1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
use crate::*;
/// The TLSRoute resource is similar to TCPRoute, but can be configured to match
/// against TLS-specific metadata. This allows more flexibility in matching
/// streams for a given TLS listener.
///
/// If you need to forward traffic to a single target for a TLS listener, you
/// could choose to use a TCPRoute with a TLS listener.
#[derive(
Clone, Debug, kube::CustomResource, serde::Deserialize, serde::Serialize, schemars::JsonSchema,
)]
#[kube(
group = "gateway.networking.k8s.io",
version = "v1alpha2",
kind = "TLSRoute",
root = "TlsRoute",
status = "TlsRouteStatus",
namespaced
)]
pub struct TlsRouteSpec {
/// Common route information.
#[serde(flatten)]
pub inner: CommonRouteSpec,
/// Hostnames defines a set of SNI names that should match against the SNI
/// attribute of TLS ClientHello message in TLS handshake. This matches the
/// RFC 1123 definition of a hostname with 2 notable exceptions:
///
/// 1. IPs are not allowed in SNI names per RFC 6066.
/// 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
/// label must appear by itself as the first label.
///
/// If a hostname is specified by both the Listener and TLSRoute, there must
/// be at least one intersecting hostname for the TLSRoute to be attached to
/// the Listener. For example:
///
/// * A Listener with `test.example.com` as the hostname matches TLSRoutes
/// that have either not specified any hostnames, or have specified at
/// least one of `test.example.com` or `*.example.com`.
/// * A Listener with `*.example.com` as the hostname matches TLSRoutes
/// that have either not specified any hostnames or have specified at
/// least one hostname that matches the Listener hostname. For example,
/// `test.example.com` and `*.example.com` would both match. On the other
/// hand, `example.com` and `test.example.net` would not match.
///
/// If both the Listener and TLSRoute have specified hostnames, any TLSRoute
/// hostnames that do not match the Listener hostname MUST be ignored. For
/// example, if a Listener specified `*.example.com`, and the TLSRoute
/// specified `test.example.com` and `test.example.net`, `test.example.net`
/// must not be considered for a match.
///
/// If both the Listener and TLSRoute have specified hostnames, and none
/// match with the criteria above, then the TLSRoute is not accepted. The
/// implementation must raise an 'Accepted' Condition with a status of
/// `False` in the corresponding RouteParentStatus.
///
/// Support: Core
pub hostnames: Option<Vec<Hostname>>,
/// Rules are a list of TLS matchers and actions.
pub rules: Vec<TlsRouteRule>,
}
/// TLSRouteStatus defines the observed state of TLSRoute.
#[derive(Clone, Debug, PartialEq, serde::Deserialize, serde::Serialize, schemars::JsonSchema)]
pub struct TlsRouteStatus {
/// The routes status.
#[serde(flatten)]
pub inner: RouteStatus,
}
/// TLSRouteRule is the configuration for a given rule.
#[derive(
Clone, Debug, Eq, PartialEq, serde::Deserialize, serde::Serialize, schemars::JsonSchema,
)]
#[serde(rename_all = "camelCase")]
pub struct TlsRouteRule {
/// BackendRefs defines the backend(s) where matching requests should be
/// sent. If unspecified or invalid (refers to a non-existent resource or a
/// Service with no endpoints), the rule performs no forwarding; if no
/// filters are specified that would result in a response being sent, the
/// underlying implementation must actively reject request attempts to this
/// backend, by rejecting the connection or returning a 500 status code.
/// Request rejections must respect weight; if an invalid backend is
/// requested to have 80% of requests, then 80% of requests must be rejected
/// instead.
///
/// Support: Core for Kubernetes Service
/// Support: Custom for any other resource
///
/// Support for weight: Extended
pub backend_refs: Vec<BackendRef>,
}