be added to this list. Implementations of this API
360 /// can only populate Route status for the Gateways/parent resources they are
361 /// responsible for.
362 ///
363 /// A maximum of 32 Gateways will be represented in this list. An empty list
364 /// means the route has not been attached to any Gateway.
365 pub parents: Vec<UDPRouteStatusParents>,
366}
367
368/// RouteParentStatus describes the status of a route with respect to an
369/// associated Parent.
370#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)]
371pub struct UDPRouteStatusParents {
372 /// Conditions describes the status of the route with respect to the Gateway.
373 /// Note that the route's availability is also subject to the Gateway's own
374 /// status conditions and listener status.
375 ///
376 /// If the Route's ParentRef specifies an existing Gateway that supports
377 /// Routes of this kind AND that Gateway's controller has sufficient access,
378 /// then that Gateway's controller MUST set the "Accepted" condition on the
379 /// Route, to indicate whether the route has been accepted or rejected by the
380 /// Gateway, and why.
381 ///
382 /// A Route MUST be considered "Accepted" if at least one of the Route's
383 /// rules is implemented by the Gateway.
384 ///
385 /// There are a number of cases where the "Accepted" condition may not be set
386 /// due to lack of controller visibility, that includes when:
387 ///
388 /// * The Route refers to a non-existent parent.
389 /// * The Route is of a type that the controller does not support.
390 /// * The Route is in a namespace the controller does not have access to.
391 #[serde(default, skip_serializing_if = "Option::is_none")]
392 pub conditions: Option<Vec<Condition>>,
393 /// ControllerName is a domain/path string that indicates the name of the
394 /// controller that wrote this status. This corresponds with the
395 /// controllerName field on GatewayClass.
396 ///
397 /// Example: "example.net/gateway-controller".
398 ///
399 /// The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
400 /// valid Kubernetes names
401 /// (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
402 ///
403 /// Controllers MUST populate this field when writing status. Controllers should ensure that
404 /// entries to status populated with their ControllerName are cleaned up when they are no
405 /// longer necessary.
406 #[serde(rename = "controllerName")]
407 pub controller_name: String,
408 /// ParentRef corresponds with a ParentRef in the spec that this
409 /// RouteParentStatus struct describes the status of.
410 #[serde(rename = "parentRef")]
411 pub parent_ref: UDPRouteStatusParentsParentRef,
412}
413
414/// ParentRef corresponds with a ParentRef in the spec that this
415/// RouteParentStatus struct describes the status of.
416#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)]
417pub struct UDPRouteStatusParentsParentRef {
418 /// Group is the group of the referent.
419 /// When unspecified, "gateway.networking.k8s.io" is inferred.
420 /// To set the core API group (such as for a "Service" kind referent),
421 /// Group must be explicitly set to "" (empty string).
422 ///
423 /// Support: Core
424 #[serde(default, skip_serializing_if = "Option::is_none")]
425 pub group: Option<String>,
426 /// Kind is kind of the referent.
427 ///
428 /// There are two kinds of parent resources with "Core" support:
429 ///
430 /// * Gateway (Gateway conformance profile)
431 /// * Service (Mesh conformance profile, ClusterIP Services only)
432 ///
433 /// Support for other resources is Implementation-Specific.
434 #[serde(default, skip_serializing_if = "Option::is_none")]
435 pub kind: Option<String>,
436 /// Name is the name of the referent.
437 ///
438 /// Support: Core
439 pub name: String,
440 /// Namespace is the namespace of the referent. When unspecified, this refers
441 /// to the local namespace of the Route.
442 ///
443 /// Note that there are specific rules for ParentRefs which cross namespace
444 /// boundaries. Cross-namespace references are only valid if they are explicitly
445 /// allowed by something in the namespace they are referring to. For example:
446 /// Gateway has the AllowedRoutes field, and ReferenceGrant provides a
447 /// generic way to enable any other kind of cross-namespace reference.
448 ///
449 ///
450 /// ParentRefs from a Route to a Service in the same namespace are "producer"
451 /// routes, which apply default routing rules to inbound connections from
452 /// any namespace to the Service.
453 ///
454 /// ParentRefs from a Route to a Service in a different namespace are
455 /// "consumer" routes, and these routing rules are only applied to outbound
456 /// connections originating from the same namespace as the Route, for which
457 /// the intended destination of the connections are a Service targeted as a
458 /// ParentRef of the Route.
459 ///
460 ///
461 /// Support: Core
462 #[serde(default, skip_serializing_if = "Option::is_none")]
463 pub namespace: Option<String>,
464 /// Port is the network port this Route targets. It can be interpreted
465 /// differently based on the type of parent resource.
466 ///
467 /// When the parent resource is a Gateway, this targets all listeners
468 /// listening on the specified port that also support this kind of Route(and
469 /// select this Route). It's not recommended to set `Port` unless the
470 /// networking behaviors specified in a Route must apply to a specific port
471 /// as opposed to a listener(s) whose port(s) may be changed. When both Port
472 /// and SectionName are specified, the name and port of the selected listener
473 /// must match both specified values.
474 ///
475 ///
476 /// When the parent resource is a Service, this targets a specific port in the
477 /// Service spec. When both Port (experimental) and SectionName are specified,
478 /// the name and port of the selected port must match both specified values.
479 ///
480 ///
481 /// Implementations MAY choose to support other parent resources.
482 /// Implementations supporting other types of parent resources MUST clearly
483 /// document how/if Port is interpreted.
484 ///
485 /// For the purpose of status, an attachment is considered successful as
486 /// long as the parent resource accepts it partially. For example, Gateway
487 /// listeners can restrict which Routes can attach to them by Route kind,
488 /// namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
489 /// from the referencing Route, the Route MUST be considered successfully
490 /// attached. If no Gateway listeners accept attachment from this Route,
491 /// the Route MUST be considered detached from the Gateway.
492 ///
493 /// Support: Extended
494 #[serde(default, skip_serializing_if = "Option::is_none")]
495 pub port: Option<i32>,
496 /// SectionName is the name of a section within the target resource. In the
497 /// following resources, SectionName is interpreted as the following:
498 ///
499 /// * Gateway: Listener name. When both Port (experimental) and SectionName
500 /// are specified, the name and port of the selected listener must match
501 /// both specified values.
502 /// * Service: Port name. When both Port (experimental) and SectionName
503 /// are specified, the name and port of the selected listener must match
504 /// both specified values.
505 ///
506 /// Implementations MAY choose to support attaching Routes to other resources.
507 /// If that is the case, they MUST clearly document how SectionName is
508 /// interpreted.
509 ///
510 /// When unspecified (empty string), this will reference the entire resource.
511 /// For the purpose of status, an attachment is considered successful if at
512 /// least one section in the parent resource accepts it. For example, Gateway
513 /// listeners can restrict which Routes can attach to them by Route kind,
514 /// namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
515 /// the referencing Route, the Route MUST be considered successfully
516 /// attached. If no Gateway listeners accept attachment from this Route, the
517 /// Route MUST be considered detached from the Gateway.
518 ///
519 /// Support: Core
520 #[serde(
521 default,
522 skip_serializing_if = "Option::is_none",
523 rename = "sectionName"
524 )]
525 pub section_name: Option<String>,
526}