diff --git a/apis/applyconfiguration/apis/v1alpha2/backendtlspolicyspec.go b/apis/applyconfiguration/apis/v1alpha2/backendtlspolicyspec.go index 759555ce5f..ecea72e39b 100644 --- a/apis/applyconfiguration/apis/v1alpha2/backendtlspolicyspec.go +++ b/apis/applyconfiguration/apis/v1alpha2/backendtlspolicyspec.go @@ -21,8 +21,8 @@ package v1alpha2 // BackendTLSPolicySpecApplyConfiguration represents an declarative configuration of the BackendTLSPolicySpec type for use // with apply. type BackendTLSPolicySpecApplyConfiguration struct { - TargetRef *PolicyTargetReferenceWithSectionNameApplyConfiguration `json:"targetRef,omitempty"` - TLS *BackendTLSPolicyConfigApplyConfiguration `json:"tls,omitempty"` + TargetRef *LocalPolicyTargetReferenceWithSectionNameApplyConfiguration `json:"targetRef,omitempty"` + TLS *BackendTLSPolicyConfigApplyConfiguration `json:"tls,omitempty"` } // BackendTLSPolicySpecApplyConfiguration constructs an declarative configuration of the BackendTLSPolicySpec type for use with @@ -34,7 +34,7 @@ func BackendTLSPolicySpec() *BackendTLSPolicySpecApplyConfiguration { // WithTargetRef sets the TargetRef field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the TargetRef field is set to the value of the last call. -func (b *BackendTLSPolicySpecApplyConfiguration) WithTargetRef(value *PolicyTargetReferenceWithSectionNameApplyConfiguration) *BackendTLSPolicySpecApplyConfiguration { +func (b *BackendTLSPolicySpecApplyConfiguration) WithTargetRef(value *LocalPolicyTargetReferenceWithSectionNameApplyConfiguration) *BackendTLSPolicySpecApplyConfiguration { b.TargetRef = value return b } diff --git a/apis/applyconfiguration/apis/v1alpha2/localpolicytargetreference.go b/apis/applyconfiguration/apis/v1alpha2/localpolicytargetreference.go new file mode 100644 index 0000000000..b4999d79cf --- /dev/null +++ b/apis/applyconfiguration/apis/v1alpha2/localpolicytargetreference.go @@ -0,0 +1,61 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + v1 "sigs.k8s.io/gateway-api/apis/v1" +) + +// LocalPolicyTargetReferenceApplyConfiguration represents an declarative configuration of the LocalPolicyTargetReference type for use +// with apply. +type LocalPolicyTargetReferenceApplyConfiguration struct { + Group *v1.Group `json:"group,omitempty"` + Kind *v1.Kind `json:"kind,omitempty"` + Name *v1.ObjectName `json:"name,omitempty"` +} + +// LocalPolicyTargetReferenceApplyConfiguration constructs an declarative configuration of the LocalPolicyTargetReference type for use with +// apply. +func LocalPolicyTargetReference() *LocalPolicyTargetReferenceApplyConfiguration { + return &LocalPolicyTargetReferenceApplyConfiguration{} +} + +// WithGroup sets the Group field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Group field is set to the value of the last call. +func (b *LocalPolicyTargetReferenceApplyConfiguration) WithGroup(value v1.Group) *LocalPolicyTargetReferenceApplyConfiguration { + b.Group = &value + return b +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *LocalPolicyTargetReferenceApplyConfiguration) WithKind(value v1.Kind) *LocalPolicyTargetReferenceApplyConfiguration { + b.Kind = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *LocalPolicyTargetReferenceApplyConfiguration) WithName(value v1.ObjectName) *LocalPolicyTargetReferenceApplyConfiguration { + b.Name = &value + return b +} diff --git a/apis/applyconfiguration/apis/v1alpha2/localpolicytargetreferencewithsectionname.go b/apis/applyconfiguration/apis/v1alpha2/localpolicytargetreferencewithsectionname.go new file mode 100644 index 0000000000..259da87bc3 --- /dev/null +++ b/apis/applyconfiguration/apis/v1alpha2/localpolicytargetreferencewithsectionname.go @@ -0,0 +1,68 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + v1 "sigs.k8s.io/gateway-api/apis/v1" +) + +// LocalPolicyTargetReferenceWithSectionNameApplyConfiguration represents an declarative configuration of the LocalPolicyTargetReferenceWithSectionName type for use +// with apply. +type LocalPolicyTargetReferenceWithSectionNameApplyConfiguration struct { + LocalPolicyTargetReferenceApplyConfiguration `json:",inline"` + SectionName *v1.SectionName `json:"sectionName,omitempty"` +} + +// LocalPolicyTargetReferenceWithSectionNameApplyConfiguration constructs an declarative configuration of the LocalPolicyTargetReferenceWithSectionName type for use with +// apply. +func LocalPolicyTargetReferenceWithSectionName() *LocalPolicyTargetReferenceWithSectionNameApplyConfiguration { + return &LocalPolicyTargetReferenceWithSectionNameApplyConfiguration{} +} + +// WithGroup sets the Group field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Group field is set to the value of the last call. +func (b *LocalPolicyTargetReferenceWithSectionNameApplyConfiguration) WithGroup(value v1.Group) *LocalPolicyTargetReferenceWithSectionNameApplyConfiguration { + b.Group = &value + return b +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *LocalPolicyTargetReferenceWithSectionNameApplyConfiguration) WithKind(value v1.Kind) *LocalPolicyTargetReferenceWithSectionNameApplyConfiguration { + b.Kind = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *LocalPolicyTargetReferenceWithSectionNameApplyConfiguration) WithName(value v1.ObjectName) *LocalPolicyTargetReferenceWithSectionNameApplyConfiguration { + b.Name = &value + return b +} + +// WithSectionName sets the SectionName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SectionName field is set to the value of the last call. +func (b *LocalPolicyTargetReferenceWithSectionNameApplyConfiguration) WithSectionName(value v1.SectionName) *LocalPolicyTargetReferenceWithSectionNameApplyConfiguration { + b.SectionName = &value + return b +} diff --git a/apis/applyconfiguration/internal/internal.go b/apis/applyconfiguration/internal/internal.go index 1efff2a219..1d762106a5 100644 --- a/apis/applyconfiguration/internal/internal.go +++ b/apis/applyconfiguration/internal/internal.go @@ -1136,7 +1136,7 @@ var schemaYAML = typed.YAMLObject(`types: fields: - name: targetRef type: - namedType: io.k8s.sigs.gateway-api.apis.v1alpha2.PolicyTargetReferenceWithSectionName + namedType: io.k8s.sigs.gateway-api.apis.v1alpha2.LocalPolicyTargetReferenceWithSectionName default: {} - name: tls type: @@ -1163,6 +1163,24 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: io.k8s.sigs.gateway-api.apis.v1.GRPCRouteStatus default: {} +- name: io.k8s.sigs.gateway-api.apis.v1alpha2.LocalPolicyTargetReferenceWithSectionName + map: + fields: + - name: group + type: + scalar: string + default: "" + - name: kind + type: + scalar: string + default: "" + - name: name + type: + scalar: string + default: "" + - name: sectionName + type: + scalar: string - name: io.k8s.sigs.gateway-api.apis.v1alpha2.PolicyAncestorStatus map: fields: @@ -1191,27 +1209,6 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: io.k8s.sigs.gateway-api.apis.v1alpha2.PolicyAncestorStatus elementRelationship: atomic -- name: io.k8s.sigs.gateway-api.apis.v1alpha2.PolicyTargetReferenceWithSectionName - map: - fields: - - name: group - type: - scalar: string - default: "" - - name: kind - type: - scalar: string - default: "" - - name: name - type: - scalar: string - default: "" - - name: namespace - type: - scalar: string - - name: sectionName - type: - scalar: string - name: io.k8s.sigs.gateway-api.apis.v1alpha2.ReferenceGrant map: fields: diff --git a/apis/applyconfiguration/utils.go b/apis/applyconfiguration/utils.go index 4aef966b3a..4c3b03e46d 100644 --- a/apis/applyconfiguration/utils.go +++ b/apis/applyconfiguration/utils.go @@ -149,14 +149,14 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &apisv1alpha2.BackendTLSPolicySpecApplyConfiguration{} case v1alpha2.SchemeGroupVersion.WithKind("GRPCRoute"): return &apisv1alpha2.GRPCRouteApplyConfiguration{} + case v1alpha2.SchemeGroupVersion.WithKind("LocalPolicyTargetReference"): + return &apisv1alpha2.LocalPolicyTargetReferenceApplyConfiguration{} + case v1alpha2.SchemeGroupVersion.WithKind("LocalPolicyTargetReferenceWithSectionName"): + return &apisv1alpha2.LocalPolicyTargetReferenceWithSectionNameApplyConfiguration{} case v1alpha2.SchemeGroupVersion.WithKind("PolicyAncestorStatus"): return &apisv1alpha2.PolicyAncestorStatusApplyConfiguration{} case v1alpha2.SchemeGroupVersion.WithKind("PolicyStatus"): return &apisv1alpha2.PolicyStatusApplyConfiguration{} - case v1alpha2.SchemeGroupVersion.WithKind("PolicyTargetReference"): - return &apisv1alpha2.PolicyTargetReferenceApplyConfiguration{} - case v1alpha2.SchemeGroupVersion.WithKind("PolicyTargetReferenceWithSectionName"): - return &apisv1alpha2.PolicyTargetReferenceWithSectionNameApplyConfiguration{} case v1alpha2.SchemeGroupVersion.WithKind("ReferenceGrant"): return &apisv1alpha2.ReferenceGrantApplyConfiguration{} case v1alpha2.SchemeGroupVersion.WithKind("TCPRoute"): diff --git a/apis/v1alpha2/backendtlspolicy_types.go b/apis/v1alpha2/backendtlspolicy_types.go index 843e7184c4..db539ae59d 100644 --- a/apis/v1alpha2/backendtlspolicy_types.go +++ b/apis/v1alpha2/backendtlspolicy_types.go @@ -68,7 +68,7 @@ type BackendTLSPolicySpec struct { // // Support: Implementation-specific for any other resource // - TargetRef PolicyTargetReferenceWithSectionName `json:"targetRef"` + TargetRef LocalPolicyTargetReferenceWithSectionName `json:"targetRef"` // TLS contains backend TLS policy configuration. TLS BackendTLSPolicyConfig `json:"tls"` diff --git a/apis/v1alpha2/policy_types.go b/apis/v1alpha2/policy_types.go index af13314860..bc2ef766a9 100644 --- a/apis/v1alpha2/policy_types.go +++ b/apis/v1alpha2/policy_types.go @@ -31,12 +31,29 @@ const ( PolicyLabelKey = "gateway.networking.k8s.io/policy" ) -// PolicyTargetReference identifies an API object to apply a direct or +// LocalPolicyTargetReference identifies an API object to apply a direct or // inherited policy to. This should be used as part of Policy resources // that can target Gateway API resources. For more information on how this // policy attachment model works, and a sample Policy resource, refer to // the policy attachment documentation for Gateway API. -type PolicyTargetReference struct { +type LocalPolicyTargetReference struct { + // Group is the group of the target resource. + Group Group `json:"group"` + + // Kind is kind of the target resource. + Kind Kind `json:"kind"` + + // Name is the name of the target resource. + Name ObjectName `json:"name"` +} + +// NamespacedPolicyTargetReference identifies an API object to apply a direct or +// inherited policy to, potentially in a different namespace. This should only +// be used as part of Policy resources that need to be able to target resources +// in different namespaces. For more information on how this policy attachment +// model works, and a sample Policy resource, refer to the policy attachment +// documentation for Gateway API. +type NamespacedPolicyTargetReference struct { // Group is the group of the target resource. Group Group `json:"group"` @@ -55,17 +72,17 @@ type PolicyTargetReference struct { Namespace *Namespace `json:"namespace,omitempty"` } -// PolicyTargetReferenceWithSectionName identifies an API object to apply a direct -// policy to. This should be used as part of Policy resources that can target -// single resources. For more information on how this policy attachment mode -// works, and a sample Policy resource, refer to the policy attachment documentation -// for Gateway API. +// LocalPolicyTargetReferenceWithSectionName identifies an API object to apply a +// direct policy to. This should be used as part of Policy resources that can +// target single resources. For more information on how this policy attachment +// mode works, and a sample Policy resource, refer to the policy attachment +// documentation for Gateway API. // // Note: This should only be used for direct policy attachment when references -// to SectionName are actually needed. In all other cases, PolicyTargetReference -// should be used. -type PolicyTargetReferenceWithSectionName struct { - PolicyTargetReference `json:",inline"` +// to SectionName are actually needed. In all other cases, +// LocalPolicyTargetReference should be used. +type LocalPolicyTargetReferenceWithSectionName struct { + LocalPolicyTargetReference `json:",inline"` // SectionName is the name of a section within the target resource. When // unspecified, this targetRef targets the entire resource. In the following diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go index c7fa526cb0..20b3cdb942 100644 --- a/apis/v1alpha2/zz_generated.deepcopy.go +++ b/apis/v1alpha2/zz_generated.deepcopy.go @@ -187,52 +187,43 @@ func (in *GRPCRouteList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyAncestorStatus) DeepCopyInto(out *PolicyAncestorStatus) { +func (in *LocalPolicyTargetReference) DeepCopyInto(out *LocalPolicyTargetReference) { *out = *in - in.AncestorRef.DeepCopyInto(&out.AncestorRef) - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]metav1.Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyAncestorStatus. -func (in *PolicyAncestorStatus) DeepCopy() *PolicyAncestorStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalPolicyTargetReference. +func (in *LocalPolicyTargetReference) DeepCopy() *LocalPolicyTargetReference { if in == nil { return nil } - out := new(PolicyAncestorStatus) + out := new(LocalPolicyTargetReference) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus) { +func (in *LocalPolicyTargetReferenceWithSectionName) DeepCopyInto(out *LocalPolicyTargetReferenceWithSectionName) { *out = *in - if in.Ancestors != nil { - in, out := &in.Ancestors, &out.Ancestors - *out = make([]PolicyAncestorStatus, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + out.LocalPolicyTargetReference = in.LocalPolicyTargetReference + if in.SectionName != nil { + in, out := &in.SectionName, &out.SectionName + *out = new(v1.SectionName) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyStatus. -func (in *PolicyStatus) DeepCopy() *PolicyStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalPolicyTargetReferenceWithSectionName. +func (in *LocalPolicyTargetReferenceWithSectionName) DeepCopy() *LocalPolicyTargetReferenceWithSectionName { if in == nil { return nil } - out := new(PolicyStatus) + out := new(LocalPolicyTargetReferenceWithSectionName) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyTargetReference) DeepCopyInto(out *PolicyTargetReference) { +func (in *NamespacedPolicyTargetReference) DeepCopyInto(out *NamespacedPolicyTargetReference) { *out = *in if in.Namespace != nil { in, out := &in.Namespace, &out.Namespace @@ -241,33 +232,57 @@ func (in *PolicyTargetReference) DeepCopyInto(out *PolicyTargetReference) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReference. -func (in *PolicyTargetReference) DeepCopy() *PolicyTargetReference { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespacedPolicyTargetReference. +func (in *NamespacedPolicyTargetReference) DeepCopy() *NamespacedPolicyTargetReference { if in == nil { return nil } - out := new(PolicyTargetReference) + out := new(NamespacedPolicyTargetReference) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyTargetReferenceWithSectionName) DeepCopyInto(out *PolicyTargetReferenceWithSectionName) { +func (in *PolicyAncestorStatus) DeepCopyInto(out *PolicyAncestorStatus) { *out = *in - in.PolicyTargetReference.DeepCopyInto(&out.PolicyTargetReference) - if in.SectionName != nil { - in, out := &in.SectionName, &out.SectionName - *out = new(v1.SectionName) - **out = **in + in.AncestorRef.DeepCopyInto(&out.AncestorRef) + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReferenceWithSectionName. -func (in *PolicyTargetReferenceWithSectionName) DeepCopy() *PolicyTargetReferenceWithSectionName { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyAncestorStatus. +func (in *PolicyAncestorStatus) DeepCopy() *PolicyAncestorStatus { if in == nil { return nil } - out := new(PolicyTargetReferenceWithSectionName) + out := new(PolicyAncestorStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus) { + *out = *in + if in.Ancestors != nil { + in, out := &in.Ancestors, &out.Ancestors + *out = make([]PolicyAncestorStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyStatus. +func (in *PolicyStatus) DeepCopy() *PolicyStatus { + if in == nil { + return nil + } + out := new(PolicyStatus) in.DeepCopyInto(out) return out } diff --git a/config/crd/experimental/gateway.networking.k8s.io_backendtlspolicies.yaml b/config/crd/experimental/gateway.networking.k8s.io_backendtlspolicies.yaml index 543a826a21..00ceb84acd 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_backendtlspolicies.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_backendtlspolicies.yaml @@ -84,16 +84,6 @@ spec: maxLength: 253 minLength: 1 type: string - namespace: - description: |- - Namespace is the namespace of the referent. When unspecified, the local - namespace is inferred. Even when policy targets a resource in a different - namespace, it MUST only apply to traffic originating from the same - namespace as the policy. - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string sectionName: description: |- SectionName is the name of a section within the target resource. When diff --git a/geps/gep-2648/index.md b/geps/gep-2648/index.md index ab8c78baef..5fd37442ca 100644 --- a/geps/gep-2648/index.md +++ b/geps/gep-2648/index.md @@ -102,9 +102,6 @@ simple design patterns _if they meet a set of criteria_. With that background and the previous example in mind, here are some rules for when a Policy is a Direct Attached Policy: - -* The number or scope of objects is exactly _one_ object. No label selectors or - lists of `targetRef` are allowed. * The Policy can only be attached at exactly _one_ layer in the hierarchy. Any Policy that can be attached at multiple levels must necessarily have some defaulting behavior in the case that two of the same kind are attached at different points @@ -132,7 +129,33 @@ when a Policy is a Direct Attached Policy: of some sort, where the things outside the namespace can opt–out of the behavior. (Notably, this is the design that we used for ReferenceGrant). -## Apply Policies to Sections of a Resource +## Target References +### Cross Namespace + +In all cases, Gateway API policies should only have an effect on the namespace +they exist within. In the case of policies that could apply to mesh +implementations, it may be desirable to have a policy that affects traffic +originating from the local namespace but going to a separate namespace. Unless +that specific case is desired, all policy target refs should be local and +exclude the "namespace" field. + +### Multiple + +In some cases, it may be desirable for a policy to target more than one resource +at a time. For example, a policy may apply to different variations of what is +effectively the same Service (store, store-blue, and store-green). If this is +desired, a policy can choose to support a `targetRefs` list instead of a +singular `targetRef` field. This list can have a maximum of 16 entries, though +it may be desirable to start with a lower limit depending on the policy. + +#### Migration from Single to Multiple Targets + +Existing policies with a single `targetRef` may want to transition to supporting +multiple `targetRefs`. To accomplish this, we recommend adding CEL validation +to your CRD to allow only one of the fields to be set. Users will be able to +set `targetRefs` in the same update that they unset `targetRef`. + +### Section Names The `sectionName` field of `targetRef` can be used to target a specific section of other resources, for example: @@ -326,7 +349,7 @@ so needs further namespacing of its status. This pattern also provides a clear view of what resources a policy is affecting. For the best integration with community tooling and consistency across -the broader community, we recommend that all implementations transition +the broader community, we recommend that all implementations transition to Policy status with this kind of nested structure. This is an `Ancestor` status rather than a `Parent` status, as in the Route status @@ -334,8 +357,8 @@ because for Policy attachment, the relevant object may or may not be the direct parent. For example, `BackendTLSPolicy` directly attaches to a Service, which may be included -in multiple Routes, in multiple Gateways. However, for many implementations, -the status of the `BackendTLSPolicy` will be different only at the Gateway level, +in multiple Routes, in multiple Gateways. However, for many implementations, +the status of the `BackendTLSPolicy` will be different only at the Gateway level, so Gateway is the relevant Ancestor for the status. Each Gateway that has a Route that includes a backend with an attached `BackendTLSPolicy` @@ -355,16 +378,16 @@ itself (at the time of writing, this is in `apis/v1alpha2/policy_types.go`). // // Ancestors refer to objects that are either the Target of a policy or above it in terms // of object hierarchy. For example, if a policy targets a Service, an Ancestor could be -// a Route or a Gateway. +// a Route or a Gateway. // In the context of policy attachment, the Ancestor is used to distinguish which // resource results in a distinct application of this policy. For example, if a policy // targets a Service, it may have a distinct result per attached Gateway. -// -// Policies targeting the same resource may have different effects depending on the +// +// Policies targeting the same resource may have different effects depending on the // ancestors of those resources. For example, different Gateways targeting the same // Service may have different capabilities, especially if they have different underlying -// implementations. +// implementations. // // For example, in BackendTLSPolicy, the Policy attaches to a Service that is // used as a backend in a HTTPRoute that is itself attached to a Gateway. @@ -417,7 +440,7 @@ type PolicyStatus struct { // an important part of Policy design is designing the right object level at // which to namespace this status. // - // Note also that implementations MUST ONLY populate ancestor status for + // Note also that implementations MUST ONLY populate ancestor status for // the Ancestor resources they are responsible for. Implementations MUST // use the ControllerName field to uniquely identify the entries in this list // that they are responsible for. @@ -442,7 +465,7 @@ apiVersion: networking.example.io/v1alpha1 kind: TLSMinimumVersionPolicy metadata: name: minimum12 - namespace: appns + namespace: appns labels: "gateway.networking.k8s.io/policy": "direct" spec: diff --git a/gwctl/pkg/policymanager/manager.go b/gwctl/pkg/policymanager/manager.go index 35e66918c9..3eac669e5f 100644 --- a/gwctl/pkg/policymanager/manager.go +++ b/gwctl/pkg/policymanager/manager.go @@ -232,7 +232,7 @@ func PolicyFromUnstructured(u unstructured.Unstructured, policyCRDs map[PolicyCr metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec struct { - TargetRef gatewayv1alpha2.PolicyTargetReference + TargetRef gatewayv1alpha2.NamespacedPolicyTargetReference } } structuredPolicy := &genericPolicy{} @@ -246,7 +246,7 @@ func PolicyFromUnstructured(u unstructured.Unstructured, policyCRDs map[PolicyCr Namespace: structuredPolicy.GetNamespace(), } if result.targetRef.Namespace == "" { - result.targetRef.Namespace = "default" + result.targetRef.Namespace = result.u.GetNamespace() } if structuredPolicy.Spec.TargetRef.Namespace != nil { result.targetRef.Namespace = string(*structuredPolicy.Spec.TargetRef.Namespace) diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index 302139cc33..6126c0049e 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -31,153 +31,154 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ApplyOptions": schema_pkg_apis_meta_v1_ApplyOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition": schema_pkg_apis_meta_v1_Condition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), - "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), - "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), - "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), - "k8s.io/apimachinery/pkg/version.Info": schema_k8sio_apimachinery_pkg_version_Info(ref), - "sigs.k8s.io/gateway-api/apis/v1.AllowedRoutes": schema_sigsk8sio_gateway_api_apis_v1_AllowedRoutes(ref), - "sigs.k8s.io/gateway-api/apis/v1.BackendObjectReference": schema_sigsk8sio_gateway_api_apis_v1_BackendObjectReference(ref), - "sigs.k8s.io/gateway-api/apis/v1.BackendRef": schema_sigsk8sio_gateway_api_apis_v1_BackendRef(ref), - "sigs.k8s.io/gateway-api/apis/v1.CommonRouteSpec": schema_sigsk8sio_gateway_api_apis_v1_CommonRouteSpec(ref), - "sigs.k8s.io/gateway-api/apis/v1.FrontendTLSValidation": schema_sigsk8sio_gateway_api_apis_v1_FrontendTLSValidation(ref), - "sigs.k8s.io/gateway-api/apis/v1.GRPCBackendRef": schema_sigsk8sio_gateway_api_apis_v1_GRPCBackendRef(ref), - "sigs.k8s.io/gateway-api/apis/v1.GRPCHeaderMatch": schema_sigsk8sio_gateway_api_apis_v1_GRPCHeaderMatch(ref), - "sigs.k8s.io/gateway-api/apis/v1.GRPCMethodMatch": schema_sigsk8sio_gateway_api_apis_v1_GRPCMethodMatch(ref), - "sigs.k8s.io/gateway-api/apis/v1.GRPCRoute": schema_sigsk8sio_gateway_api_apis_v1_GRPCRoute(ref), - "sigs.k8s.io/gateway-api/apis/v1.GRPCRouteFilter": schema_sigsk8sio_gateway_api_apis_v1_GRPCRouteFilter(ref), - "sigs.k8s.io/gateway-api/apis/v1.GRPCRouteList": schema_sigsk8sio_gateway_api_apis_v1_GRPCRouteList(ref), - "sigs.k8s.io/gateway-api/apis/v1.GRPCRouteMatch": schema_sigsk8sio_gateway_api_apis_v1_GRPCRouteMatch(ref), - "sigs.k8s.io/gateway-api/apis/v1.GRPCRouteRule": schema_sigsk8sio_gateway_api_apis_v1_GRPCRouteRule(ref), - "sigs.k8s.io/gateway-api/apis/v1.GRPCRouteSpec": schema_sigsk8sio_gateway_api_apis_v1_GRPCRouteSpec(ref), - "sigs.k8s.io/gateway-api/apis/v1.GRPCRouteStatus": schema_sigsk8sio_gateway_api_apis_v1_GRPCRouteStatus(ref), - "sigs.k8s.io/gateway-api/apis/v1.Gateway": schema_sigsk8sio_gateway_api_apis_v1_Gateway(ref), - "sigs.k8s.io/gateway-api/apis/v1.GatewayAddress": schema_sigsk8sio_gateway_api_apis_v1_GatewayAddress(ref), - "sigs.k8s.io/gateway-api/apis/v1.GatewayClass": schema_sigsk8sio_gateway_api_apis_v1_GatewayClass(ref), - "sigs.k8s.io/gateway-api/apis/v1.GatewayClassList": schema_sigsk8sio_gateway_api_apis_v1_GatewayClassList(ref), - "sigs.k8s.io/gateway-api/apis/v1.GatewayClassSpec": schema_sigsk8sio_gateway_api_apis_v1_GatewayClassSpec(ref), - "sigs.k8s.io/gateway-api/apis/v1.GatewayClassStatus": schema_sigsk8sio_gateway_api_apis_v1_GatewayClassStatus(ref), - "sigs.k8s.io/gateway-api/apis/v1.GatewayInfrastructure": schema_sigsk8sio_gateway_api_apis_v1_GatewayInfrastructure(ref), - "sigs.k8s.io/gateway-api/apis/v1.GatewayList": schema_sigsk8sio_gateway_api_apis_v1_GatewayList(ref), - "sigs.k8s.io/gateway-api/apis/v1.GatewaySpec": schema_sigsk8sio_gateway_api_apis_v1_GatewaySpec(ref), - "sigs.k8s.io/gateway-api/apis/v1.GatewayStatus": schema_sigsk8sio_gateway_api_apis_v1_GatewayStatus(ref), - "sigs.k8s.io/gateway-api/apis/v1.GatewayStatusAddress": schema_sigsk8sio_gateway_api_apis_v1_GatewayStatusAddress(ref), - "sigs.k8s.io/gateway-api/apis/v1.GatewayTLSConfig": schema_sigsk8sio_gateway_api_apis_v1_GatewayTLSConfig(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPBackendRef": schema_sigsk8sio_gateway_api_apis_v1_HTTPBackendRef(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPHeader": schema_sigsk8sio_gateway_api_apis_v1_HTTPHeader(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPHeaderFilter": schema_sigsk8sio_gateway_api_apis_v1_HTTPHeaderFilter(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPHeaderMatch": schema_sigsk8sio_gateway_api_apis_v1_HTTPHeaderMatch(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPPathMatch": schema_sigsk8sio_gateway_api_apis_v1_HTTPPathMatch(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPPathModifier": schema_sigsk8sio_gateway_api_apis_v1_HTTPPathModifier(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPQueryParamMatch": schema_sigsk8sio_gateway_api_apis_v1_HTTPQueryParamMatch(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPRequestMirrorFilter": schema_sigsk8sio_gateway_api_apis_v1_HTTPRequestMirrorFilter(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPRequestRedirectFilter": schema_sigsk8sio_gateway_api_apis_v1_HTTPRequestRedirectFilter(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPRoute": schema_sigsk8sio_gateway_api_apis_v1_HTTPRoute(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPRouteFilter": schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteFilter(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPRouteList": schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteList(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPRouteMatch": schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteMatch(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPRouteRule": schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteRule(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPRouteSpec": schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteSpec(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPRouteStatus": schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteStatus(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPRouteTimeouts": schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteTimeouts(ref), - "sigs.k8s.io/gateway-api/apis/v1.HTTPURLRewriteFilter": schema_sigsk8sio_gateway_api_apis_v1_HTTPURLRewriteFilter(ref), - "sigs.k8s.io/gateway-api/apis/v1.Listener": schema_sigsk8sio_gateway_api_apis_v1_Listener(ref), - "sigs.k8s.io/gateway-api/apis/v1.ListenerStatus": schema_sigsk8sio_gateway_api_apis_v1_ListenerStatus(ref), - "sigs.k8s.io/gateway-api/apis/v1.LocalObjectReference": schema_sigsk8sio_gateway_api_apis_v1_LocalObjectReference(ref), - "sigs.k8s.io/gateway-api/apis/v1.LocalParametersReference": schema_sigsk8sio_gateway_api_apis_v1_LocalParametersReference(ref), - "sigs.k8s.io/gateway-api/apis/v1.ObjectReference": schema_sigsk8sio_gateway_api_apis_v1_ObjectReference(ref), - "sigs.k8s.io/gateway-api/apis/v1.ParametersReference": schema_sigsk8sio_gateway_api_apis_v1_ParametersReference(ref), - "sigs.k8s.io/gateway-api/apis/v1.ParentReference": schema_sigsk8sio_gateway_api_apis_v1_ParentReference(ref), - "sigs.k8s.io/gateway-api/apis/v1.RouteGroupKind": schema_sigsk8sio_gateway_api_apis_v1_RouteGroupKind(ref), - "sigs.k8s.io/gateway-api/apis/v1.RouteNamespaces": schema_sigsk8sio_gateway_api_apis_v1_RouteNamespaces(ref), - "sigs.k8s.io/gateway-api/apis/v1.RouteParentStatus": schema_sigsk8sio_gateway_api_apis_v1_RouteParentStatus(ref), - "sigs.k8s.io/gateway-api/apis/v1.RouteStatus": schema_sigsk8sio_gateway_api_apis_v1_RouteStatus(ref), - "sigs.k8s.io/gateway-api/apis/v1.SecretObjectReference": schema_sigsk8sio_gateway_api_apis_v1_SecretObjectReference(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.BackendTLSPolicy": schema_sigsk8sio_gateway_api_apis_v1alpha2_BackendTLSPolicy(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.BackendTLSPolicyConfig": schema_sigsk8sio_gateway_api_apis_v1alpha2_BackendTLSPolicyConfig(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.BackendTLSPolicyList": schema_sigsk8sio_gateway_api_apis_v1alpha2_BackendTLSPolicyList(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.BackendTLSPolicySpec": schema_sigsk8sio_gateway_api_apis_v1alpha2_BackendTLSPolicySpec(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.GRPCRoute": schema_sigsk8sio_gateway_api_apis_v1alpha2_GRPCRoute(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.GRPCRouteList": schema_sigsk8sio_gateway_api_apis_v1alpha2_GRPCRouteList(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyAncestorStatus": schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyAncestorStatus(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyStatus": schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyStatus(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyTargetReference": schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyTargetReference(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyTargetReferenceWithSectionName": schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyTargetReferenceWithSectionName(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.ReferenceGrant": schema_sigsk8sio_gateway_api_apis_v1alpha2_ReferenceGrant(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.ReferenceGrantList": schema_sigsk8sio_gateway_api_apis_v1alpha2_ReferenceGrantList(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.TCPRoute": schema_sigsk8sio_gateway_api_apis_v1alpha2_TCPRoute(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.TCPRouteList": schema_sigsk8sio_gateway_api_apis_v1alpha2_TCPRouteList(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.TCPRouteRule": schema_sigsk8sio_gateway_api_apis_v1alpha2_TCPRouteRule(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.TCPRouteSpec": schema_sigsk8sio_gateway_api_apis_v1alpha2_TCPRouteSpec(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.TCPRouteStatus": schema_sigsk8sio_gateway_api_apis_v1alpha2_TCPRouteStatus(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.TLSRoute": schema_sigsk8sio_gateway_api_apis_v1alpha2_TLSRoute(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.TLSRouteList": schema_sigsk8sio_gateway_api_apis_v1alpha2_TLSRouteList(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.TLSRouteRule": schema_sigsk8sio_gateway_api_apis_v1alpha2_TLSRouteRule(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.TLSRouteSpec": schema_sigsk8sio_gateway_api_apis_v1alpha2_TLSRouteSpec(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.TLSRouteStatus": schema_sigsk8sio_gateway_api_apis_v1alpha2_TLSRouteStatus(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.UDPRoute": schema_sigsk8sio_gateway_api_apis_v1alpha2_UDPRoute(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.UDPRouteList": schema_sigsk8sio_gateway_api_apis_v1alpha2_UDPRouteList(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.UDPRouteRule": schema_sigsk8sio_gateway_api_apis_v1alpha2_UDPRouteRule(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.UDPRouteSpec": schema_sigsk8sio_gateway_api_apis_v1alpha2_UDPRouteSpec(ref), - "sigs.k8s.io/gateway-api/apis/v1alpha2.UDPRouteStatus": schema_sigsk8sio_gateway_api_apis_v1alpha2_UDPRouteStatus(ref), - "sigs.k8s.io/gateway-api/apis/v1beta1.Gateway": schema_sigsk8sio_gateway_api_apis_v1beta1_Gateway(ref), - "sigs.k8s.io/gateway-api/apis/v1beta1.GatewayClass": schema_sigsk8sio_gateway_api_apis_v1beta1_GatewayClass(ref), - "sigs.k8s.io/gateway-api/apis/v1beta1.GatewayClassList": schema_sigsk8sio_gateway_api_apis_v1beta1_GatewayClassList(ref), - "sigs.k8s.io/gateway-api/apis/v1beta1.GatewayList": schema_sigsk8sio_gateway_api_apis_v1beta1_GatewayList(ref), - "sigs.k8s.io/gateway-api/apis/v1beta1.HTTPRoute": schema_sigsk8sio_gateway_api_apis_v1beta1_HTTPRoute(ref), - "sigs.k8s.io/gateway-api/apis/v1beta1.HTTPRouteList": schema_sigsk8sio_gateway_api_apis_v1beta1_HTTPRouteList(ref), - "sigs.k8s.io/gateway-api/apis/v1beta1.ReferenceGrant": schema_sigsk8sio_gateway_api_apis_v1beta1_ReferenceGrant(ref), - "sigs.k8s.io/gateway-api/apis/v1beta1.ReferenceGrantFrom": schema_sigsk8sio_gateway_api_apis_v1beta1_ReferenceGrantFrom(ref), - "sigs.k8s.io/gateway-api/apis/v1beta1.ReferenceGrantList": schema_sigsk8sio_gateway_api_apis_v1beta1_ReferenceGrantList(ref), - "sigs.k8s.io/gateway-api/apis/v1beta1.ReferenceGrantSpec": schema_sigsk8sio_gateway_api_apis_v1beta1_ReferenceGrantSpec(ref), - "sigs.k8s.io/gateway-api/apis/v1beta1.ReferenceGrantTo": schema_sigsk8sio_gateway_api_apis_v1beta1_ReferenceGrantTo(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ApplyOptions": schema_pkg_apis_meta_v1_ApplyOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition": schema_pkg_apis_meta_v1_Condition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), + "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), + "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), + "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), + "k8s.io/apimachinery/pkg/version.Info": schema_k8sio_apimachinery_pkg_version_Info(ref), + "sigs.k8s.io/gateway-api/apis/v1.AllowedRoutes": schema_sigsk8sio_gateway_api_apis_v1_AllowedRoutes(ref), + "sigs.k8s.io/gateway-api/apis/v1.BackendObjectReference": schema_sigsk8sio_gateway_api_apis_v1_BackendObjectReference(ref), + "sigs.k8s.io/gateway-api/apis/v1.BackendRef": schema_sigsk8sio_gateway_api_apis_v1_BackendRef(ref), + "sigs.k8s.io/gateway-api/apis/v1.CommonRouteSpec": schema_sigsk8sio_gateway_api_apis_v1_CommonRouteSpec(ref), + "sigs.k8s.io/gateway-api/apis/v1.FrontendTLSValidation": schema_sigsk8sio_gateway_api_apis_v1_FrontendTLSValidation(ref), + "sigs.k8s.io/gateway-api/apis/v1.GRPCBackendRef": schema_sigsk8sio_gateway_api_apis_v1_GRPCBackendRef(ref), + "sigs.k8s.io/gateway-api/apis/v1.GRPCHeaderMatch": schema_sigsk8sio_gateway_api_apis_v1_GRPCHeaderMatch(ref), + "sigs.k8s.io/gateway-api/apis/v1.GRPCMethodMatch": schema_sigsk8sio_gateway_api_apis_v1_GRPCMethodMatch(ref), + "sigs.k8s.io/gateway-api/apis/v1.GRPCRoute": schema_sigsk8sio_gateway_api_apis_v1_GRPCRoute(ref), + "sigs.k8s.io/gateway-api/apis/v1.GRPCRouteFilter": schema_sigsk8sio_gateway_api_apis_v1_GRPCRouteFilter(ref), + "sigs.k8s.io/gateway-api/apis/v1.GRPCRouteList": schema_sigsk8sio_gateway_api_apis_v1_GRPCRouteList(ref), + "sigs.k8s.io/gateway-api/apis/v1.GRPCRouteMatch": schema_sigsk8sio_gateway_api_apis_v1_GRPCRouteMatch(ref), + "sigs.k8s.io/gateway-api/apis/v1.GRPCRouteRule": schema_sigsk8sio_gateway_api_apis_v1_GRPCRouteRule(ref), + "sigs.k8s.io/gateway-api/apis/v1.GRPCRouteSpec": schema_sigsk8sio_gateway_api_apis_v1_GRPCRouteSpec(ref), + "sigs.k8s.io/gateway-api/apis/v1.GRPCRouteStatus": schema_sigsk8sio_gateway_api_apis_v1_GRPCRouteStatus(ref), + "sigs.k8s.io/gateway-api/apis/v1.Gateway": schema_sigsk8sio_gateway_api_apis_v1_Gateway(ref), + "sigs.k8s.io/gateway-api/apis/v1.GatewayAddress": schema_sigsk8sio_gateway_api_apis_v1_GatewayAddress(ref), + "sigs.k8s.io/gateway-api/apis/v1.GatewayClass": schema_sigsk8sio_gateway_api_apis_v1_GatewayClass(ref), + "sigs.k8s.io/gateway-api/apis/v1.GatewayClassList": schema_sigsk8sio_gateway_api_apis_v1_GatewayClassList(ref), + "sigs.k8s.io/gateway-api/apis/v1.GatewayClassSpec": schema_sigsk8sio_gateway_api_apis_v1_GatewayClassSpec(ref), + "sigs.k8s.io/gateway-api/apis/v1.GatewayClassStatus": schema_sigsk8sio_gateway_api_apis_v1_GatewayClassStatus(ref), + "sigs.k8s.io/gateway-api/apis/v1.GatewayInfrastructure": schema_sigsk8sio_gateway_api_apis_v1_GatewayInfrastructure(ref), + "sigs.k8s.io/gateway-api/apis/v1.GatewayList": schema_sigsk8sio_gateway_api_apis_v1_GatewayList(ref), + "sigs.k8s.io/gateway-api/apis/v1.GatewaySpec": schema_sigsk8sio_gateway_api_apis_v1_GatewaySpec(ref), + "sigs.k8s.io/gateway-api/apis/v1.GatewayStatus": schema_sigsk8sio_gateway_api_apis_v1_GatewayStatus(ref), + "sigs.k8s.io/gateway-api/apis/v1.GatewayStatusAddress": schema_sigsk8sio_gateway_api_apis_v1_GatewayStatusAddress(ref), + "sigs.k8s.io/gateway-api/apis/v1.GatewayTLSConfig": schema_sigsk8sio_gateway_api_apis_v1_GatewayTLSConfig(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPBackendRef": schema_sigsk8sio_gateway_api_apis_v1_HTTPBackendRef(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPHeader": schema_sigsk8sio_gateway_api_apis_v1_HTTPHeader(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPHeaderFilter": schema_sigsk8sio_gateway_api_apis_v1_HTTPHeaderFilter(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPHeaderMatch": schema_sigsk8sio_gateway_api_apis_v1_HTTPHeaderMatch(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPPathMatch": schema_sigsk8sio_gateway_api_apis_v1_HTTPPathMatch(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPPathModifier": schema_sigsk8sio_gateway_api_apis_v1_HTTPPathModifier(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPQueryParamMatch": schema_sigsk8sio_gateway_api_apis_v1_HTTPQueryParamMatch(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPRequestMirrorFilter": schema_sigsk8sio_gateway_api_apis_v1_HTTPRequestMirrorFilter(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPRequestRedirectFilter": schema_sigsk8sio_gateway_api_apis_v1_HTTPRequestRedirectFilter(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPRoute": schema_sigsk8sio_gateway_api_apis_v1_HTTPRoute(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPRouteFilter": schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteFilter(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPRouteList": schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteList(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPRouteMatch": schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteMatch(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPRouteRule": schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteRule(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPRouteSpec": schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteSpec(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPRouteStatus": schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteStatus(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPRouteTimeouts": schema_sigsk8sio_gateway_api_apis_v1_HTTPRouteTimeouts(ref), + "sigs.k8s.io/gateway-api/apis/v1.HTTPURLRewriteFilter": schema_sigsk8sio_gateway_api_apis_v1_HTTPURLRewriteFilter(ref), + "sigs.k8s.io/gateway-api/apis/v1.Listener": schema_sigsk8sio_gateway_api_apis_v1_Listener(ref), + "sigs.k8s.io/gateway-api/apis/v1.ListenerStatus": schema_sigsk8sio_gateway_api_apis_v1_ListenerStatus(ref), + "sigs.k8s.io/gateway-api/apis/v1.LocalObjectReference": schema_sigsk8sio_gateway_api_apis_v1_LocalObjectReference(ref), + "sigs.k8s.io/gateway-api/apis/v1.LocalParametersReference": schema_sigsk8sio_gateway_api_apis_v1_LocalParametersReference(ref), + "sigs.k8s.io/gateway-api/apis/v1.ObjectReference": schema_sigsk8sio_gateway_api_apis_v1_ObjectReference(ref), + "sigs.k8s.io/gateway-api/apis/v1.ParametersReference": schema_sigsk8sio_gateway_api_apis_v1_ParametersReference(ref), + "sigs.k8s.io/gateway-api/apis/v1.ParentReference": schema_sigsk8sio_gateway_api_apis_v1_ParentReference(ref), + "sigs.k8s.io/gateway-api/apis/v1.RouteGroupKind": schema_sigsk8sio_gateway_api_apis_v1_RouteGroupKind(ref), + "sigs.k8s.io/gateway-api/apis/v1.RouteNamespaces": schema_sigsk8sio_gateway_api_apis_v1_RouteNamespaces(ref), + "sigs.k8s.io/gateway-api/apis/v1.RouteParentStatus": schema_sigsk8sio_gateway_api_apis_v1_RouteParentStatus(ref), + "sigs.k8s.io/gateway-api/apis/v1.RouteStatus": schema_sigsk8sio_gateway_api_apis_v1_RouteStatus(ref), + "sigs.k8s.io/gateway-api/apis/v1.SecretObjectReference": schema_sigsk8sio_gateway_api_apis_v1_SecretObjectReference(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.BackendTLSPolicy": schema_sigsk8sio_gateway_api_apis_v1alpha2_BackendTLSPolicy(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.BackendTLSPolicyConfig": schema_sigsk8sio_gateway_api_apis_v1alpha2_BackendTLSPolicyConfig(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.BackendTLSPolicyList": schema_sigsk8sio_gateway_api_apis_v1alpha2_BackendTLSPolicyList(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.BackendTLSPolicySpec": schema_sigsk8sio_gateway_api_apis_v1alpha2_BackendTLSPolicySpec(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.GRPCRoute": schema_sigsk8sio_gateway_api_apis_v1alpha2_GRPCRoute(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.GRPCRouteList": schema_sigsk8sio_gateway_api_apis_v1alpha2_GRPCRouteList(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.LocalPolicyTargetReference": schema_sigsk8sio_gateway_api_apis_v1alpha2_LocalPolicyTargetReference(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.LocalPolicyTargetReferenceWithSectionName": schema_sigsk8sio_gateway_api_apis_v1alpha2_LocalPolicyTargetReferenceWithSectionName(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference": schema_sigsk8sio_gateway_api_apis_v1alpha2_NamespacedPolicyTargetReference(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyAncestorStatus": schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyAncestorStatus(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyStatus": schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyStatus(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.ReferenceGrant": schema_sigsk8sio_gateway_api_apis_v1alpha2_ReferenceGrant(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.ReferenceGrantList": schema_sigsk8sio_gateway_api_apis_v1alpha2_ReferenceGrantList(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.TCPRoute": schema_sigsk8sio_gateway_api_apis_v1alpha2_TCPRoute(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.TCPRouteList": schema_sigsk8sio_gateway_api_apis_v1alpha2_TCPRouteList(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.TCPRouteRule": schema_sigsk8sio_gateway_api_apis_v1alpha2_TCPRouteRule(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.TCPRouteSpec": schema_sigsk8sio_gateway_api_apis_v1alpha2_TCPRouteSpec(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.TCPRouteStatus": schema_sigsk8sio_gateway_api_apis_v1alpha2_TCPRouteStatus(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.TLSRoute": schema_sigsk8sio_gateway_api_apis_v1alpha2_TLSRoute(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.TLSRouteList": schema_sigsk8sio_gateway_api_apis_v1alpha2_TLSRouteList(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.TLSRouteRule": schema_sigsk8sio_gateway_api_apis_v1alpha2_TLSRouteRule(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.TLSRouteSpec": schema_sigsk8sio_gateway_api_apis_v1alpha2_TLSRouteSpec(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.TLSRouteStatus": schema_sigsk8sio_gateway_api_apis_v1alpha2_TLSRouteStatus(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.UDPRoute": schema_sigsk8sio_gateway_api_apis_v1alpha2_UDPRoute(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.UDPRouteList": schema_sigsk8sio_gateway_api_apis_v1alpha2_UDPRouteList(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.UDPRouteRule": schema_sigsk8sio_gateway_api_apis_v1alpha2_UDPRouteRule(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.UDPRouteSpec": schema_sigsk8sio_gateway_api_apis_v1alpha2_UDPRouteSpec(ref), + "sigs.k8s.io/gateway-api/apis/v1alpha2.UDPRouteStatus": schema_sigsk8sio_gateway_api_apis_v1alpha2_UDPRouteStatus(ref), + "sigs.k8s.io/gateway-api/apis/v1beta1.Gateway": schema_sigsk8sio_gateway_api_apis_v1beta1_Gateway(ref), + "sigs.k8s.io/gateway-api/apis/v1beta1.GatewayClass": schema_sigsk8sio_gateway_api_apis_v1beta1_GatewayClass(ref), + "sigs.k8s.io/gateway-api/apis/v1beta1.GatewayClassList": schema_sigsk8sio_gateway_api_apis_v1beta1_GatewayClassList(ref), + "sigs.k8s.io/gateway-api/apis/v1beta1.GatewayList": schema_sigsk8sio_gateway_api_apis_v1beta1_GatewayList(ref), + "sigs.k8s.io/gateway-api/apis/v1beta1.HTTPRoute": schema_sigsk8sio_gateway_api_apis_v1beta1_HTTPRoute(ref), + "sigs.k8s.io/gateway-api/apis/v1beta1.HTTPRouteList": schema_sigsk8sio_gateway_api_apis_v1beta1_HTTPRouteList(ref), + "sigs.k8s.io/gateway-api/apis/v1beta1.ReferenceGrant": schema_sigsk8sio_gateway_api_apis_v1beta1_ReferenceGrant(ref), + "sigs.k8s.io/gateway-api/apis/v1beta1.ReferenceGrantFrom": schema_sigsk8sio_gateway_api_apis_v1beta1_ReferenceGrantFrom(ref), + "sigs.k8s.io/gateway-api/apis/v1beta1.ReferenceGrantList": schema_sigsk8sio_gateway_api_apis_v1beta1_ReferenceGrantList(ref), + "sigs.k8s.io/gateway-api/apis/v1beta1.ReferenceGrantSpec": schema_sigsk8sio_gateway_api_apis_v1beta1_ReferenceGrantSpec(ref), + "sigs.k8s.io/gateway-api/apis/v1beta1.ReferenceGrantTo": schema_sigsk8sio_gateway_api_apis_v1beta1_ReferenceGrantTo(ref), } } @@ -5394,7 +5395,7 @@ func schema_sigsk8sio_gateway_api_apis_v1alpha2_BackendTLSPolicySpec(ref common. SchemaProps: spec.SchemaProps{ Description: "TargetRef identifies an API object to apply the policy to. Only Services have Extended support. Implementations MAY support additional objects, with Implementation Specific support. Note that this config applies to the entire referenced resource by default, but this default may change in the future to provide a more granular application of the policy.\n\nSupport: Extended for Kubernetes Service\n\nSupport: Implementation-specific for any other resource", Default: map[string]interface{}{}, - Ref: ref("sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyTargetReferenceWithSectionName"), + Ref: ref("sigs.k8s.io/gateway-api/apis/v1alpha2.LocalPolicyTargetReferenceWithSectionName"), }, }, "tls": { @@ -5409,7 +5410,7 @@ func schema_sigsk8sio_gateway_api_apis_v1alpha2_BackendTLSPolicySpec(ref common. }, }, Dependencies: []string{ - "sigs.k8s.io/gateway-api/apis/v1alpha2.BackendTLSPolicyConfig", "sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyTargetReferenceWithSectionName"}, + "sigs.k8s.io/gateway-api/apis/v1alpha2.BackendTLSPolicyConfig", "sigs.k8s.io/gateway-api/apis/v1alpha2.LocalPolicyTargetReferenceWithSectionName"}, } } @@ -5509,94 +5510,49 @@ func schema_sigsk8sio_gateway_api_apis_v1alpha2_GRPCRouteList(ref common.Referen } } -func schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyAncestorStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_sigsk8sio_gateway_api_apis_v1alpha2_LocalPolicyTargetReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PolicyAncestorStatus describes the status of a route with respect to an associated Ancestor.\n\nAncestors refer to objects that are either the Target of a policy or above it in terms of object hierarchy. For example, if a policy targets a Service, the Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most useful object to place Policy status on, so we recommend that implementations SHOULD use Gateway as the PolicyAncestorStatus object unless the designers have a _very_ good reason otherwise.\n\nIn the context of policy attachment, the Ancestor is used to distinguish which resource results in a distinct application of this policy. For example, if a policy targets a Service, it may have a distinct result per attached Gateway.\n\nPolicies targeting the same resource may have different effects depending on the ancestors of those resources. For example, different Gateways targeting the same Service may have different capabilities, especially if they have different underlying implementations.\n\nFor example, in BackendTLSPolicy, the Policy attaches to a Service that is used as a backend in a HTTPRoute that is itself attached to a Gateway. In this case, the relevant object for status is the Gateway, and that is the ancestor object referred to in this status.\n\nNote that a parent is also an ancestor, so for objects where the parent is the relevant object for status, this struct SHOULD still be used.\n\nThis struct is intended to be used in a slice that's effectively a map, with a composite key made up of the AncestorRef and the ControllerName.", + Description: "LocalPolicyTargetReference identifies an API object to apply a direct or inherited policy to. This should be used as part of Policy resources that can target Gateway API resources. For more information on how this policy attachment model works, and a sample Policy resource, refer to the policy attachment documentation for Gateway API.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "ancestorRef": { - SchemaProps: spec.SchemaProps{ - Description: "AncestorRef corresponds with a ParentRef in the spec that this PolicyAncestorStatus struct describes the status of.", - Default: map[string]interface{}{}, - Ref: ref("sigs.k8s.io/gateway-api/apis/v1.ParentReference"), - }, - }, - "controllerName": { + "group": { SchemaProps: spec.SchemaProps{ - Description: "ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass.\n\nExample: \"example.net/gateway-controller\".\n\nThe format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).\n\nControllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary.", + Description: "Group is the group of the target resource.", Default: "", Type: []string{"string"}, Format: "", }, }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, + "kind": { SchemaProps: spec.SchemaProps{ - Description: "Conditions describes the status of the Policy with respect to the given Ancestor.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), - }, - }, - }, + Description: "Kind is kind of the target resource.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - }, - Required: []string{"ancestorRef", "controllerName"}, - }, - }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "sigs.k8s.io/gateway-api/apis/v1.ParentReference"}, - } -} - -func schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "PolicyStatus defines the common attributes that all Policies should include within their status.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "ancestors": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "Ancestors is a list of ancestor resources (usually Gateways) that are associated with the policy, and the status of the policy with respect to each ancestor. When this policy attaches to a parent, the controller that manages the parent and the ancestors MUST add an entry to this list when the controller first sees the policy and SHOULD update the entry as appropriate when the relevant ancestor is modified.\n\nNote that choosing the relevant ancestor is left to the Policy designers; an important part of Policy design is designing the right object level at which to namespace this status.\n\nNote also that implementations MUST ONLY populate ancestor status for the Ancestor resources they are responsible for. Implementations MUST use the ControllerName field to uniquely identify the entries in this list that they are responsible for.\n\nNote that to achieve this, the list of PolicyAncestorStatus structs MUST be treated as a map with a composite key, made up of the AncestorRef and ControllerName fields combined.\n\nA maximum of 16 ancestors will be represented in this list. An empty list means the Policy is not relevant for any ancestors.\n\nIf this slice is full, implementations MUST NOT add further entries. Instead they MUST consider the policy unimplementable and signal that on any related resources such as the ancestor that would be referenced here. For example, if this list was full on BackendTLSPolicy, no additional Gateways would be able to reference the Service targeted by the BackendTLSPolicy.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyAncestorStatus"), - }, - }, - }, + Description: "Name is the name of the target resource.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"ancestors"}, + Required: []string{"group", "kind", "name"}, }, }, - Dependencies: []string{ - "sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyAncestorStatus"}, } } -func schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyTargetReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_sigsk8sio_gateway_api_apis_v1alpha2_LocalPolicyTargetReferenceWithSectionName(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PolicyTargetReference identifies an API object to apply a direct or inherited policy to. This should be used as part of Policy resources that can target Gateway API resources. For more information on how this policy attachment model works, and a sample Policy resource, refer to the policy attachment documentation for Gateway API.", + Description: "LocalPolicyTargetReferenceWithSectionName identifies an API object to apply a direct policy to. This should be used as part of Policy resources that can target single resources. For more information on how this policy attachment mode works, and a sample Policy resource, refer to the policy attachment documentation for Gateway API.\n\nNote: This should only be used for direct policy attachment when references to SectionName are actually needed. In all other cases, LocalPolicyTargetReference should be used.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "group": { @@ -5623,9 +5579,9 @@ func schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyTargetReference(ref common Format: "", }, }, - "namespace": { + "sectionName": { SchemaProps: spec.SchemaProps{ - Description: "Namespace is the namespace of the referent. When unspecified, the local namespace is inferred. Even when policy targets a resource in a different namespace, it MUST only apply to traffic originating from the same namespace as the policy.", + Description: "SectionName is the name of a section within the target resource. When unspecified, this targetRef targets the entire resource. In the following resources, SectionName is interpreted as the following:\n\n* Gateway: Listener name * HTTPRoute: HTTPRouteRule name * Service: Port name\n\nIf a SectionName is specified, but does not exist on the targeted object, the Policy must fail to attach, and the policy implementation should record a `ResolvedRefs` or similar Condition in the Policy's status.", Type: []string{"string"}, Format: "", }, @@ -5637,11 +5593,11 @@ func schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyTargetReference(ref common } } -func schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyTargetReferenceWithSectionName(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_sigsk8sio_gateway_api_apis_v1alpha2_NamespacedPolicyTargetReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PolicyTargetReferenceWithSectionName identifies an API object to apply a direct policy to. This should be used as part of Policy resources that can target single resources. For more information on how this policy attachment mode works, and a sample Policy resource, refer to the policy attachment documentation for Gateway API.\n\nNote: This should only be used for direct policy attachment when references to SectionName are actually needed. In all other cases, PolicyTargetReference should be used.", + Description: "NamespacedPolicyTargetReference identifies an API object to apply a direct or inherited policy to, potentially in a different namespace. This should only be used as part of Policy resources that need to be able to target resources in different namespaces. For more information on how this policy attachment model works, and a sample Policy resource, refer to the policy attachment documentation for Gateway API.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "group": { @@ -5675,17 +5631,93 @@ func schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyTargetReferenceWithSection Format: "", }, }, - "sectionName": { + }, + Required: []string{"group", "kind", "name"}, + }, + }, + } +} + +func schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyAncestorStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PolicyAncestorStatus describes the status of a route with respect to an associated Ancestor.\n\nAncestors refer to objects that are either the Target of a policy or above it in terms of object hierarchy. For example, if a policy targets a Service, the Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most useful object to place Policy status on, so we recommend that implementations SHOULD use Gateway as the PolicyAncestorStatus object unless the designers have a _very_ good reason otherwise.\n\nIn the context of policy attachment, the Ancestor is used to distinguish which resource results in a distinct application of this policy. For example, if a policy targets a Service, it may have a distinct result per attached Gateway.\n\nPolicies targeting the same resource may have different effects depending on the ancestors of those resources. For example, different Gateways targeting the same Service may have different capabilities, especially if they have different underlying implementations.\n\nFor example, in BackendTLSPolicy, the Policy attaches to a Service that is used as a backend in a HTTPRoute that is itself attached to a Gateway. In this case, the relevant object for status is the Gateway, and that is the ancestor object referred to in this status.\n\nNote that a parent is also an ancestor, so for objects where the parent is the relevant object for status, this struct SHOULD still be used.\n\nThis struct is intended to be used in a slice that's effectively a map, with a composite key made up of the AncestorRef and the ControllerName.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "ancestorRef": { SchemaProps: spec.SchemaProps{ - Description: "SectionName is the name of a section within the target resource. When unspecified, this targetRef targets the entire resource. In the following resources, SectionName is interpreted as the following:\n\n* Gateway: Listener name * HTTPRoute: HTTPRouteRule name * Service: Port name\n\nIf a SectionName is specified, but does not exist on the targeted object, the Policy must fail to attach, and the policy implementation should record a `ResolvedRefs` or similar Condition in the Policy's status.", + Description: "AncestorRef corresponds with a ParentRef in the spec that this PolicyAncestorStatus struct describes the status of.", + Default: map[string]interface{}{}, + Ref: ref("sigs.k8s.io/gateway-api/apis/v1.ParentReference"), + }, + }, + "controllerName": { + SchemaProps: spec.SchemaProps{ + Description: "ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass.\n\nExample: \"example.net/gateway-controller\".\n\nThe format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).\n\nControllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary.", + Default: "", Type: []string{"string"}, Format: "", }, }, + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Conditions describes the status of the Policy with respect to the given Ancestor.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + }, + }, + }, + }, + }, }, - Required: []string{"group", "kind", "name"}, + Required: []string{"ancestorRef", "controllerName"}, }, }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "sigs.k8s.io/gateway-api/apis/v1.ParentReference"}, + } +} + +func schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PolicyStatus defines the common attributes that all Policies should include within their status.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "ancestors": { + SchemaProps: spec.SchemaProps{ + Description: "Ancestors is a list of ancestor resources (usually Gateways) that are associated with the policy, and the status of the policy with respect to each ancestor. When this policy attaches to a parent, the controller that manages the parent and the ancestors MUST add an entry to this list when the controller first sees the policy and SHOULD update the entry as appropriate when the relevant ancestor is modified.\n\nNote that choosing the relevant ancestor is left to the Policy designers; an important part of Policy design is designing the right object level at which to namespace this status.\n\nNote also that implementations MUST ONLY populate ancestor status for the Ancestor resources they are responsible for. Implementations MUST use the ControllerName field to uniquely identify the entries in this list that they are responsible for.\n\nNote that to achieve this, the list of PolicyAncestorStatus structs MUST be treated as a map with a composite key, made up of the AncestorRef and ControllerName fields combined.\n\nA maximum of 16 ancestors will be represented in this list. An empty list means the Policy is not relevant for any ancestors.\n\nIf this slice is full, implementations MUST NOT add further entries. Instead they MUST consider the policy unimplementable and signal that on any related resources such as the ancestor that would be referenced here. For example, if this list was full on BackendTLSPolicy, no additional Gateways would be able to reference the Service targeted by the BackendTLSPolicy.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyAncestorStatus"), + }, + }, + }, + }, + }, + }, + Required: []string{"ancestors"}, + }, + }, + Dependencies: []string{ + "sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyAncestorStatus"}, } } diff --git a/pkg/test/cel/backendtlspolicy_test.go b/pkg/test/cel/backendtlspolicy_test.go index f56447298d..f2d4a6e73e 100644 --- a/pkg/test/cel/backendtlspolicy_test.go +++ b/pkg/test/cel/backendtlspolicy_test.go @@ -111,12 +111,11 @@ func TestBackendTLSPolicyConfig(t *testing.T) { Namespace: metav1.NamespaceDefault, }, Spec: gatewayv1a2.BackendTLSPolicySpec{ - TargetRef: gatewayv1a2.PolicyTargetReferenceWithSectionName{ - PolicyTargetReference: gatewayv1a2.PolicyTargetReference{ - Group: "group", - Kind: "kind", - Name: "name", - Namespace: ptrTo(gatewayv1a2.Namespace("ns")), + TargetRef: gatewayv1a2.LocalPolicyTargetReferenceWithSectionName{ + LocalPolicyTargetReference: gatewayv1a2.LocalPolicyTargetReference{ + Group: "group", + Kind: "kind", + Name: "name", }, }, TLS: tc.routeConfig,