k8s_gateway_api/exp/tlsroute.rs
1use crate::*;
2
3/// The TLSRoute resource is similar to TCPRoute, but can be configured to match
4/// against TLS-specific metadata. This allows more flexibility in matching
5/// streams for a given TLS listener.
6///
7/// If you need to forward traffic to a single target for a TLS listener, you
8/// could choose to use a TCPRoute with a TLS listener.
9#[derive(
10 Clone, Debug, kube::CustomResource, serde::Deserialize, serde::Serialize, schemars::JsonSchema,
11)]
12#[kube(
13 group = "gateway.networking.k8s.io",
14 version = "v1alpha2",
15 kind = "TLSRoute",
16 root = "TlsRoute",
17 status = "TlsRouteStatus",
18 namespaced
19)]
20pub struct TlsRouteSpec {
21 /// Common route information.
22 #[serde(flatten)]
23 pub inner: CommonRouteSpec,
24
25 /// Hostnames defines a set of SNI names that should match against the SNI
26 /// attribute of TLS ClientHello message in TLS handshake. This matches the
27 /// RFC 1123 definition of a hostname with 2 notable exceptions:
28 ///
29 /// 1. IPs are not allowed in SNI names per RFC 6066.
30 /// 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
31 /// label must appear by itself as the first label.
32 ///
33 /// If a hostname is specified by both the Listener and TLSRoute, there must
34 /// be at least one intersecting hostname for the TLSRoute to be attached to
35 /// the Listener. For example:
36 ///
37 /// * A Listener with `test.example.com` as the hostname matches TLSRoutes
38 /// that have either not specified any hostnames, or have specified at
39 /// least one of `test.example.com` or `*.example.com`.
40 /// * A Listener with `*.example.com` as the hostname matches TLSRoutes
41 /// that have either not specified any hostnames or have specified at
42 /// least one hostname that matches the Listener hostname. For example,
43 /// `test.example.com` and `*.example.com` would both match. On the other
44 /// hand, `example.com` and `test.example.net` would not match.
45 ///
46 /// If both the Listener and TLSRoute have specified hostnames, any TLSRoute
47 /// hostnames that do not match the Listener hostname MUST be ignored. For
48 /// example, if a Listener specified `*.example.com`, and the TLSRoute
49 /// specified `test.example.com` and `test.example.net`, `test.example.net`
50 /// must not be considered for a match.
51 ///
52 /// If both the Listener and TLSRoute have specified hostnames, and none
53 /// match with the criteria above, then the TLSRoute is not accepted. The
54 /// implementation must raise an 'Accepted' Condition with a status of
55 /// `False` in the corresponding RouteParentStatus.
56 ///
57 /// Support: Core
58 pub hostnames: Option<Vec<Hostname>>,
59
60 /// Rules are a list of TLS matchers and actions.
61 pub rules: Vec<TlsRouteRule>,
62}
63
64/// TLSRouteStatus defines the observed state of TLSRoute.
65#[derive(Clone, Debug, PartialEq, serde::Deserialize, serde::Serialize, schemars::JsonSchema)]
66pub struct TlsRouteStatus {
67 /// The routes status.
68 #[serde(flatten)]
69 pub inner: RouteStatus,
70}
71
72/// TLSRouteRule is the configuration for a given rule.
73#[derive(
74 Clone, Debug, Eq, PartialEq, serde::Deserialize, serde::Serialize, schemars::JsonSchema,
75)]
76#[serde(rename_all = "camelCase")]
77pub struct TlsRouteRule {
78 /// BackendRefs defines the backend(s) where matching requests should be
79 /// sent. If unspecified or invalid (refers to a non-existent resource or a
80 /// Service with no endpoints), the rule performs no forwarding; if no
81 /// filters are specified that would result in a response being sent, the
82 /// underlying implementation must actively reject request attempts to this
83 /// backend, by rejecting the connection or returning a 500 status code.
84 /// Request rejections must respect weight; if an invalid backend is
85 /// requested to have 80% of requests, then 80% of requests must be rejected
86 /// instead.
87 ///
88 /// Support: Core for Kubernetes Service
89 /// Support: Custom for any other resource
90 ///
91 /// Support for weight: Extended
92 pub backend_refs: Vec<BackendRef>,
93}