diff --git a/.github/workflows/kal.yml b/.github/workflows/kal.yml index d657969f5d..618256e886 100644 --- a/.github/workflows/kal.yml +++ b/.github/workflows/kal.yml @@ -15,6 +15,9 @@ jobs: fail-fast: false steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v4.2.2 + name: Checkout code + with: + persist-credentials: false - name: Set up Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # tag=v5.5.0 - name: Install Golang CI Lint diff --git a/.golangci-kal.yml b/.golangci-kal.yml index aad23ab40d..d2b764e868 100644 --- a/.golangci-kal.yml +++ b/.golangci-kal.yml @@ -16,6 +16,7 @@ linters: - "nofloats" # Ensure floats are not used. - "nomaps" # Ensure maps are not used. - "nophase" # Phase fields are discouraged by the Kube API conventions, use conditions instead. + - "optionalorrequired" # Every field should be marked as `+optional` or `+required`. - "statussubresource" # All root objects that have a `status` field should have a status subresource. - "uniquemarkers" # Ensure that types and fields do not contain more than a single definition of a marker that should only be present once. disable: diff --git a/apis/v1/gateway_types.go b/apis/v1/gateway_types.go index f54e5d10ce..ea8667af61 100644 --- a/apis/v1/gateway_types.go +++ b/apis/v1/gateway_types.go @@ -33,15 +33,18 @@ import ( // Gateway represents an instance of a service-traffic handling infrastructure // by binding Listeners to a set of IP addresses. type Gateway struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline"` + // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of Gateway. + // +required Spec GatewaySpec `json:"spec"` // Status defines the current state of Gateway. // // +kubebuilder:default={conditions: {{type: "Accepted", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"},{type: "Programmed", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"}}} + // +optional Status GatewayStatus `json:"status,omitempty"` } @@ -63,6 +66,7 @@ type GatewayList struct { type GatewaySpec struct { // GatewayClassName used for this Gateway. This is the name of a // GatewayClass resource. + // +required GatewayClassName ObjectName `json:"gatewayClassName"` // Listeners associated with this Gateway. Listeners define @@ -236,6 +240,7 @@ type GatewaySpec struct { // +kubebuilder:validation:XValidation:message="hostname must not be specified for protocols ['TCP', 'UDP']",rule="self.all(l, l.protocol in ['TCP', 'UDP'] ? (!has(l.hostname) || l.hostname == '') : true)" // +kubebuilder:validation:XValidation:message="Listener name must be unique within the Gateway",rule="self.all(l1, self.exists_one(l2, l1.name == l2.name))" // +kubebuilder:validation:XValidation:message="Combination of port, protocol and hostname must be unique for each listener",rule="self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))" + // +required Listeners []Listener `json:"listeners"` // Addresses requested for this Gateway. This is optional and behavior can @@ -333,6 +338,7 @@ type Listener struct { // Gateway. // // Support: Core + // +required Name SectionName `json:"name"` // Hostname specifies the virtual hostname to match for protocol types that @@ -390,11 +396,13 @@ type Listener struct { // same port, subject to the Listener compatibility rules. // // Support: Core + // +required Port PortNumber `json:"port"` // Protocol specifies the network protocol this listener expects to receive. // // Support: Core + // +required Protocol ProtocolType `json:"protocol"` // TLS is the TLS configuration for the Listener. This field is required if @@ -637,6 +645,7 @@ type FrontendTLSValidation struct { // // +kubebuilder:validation:MaxItems=8 // +kubebuilder:validation:MinItems=1 + // +required CACertificateRefs []ObjectReference `json:"caCertificateRefs,omitempty"` } @@ -721,6 +730,7 @@ type RouteGroupKind struct { Group *Group `json:"group,omitempty"` // Kind is the kind of the Route. + // +required Kind Kind `json:"kind"` } @@ -764,6 +774,7 @@ type GatewayStatusAddress struct { // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 + // +required Value string `json:"value"` } @@ -873,15 +884,18 @@ type GatewayInfrastructure struct { // configuration resource within the namespace. type LocalParametersReference struct { // Group is the group of the referent. + // +required Group Group `json:"group"` // Kind is kind of the referent. + // +required Kind Kind `json:"kind"` // Name is the name of the referent. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 + // +required Name string `json:"name"` } @@ -1096,6 +1110,7 @@ const ( // ListenerStatus is the status associated with a Listener. type ListenerStatus struct { // Name is the name of the Listener that this status corresponds to. + // +required Name SectionName `json:"name"` // SupportedKinds is the list indicating the Kinds supported by this @@ -1109,6 +1124,7 @@ type ListenerStatus struct { // reference the valid Route kinds that have been specified. // // +kubebuilder:validation:MaxItems=8 + // +required SupportedKinds []RouteGroupKind `json:"supportedKinds"` // AttachedRoutes represents the total number of Routes that have been @@ -1128,6 +1144,7 @@ type ListenerStatus struct { // // Uses for this field include troubleshooting Route attachment and // measuring blast radius/impact of changes to a Listener. + // +required AttachedRoutes int32 `json:"attachedRoutes"` // Conditions describe the current condition of this listener. @@ -1135,6 +1152,7 @@ type ListenerStatus struct { // +listType=map // +listMapKey=type // +kubebuilder:validation:MaxItems=8 + // +required Conditions []metav1.Condition `json:"conditions"` } diff --git a/apis/v1/gatewayclass_types.go b/apis/v1/gatewayclass_types.go index 6699e7a18f..655195ce6d 100644 --- a/apis/v1/gatewayclass_types.go +++ b/apis/v1/gatewayclass_types.go @@ -49,10 +49,12 @@ import ( // // GatewayClass is a Cluster level resource. type GatewayClass struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline"` + // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of GatewayClass. + // +required Spec GatewayClassSpec `json:"spec"` // Status defines the current state of GatewayClass. @@ -61,6 +63,7 @@ type GatewayClass struct { // specify their controller name. // // +kubebuilder:default={conditions: {{type: "Accepted", status: "Unknown", message: "Waiting for controller", reason: "Pending", lastTransitionTime: "1970-01-01T00:00:00Z"}}} + // +optional Status GatewayClassStatus `json:"status,omitempty"` } @@ -83,6 +86,7 @@ type GatewayClassSpec struct { // Support: Core // // +kubebuilder:validation:XValidation:message="Value is immutable",rule="self == oldSelf" + // +required ControllerName GatewayController `json:"controllerName"` // ParametersRef is a reference to a resource that contains the configuration @@ -118,15 +122,18 @@ type GatewayClassSpec struct { // configuration resource within the cluster. type ParametersReference struct { // Group is the group of the referent. + // +required Group Group `json:"group"` // Kind is kind of the referent. + // +required Kind Kind `json:"kind"` // Name is the name of the referent. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 + // +required Name string `json:"name"` // Namespace is the namespace of the referent. @@ -287,5 +294,6 @@ type GatewayClassList struct { type FeatureName string type SupportedFeature struct { + // +required Name FeatureName `json:"name"` } diff --git a/apis/v1/gatewayclass_types_overrides.go b/apis/v1/gatewayclass_types_overrides.go index f635084782..8d768fdea0 100644 --- a/apis/v1/gatewayclass_types_overrides.go +++ b/apis/v1/gatewayclass_types_overrides.go @@ -51,6 +51,7 @@ func (s *SupportedFeature) UnmarshalJSON(data []byte) error { // This is solely for the purpose of ensuring backward compatibility and // SHOULD NOT be used elsewhere. type supportedFeatureInternal struct { + // +required Name FeatureName `json:"name"` } diff --git a/apis/v1/grpcroute_types.go b/apis/v1/grpcroute_types.go index 5e77a897c1..c6480c3857 100644 --- a/apis/v1/grpcroute_types.go +++ b/apis/v1/grpcroute_types.go @@ -56,7 +56,8 @@ import ( // Implementations MAY also accept HTTP/2 connections with an upgrade from // HTTP/1, i.e. without prior knowledge. type GRPCRoute struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline"` + // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of GRPCRoute. @@ -64,6 +65,7 @@ type GRPCRoute struct { Spec GRPCRouteSpec `json:"spec,omitempty"` // Status defines the current state of GRPCRoute. + // +optional Status GRPCRouteStatus `json:"status,omitempty"` } @@ -405,12 +407,14 @@ type GRPCHeaderMatch struct { // entries with an equivalent header name MUST be ignored. Due to the // case-insensitivity of header names, "foo" and "Foo" are considered // equivalent. + // +required Name GRPCHeaderName `json:"name"` // Value is the value of the gRPC Header to be matched. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=4096 + // +required Value string `json:"value"` } @@ -521,6 +525,7 @@ type GRPCRouteFilter struct { // +unionDiscriminator // +kubebuilder:validation:Enum=ResponseHeaderModifier;RequestHeaderModifier;RequestMirror;ExtensionRef // + // +required Type GRPCRouteFilterType `json:"type"` // RequestHeaderModifier defines a schema for a filter that modifies request diff --git a/apis/v1/httproute_types.go b/apis/v1/httproute_types.go index 157932e971..96e245c386 100644 --- a/apis/v1/httproute_types.go +++ b/apis/v1/httproute_types.go @@ -33,13 +33,16 @@ import ( // used to specify additional processing steps. Backends specify where matching // requests should be routed. type HTTPRoute struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline"` + // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of HTTPRoute. + // +required Spec HTTPRouteSpec `json:"spec"` // Status defines the current state of HTTPRoute. + // +optional Status HTTPRouteStatus `json:"status,omitempty"` } @@ -608,12 +611,14 @@ type HTTPHeaderMatch struct { // Generally, proxies should follow the guidance from the RFC: // https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding // processing a repeated header, with special handling for "Set-Cookie". + // +required Name HTTPHeaderName `json:"name"` // Value is the value of HTTP Header to be matched. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=4096 + // +required Value string `json:"value"` } @@ -675,12 +680,14 @@ type HTTPQueryParamMatch struct { // // Users SHOULD NOT route traffic based on repeated query params to guard // themselves against potential differences in the implementations. + // +required Name HTTPHeaderName `json:"name"` // Value is the value of HTTP query param to be matched. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 + // +required Value string `json:"value"` } @@ -830,6 +837,7 @@ type HTTPRouteFilter struct { // +unionDiscriminator // +kubebuilder:validation:Enum=RequestHeaderModifier;ResponseHeaderModifier;RequestMirror;RequestRedirect;URLRewrite;ExtensionRef // + // +required Type HTTPRouteFilterType `json:"type"` // RequestHeaderModifier defines a schema for a filter that modifies request @@ -977,12 +985,14 @@ type HTTPHeader struct { // with an equivalent header name MUST be ignored. Due to the // case-insensitivity of header names, "foo" and "Foo" are considered // equivalent. + // +required Name HTTPHeaderName `json:"name"` // Value is the value of HTTP Header to be matched. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=4096 + // +required Value string `json:"value"` } @@ -1101,6 +1111,7 @@ type HTTPPathModifier struct { // Reason of `UnsupportedValue`. // // +kubebuilder:validation:Enum=ReplaceFullPath;ReplacePrefixMatch + // +required Type HTTPPathModifierType `json:"type"` // ReplaceFullPath specifies the value with which to replace the full path @@ -1274,6 +1285,7 @@ type HTTPRequestMirrorFilter struct { // Support: Extended for Kubernetes Service // // Support: Implementation-specific for any other resource + // +required BackendRef BackendObjectReference `json:"backendRef"` // Percent represents the percentage of requests that should be @@ -1356,6 +1368,7 @@ type HTTPCORSFilter struct { // Support: Extended // +listType=set // +kubebuilder:validation:MaxItems=64 + // +optional AllowOrigins []AbsoluteURI `json:"allowOrigins,omitempty"` // AllowCredentials indicates whether the actual cross-origin request allows @@ -1417,6 +1430,7 @@ type HTTPCORSFilter struct { // +listType=set // +kubebuilder:validation:MaxItems=9 // +kubebuilder:validation:XValidation:message="AllowMethods cannot contain '*' alongside other methods",rule="!('*' in self && self.size() > 1)" + // +optional AllowMethods []HTTPMethodWithWildcard `json:"allowMethods,omitempty"` // AllowHeaders indicates which HTTP request headers are supported for @@ -1458,6 +1472,7 @@ type HTTPCORSFilter struct { // // +listType=set // +kubebuilder:validation:MaxItems=64 + // +optional AllowHeaders []HTTPHeaderName `json:"allowHeaders,omitempty"` // ExposeHeaders indicates which HTTP response headers can be exposed diff --git a/apis/v1/object_reference_types.go b/apis/v1/object_reference_types.go index dd507b2136..54e34fa2ed 100644 --- a/apis/v1/object_reference_types.go +++ b/apis/v1/object_reference_types.go @@ -27,12 +27,15 @@ package v1 type LocalObjectReference struct { // Group is the group of the referent. For example, "gateway.networking.k8s.io". // When unspecified or empty string, core API group is inferred. + // +required Group Group `json:"group"` // Kind is kind of the referent. For example "HTTPRoute" or "Service". + // +required Kind Kind `json:"kind"` // Name is the name of the referent. + // +required Name ObjectName `json:"name"` } @@ -60,6 +63,7 @@ type SecretObjectReference struct { Kind *Kind `json:"kind"` // Name is the name of the referent. + // +required Name ObjectName `json:"name"` // Namespace is the namespace of the referenced object. When unspecified, the local @@ -121,6 +125,7 @@ type BackendObjectReference struct { Kind *Kind `json:"kind,omitempty"` // Name is the name of the referent. + // +required Name ObjectName `json:"name"` // Namespace is the namespace of the backend. When unspecified, the local @@ -157,12 +162,15 @@ type BackendObjectReference struct { type ObjectReference struct { // Group is the group of the referent. For example, "gateway.networking.k8s.io". // When set to the empty string, core API group is inferred. + // +required Group Group `json:"group"` // Kind is kind of the referent. For example "ConfigMap" or "Service". + // +required Kind Kind `json:"kind"` // Name is the name of the referent. + // +required Name ObjectName `json:"name"` // Namespace is the namespace of the referenced object. When unspecified, the local diff --git a/apis/v1/shared_types.go b/apis/v1/shared_types.go index 226c776372..e874c2f905 100644 --- a/apis/v1/shared_types.go +++ b/apis/v1/shared_types.go @@ -86,6 +86,7 @@ type ParentReference struct { // Name is the name of the referent. // // Support: Core + // +required Name ObjectName `json:"name"` // SectionName is the name of a section within the target resource. In the @@ -436,6 +437,7 @@ const ( type RouteParentStatus struct { // ParentRef corresponds with a ParentRef in the spec that this // RouteParentStatus struct describes the status of. + // +required ParentRef ParentReference `json:"parentRef"` // ControllerName is a domain/path string that indicates the name of the @@ -451,6 +453,7 @@ type RouteParentStatus struct { // Controllers MUST populate this field when writing status. Controllers should ensure that // entries to status populated with their ControllerName are cleaned up when they are no // longer necessary. + // +required ControllerName GatewayController `json:"controllerName"` // Conditions describes the status of the route with respect to the Gateway. @@ -477,6 +480,7 @@ type RouteParentStatus struct { // +listMapKey=type // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=8 + // +required Conditions []metav1.Condition `json:"conditions,omitempty"` } @@ -499,6 +503,7 @@ type RouteStatus struct { // means the route has not been attached to any Gateway. // // +kubebuilder:validation:MaxItems=32 + // +required Parents []RouteParentStatus `json:"parents"` } @@ -913,6 +918,7 @@ const ( // +kubebuilder:validation:XValidation:message="numerator must be less than or equal to denominator",rule="self.numerator <= self.denominator" type Fraction struct { // +kubebuilder:validation:Minimum=0 + // +required Numerator int32 `json:"numerator"` // +optional diff --git a/apis/v1alpha2/policy_types.go b/apis/v1alpha2/policy_types.go index bc2ef766a9..b38ff00327 100644 --- a/apis/v1alpha2/policy_types.go +++ b/apis/v1alpha2/policy_types.go @@ -38,12 +38,15 @@ const ( // the policy attachment documentation for Gateway API. type LocalPolicyTargetReference struct { // Group is the group of the target resource. + // +required Group Group `json:"group"` // Kind is kind of the target resource. + // +required Kind Kind `json:"kind"` // Name is the name of the target resource. + // +required Name ObjectName `json:"name"` } @@ -55,12 +58,15 @@ type LocalPolicyTargetReference struct { // documentation for Gateway API. type NamespacedPolicyTargetReference struct { // Group is the group of the target resource. + // +required Group Group `json:"group"` // Kind is kind of the target resource. + // +required Kind Kind `json:"kind"` // Name is the name of the target resource. + // +required Name ObjectName `json:"name"` // Namespace is the namespace of the referent. When unspecified, the local @@ -174,6 +180,7 @@ const ( type PolicyAncestorStatus struct { // AncestorRef corresponds with a ParentRef in the spec that this // PolicyAncestorStatus struct describes the status of. + // +required AncestorRef ParentReference `json:"ancestorRef"` // ControllerName is a domain/path string that indicates the name of the @@ -189,10 +196,12 @@ type PolicyAncestorStatus struct { // Controllers MUST populate this field when writing status. Controllers should ensure that // entries to status populated with their ControllerName are cleaned up when they are no // longer necessary. + // +required ControllerName GatewayController `json:"controllerName"` // Conditions describes the status of the Policy with respect to the given Ancestor. // + // +required // +listType=map // +listMapKey=type // +kubebuilder:validation:MinItems=1 @@ -234,5 +243,6 @@ type PolicyStatus struct { // the BackendTLSPolicy. // // +kubebuilder:validation:MaxItems=16 + // +required Ancestors []PolicyAncestorStatus `json:"ancestors"` } diff --git a/apis/v1alpha2/tcproute_types.go b/apis/v1alpha2/tcproute_types.go index e383af495d..99446bedcb 100644 --- a/apis/v1alpha2/tcproute_types.go +++ b/apis/v1alpha2/tcproute_types.go @@ -31,13 +31,16 @@ import ( // listener, it can be used to forward connections on the port specified by the // listener to a set of backends specified by the TCPRoute. type TCPRoute struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline"` + // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of TCPRoute. + // +required Spec TCPRouteSpec `json:"spec"` // Status defines the current state of TCPRoute. + // +optional Status TCPRouteStatus `json:"status,omitempty"` } @@ -47,6 +50,7 @@ type TCPRouteSpec struct { // Rules are a list of TCP matchers and actions. // + // +required // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 // @@ -81,6 +85,7 @@ type TCPRouteRule struct { // // Support for weight: Extended // + // +required // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 BackendRefs []BackendRef `json:"backendRefs,omitempty"` diff --git a/apis/v1alpha2/tlsroute_types.go b/apis/v1alpha2/tlsroute_types.go index f1b3814cf7..5cd56ca201 100644 --- a/apis/v1alpha2/tlsroute_types.go +++ b/apis/v1alpha2/tlsroute_types.go @@ -33,13 +33,16 @@ import ( // If you need to forward traffic to a single target for a TLS listener, you // could choose to use a TCPRoute with a TLS listener. type TLSRoute struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline"` + // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of TLSRoute. + // +required Spec TLSRouteSpec `json:"spec"` // Status defines the current state of TLSRoute. + // +optional Status TLSRouteStatus `json:"status,omitempty"` } @@ -87,6 +90,7 @@ type TLSRouteSpec struct { // Rules are a list of TLS matchers and actions. // + // +required // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 // @@ -124,6 +128,7 @@ type TLSRouteRule struct { // // Support for weight: Extended // + // +required // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 BackendRefs []BackendRef `json:"backendRefs,omitempty"` diff --git a/apis/v1alpha2/udproute_types.go b/apis/v1alpha2/udproute_types.go index c7e92b92b4..82afedc6bb 100644 --- a/apis/v1alpha2/udproute_types.go +++ b/apis/v1alpha2/udproute_types.go @@ -31,13 +31,16 @@ import ( // listener, it can be used to forward traffic on the port specified by the // listener to a set of backends specified by the UDPRoute. type UDPRoute struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline"` + // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of UDPRoute. + // +required Spec UDPRouteSpec `json:"spec"` // Status defines the current state of UDPRoute. + // +optional Status UDPRouteStatus `json:"status,omitempty"` } @@ -47,6 +50,7 @@ type UDPRouteSpec struct { // Rules are a list of UDP matchers and actions. // + // +required // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 // @@ -81,6 +85,7 @@ type UDPRouteRule struct { // // Support for weight: Extended // + // +required // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 BackendRefs []BackendRef `json:"backendRefs,omitempty"` diff --git a/apis/v1alpha3/backendtlspolicy_types.go b/apis/v1alpha3/backendtlspolicy_types.go index 75655f5d63..93c47d72bb 100644 --- a/apis/v1alpha3/backendtlspolicy_types.go +++ b/apis/v1alpha3/backendtlspolicy_types.go @@ -36,13 +36,16 @@ import ( // BackendTLSPolicy provides a way to configure how a Gateway // connects to a Backend via TLS. type BackendTLSPolicy struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline"` + // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of BackendTLSPolicy. + // +required Spec BackendTLSPolicySpec `json:"spec"` // Status defines the current state of BackendTLSPolicy. + // +optional Status v1alpha2.PolicyStatus `json:"status,omitempty"` } @@ -79,11 +82,13 @@ type BackendTLSPolicySpec struct { // // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 + // +required // +kubebuilder:validation:XValidation:message="sectionName must be specified when targetRefs includes 2 or more references to the same target",rule="self.all(p1, self.all(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name ? ((!has(p1.sectionName) || p1.sectionName == '') == (!has(p2.sectionName) || p2.sectionName == '')) : true))" // +kubebuilder:validation:XValidation:message="sectionName must be unique when targetRefs includes 2 or more references to the same target",rule="self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || (has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName))))" TargetRefs []v1alpha2.LocalPolicyTargetReferenceWithSectionName `json:"targetRefs"` // Validation contains backend TLS validation configuration. + // +required Validation BackendTLSPolicyValidation `json:"validation"` // Options are a list of key/value pairs to enable extended TLS @@ -154,6 +159,8 @@ type BackendTLSPolicyValidation struct { // 2. Hostname MUST be used for authentication and MUST match the certificate served by the matching backend, unless SubjectAltNames is specified. // // Support: Core + // + // +required Hostname v1.PreciseHostname `json:"hostname"` // SubjectAltNames contains one or more Subject Alternative Names. @@ -176,6 +183,8 @@ type SubjectAltName struct { // Type determines the format of the Subject Alternative Name. Always required. // // Support: Core + // + // +required Type SubjectAltNameType `json:"type"` // Hostname contains Subject Alternative Name specified in DNS name format. diff --git a/apis/v1alpha3/tlsroute_types.go b/apis/v1alpha3/tlsroute_types.go index 82345f9080..5d2f9c5879 100644 --- a/apis/v1alpha3/tlsroute_types.go +++ b/apis/v1alpha3/tlsroute_types.go @@ -36,13 +36,16 @@ import ( // If you need to forward traffic to a single target for a TLS listener, you // could choose to use a TCPRoute with a TLS listener. type TLSRoute struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline"` + // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of TLSRoute. + // +required Spec TLSRouteSpec `json:"spec"` // Status defines the current state of TLSRoute. + // +optional Status v1alpha2.TLSRouteStatus `json:"status,omitempty"` } @@ -91,6 +94,7 @@ type TLSRouteSpec struct { // Rules are a list of TLS matchers and actions. // + // +required // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 // diff --git a/apis/v1beta1/referencegrant_types.go b/apis/v1beta1/referencegrant_types.go index 0b0caf7088..6321515238 100644 --- a/apis/v1beta1/referencegrant_types.go +++ b/apis/v1beta1/referencegrant_types.go @@ -41,10 +41,12 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // no grant, and MUST respond to the removal of a grant by revoking the access // that the grant allowed. type ReferenceGrant struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline"` + // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of ReferenceGrant. + // +optional Spec ReferenceGrantSpec `json:"spec,omitempty"` // Note that `Status` sub-resource has been excluded at the @@ -72,6 +74,7 @@ type ReferenceGrantSpec struct { // // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 + // +required From []ReferenceGrantFrom `json:"from"` // To describes the resources that may be referenced by the resources @@ -83,6 +86,7 @@ type ReferenceGrantSpec struct { // // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 + // +required To []ReferenceGrantTo `json:"to"` } @@ -92,6 +96,8 @@ type ReferenceGrantFrom struct { // When empty, the Kubernetes core API group is inferred. // // Support: Core + // + // +required Group Group `json:"group"` // Kind is the kind of the referent. Although implementations may support @@ -109,11 +115,14 @@ type ReferenceGrantFrom struct { // * TCPRoute // * TLSRoute // * UDPRoute + // +required Kind Kind `json:"kind"` // Namespace is the namespace of the referent. // // Support: Core + // + // +required Namespace Namespace `json:"namespace"` } @@ -124,6 +133,8 @@ type ReferenceGrantTo struct { // When empty, the Kubernetes core API group is inferred. // // Support: Core + // + // +required Group Group `json:"group"` // Kind is the kind of the referent. Although implementations may support @@ -132,6 +143,8 @@ type ReferenceGrantTo struct { // // * Secret when used to permit a SecretObjectReference // * Service when used to permit a BackendObjectReference + // + // +required Kind Kind `json:"kind"` // Name is the name of the referent. When unspecified, this policy diff --git a/apisx/v1alpha1/shared_types.go b/apisx/v1alpha1/shared_types.go index f811ace877..441d4758c1 100644 --- a/apisx/v1alpha1/shared_types.go +++ b/apisx/v1alpha1/shared_types.go @@ -70,6 +70,7 @@ type ParentGatewayReference struct { Kind *Kind `json:"kind"` // Name is the name of the referent. + // +required Name ObjectName `json:"name"` // Namespace is the namespace of the referent. If not present, @@ -87,6 +88,7 @@ type RequestRate struct { // Support: Extended // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=1000000 + // +optional Count *int `json:"count,omitempty"` // Interval specifies the divisor of the rate of requests, the amount of @@ -94,5 +96,6 @@ type RequestRate struct { // // Support: Extended // +kubebuilder:validation:XValidation:message="interval can not be greater than one hour",rule="!(duration(self) == duration('0s') || duration(self) > duration('1h'))" + // +optional Interval *Duration `json:"interval,omitempty"` } diff --git a/apisx/v1alpha1/xbackendtrafficpolicy_types.go b/apisx/v1alpha1/xbackendtrafficpolicy_types.go index b2dcba6985..3ac5163693 100644 --- a/apisx/v1alpha1/xbackendtrafficpolicy_types.go +++ b/apisx/v1alpha1/xbackendtrafficpolicy_types.go @@ -37,13 +37,16 @@ type XBackendTrafficPolicy struct { // // +optional - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline"` + // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of BackendTrafficPolicy. + // +required Spec BackendTrafficPolicySpec `json:"spec"` // Status defines the current state of BackendTrafficPolicy. + // +optional Status PolicyStatus `json:"status,omitempty"` } @@ -72,6 +75,7 @@ type BackendTrafficPolicySpec struct { // +listMapKey=name // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 + // +required TargetRefs []LocalPolicyTargetReference `json:"targetRefs"` // RetryConstraint defines the configuration for when to allow or prevent diff --git a/apisx/v1alpha1/xlistenerset_types.go b/apisx/v1alpha1/xlistenerset_types.go index 92cca1b735..5eb6942b1b 100644 --- a/apisx/v1alpha1/xlistenerset_types.go +++ b/apisx/v1alpha1/xlistenerset_types.go @@ -57,21 +57,25 @@ import ( // - False: when AllowedListeners is set but no valid listeners are attached, or when AllowedListeners is not set or false // - Unknown: when no AllowedListeners config is present type XListenerSet struct { - metav1.TypeMeta `json:",inline"` + metav1.TypeMeta `json:",inline"` + // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of ListenerSet. + // +required Spec ListenerSetSpec `json:"spec"` // Status defines the current state of ListenerSet. // // +kubebuilder:default={conditions: {{type: "Accepted", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"},{type: "Programmed", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"}}} + // +optional Status ListenerSetStatus `json:"status,omitempty"` } // ListenerSetSpec defines the desired state of a ListenerSet. type ListenerSetSpec struct { // ParentRef references the Gateway that the listeners are attached to. + // +required ParentRef ParentGatewayReference `json:"parentRef"` // Listeners associated with this ListenerSet. Listeners define @@ -110,6 +114,7 @@ type ListenerSetSpec struct { // +kubebuilder:validation:XValidation:message="hostname must not be specified for protocols ['TCP', 'UDP']",rule="self.all(l, l.protocol in ['TCP', 'UDP'] ? (!has(l.hostname) || l.hostname == '') : true)" // +kubebuilder:validation:XValidation:message="Listener name must be unique within the Gateway",rule="self.all(l1, self.exists_one(l2, l1.name == l2.name))" // +kubebuilder:validation:XValidation:message="Combination of port, protocol and hostname must be unique for each listener",rule="self.all(l1, !has(l1.port) || self.exists_one(l2, has(l2.port) && l1.port == l2.port && l1.protocol == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))" + // +required Listeners []ListenerEntry `json:"listeners"` } @@ -120,6 +125,7 @@ type ListenerEntry struct { // Name is not required to be unique across a Gateway and ListenerSets. // Routes can attach to a Listener by having a ListenerSet as a parentRef // and setting the SectionName + // +required Name SectionName `json:"name"` // Hostname specifies the virtual hostname to match for protocol types that @@ -152,9 +158,11 @@ type ListenerEntry struct { // Port is the network port. Multiple listeners may use the // same port, subject to the Listener compatibility rules. + // +required Port PortNumber `json:"port"` // Protocol specifies the network protocol this listener expects to receive. + // +required Protocol ProtocolType `json:"protocol"` // TLS is the TLS configuration for the Listener. This field is required if @@ -230,9 +238,11 @@ type ListenerSetStatus struct { // ListenerStatus is the status associated with a Listener. type ListenerEntryStatus struct { // Name is the name of the Listener that this status corresponds to. + // +required Name SectionName `json:"name"` // Port is the network port the listener is configured to listen on. + // +required Port PortNumber `json:"port"` // SupportedKinds is the list indicating the Kinds supported by this @@ -246,6 +256,7 @@ type ListenerEntryStatus struct { // reference the valid Route kinds that have been specified. // // +kubebuilder:validation:MaxItems=8 + // +required SupportedKinds []RouteGroupKind `json:"supportedKinds"` // AttachedRoutes represents the total number of Routes that have been @@ -265,6 +276,7 @@ type ListenerEntryStatus struct { // // Uses for this field include troubleshooting Route attachment and // measuring blast radius/impact of changes to a Listener. + // +required AttachedRoutes int32 `json:"attachedRoutes"` // Conditions describe the current condition of this listener. @@ -272,6 +284,7 @@ type ListenerEntryStatus struct { // +listType=map // +listMapKey=type // +kubebuilder:validation:MaxItems=8 + // +required Conditions []metav1.Condition `json:"conditions"` } diff --git a/config/crd/experimental/gateway.networking.k8s.io_backendtlspolicies.yaml b/config/crd/experimental/gateway.networking.k8s.io_backendtlspolicies.yaml index a2a5506c17..f431e98faf 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_backendtlspolicies.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_backendtlspolicies.yaml @@ -623,6 +623,7 @@ spec: type: string required: - ancestorRef + - conditions - controllerName type: object maxItems: 16 diff --git a/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml b/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml index 328999eee9..6ad00cb433 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml @@ -973,6 +973,8 @@ spec: maxItems: 8 minItems: 1 type: array + required: + - caCertificateRefs type: object mode: default: Terminate @@ -2311,6 +2313,8 @@ spec: maxItems: 8 minItems: 1 type: array + required: + - caCertificateRefs type: object mode: default: Terminate diff --git a/config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml index f04363ab31..25575f3150 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml @@ -2196,6 +2196,7 @@ spec: - name type: object required: + - conditions - controllerName - parentRef type: object diff --git a/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml index fe5b7f0330..dc198cf154 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml @@ -3619,6 +3619,7 @@ spec: - name type: object required: + - conditions - controllerName - parentRef type: object @@ -7235,6 +7236,7 @@ spec: - name type: object required: + - conditions - controllerName - parentRef type: object diff --git a/config/crd/experimental/gateway.networking.k8s.io_tcproutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_tcproutes.yaml index 7365304e2a..8d094e012d 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_tcproutes.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_tcproutes.yaml @@ -435,6 +435,8 @@ spec: minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string + required: + - backendRefs type: object maxItems: 16 minItems: 1 @@ -709,6 +711,7 @@ spec: - name type: object required: + - conditions - controllerName - parentRef type: object diff --git a/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml index 8843c2f0d3..597a3178c1 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml @@ -498,6 +498,8 @@ spec: minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string + required: + - backendRefs type: object maxItems: 16 minItems: 1 @@ -772,6 +774,7 @@ spec: - name type: object required: + - conditions - controllerName - parentRef type: object @@ -1268,6 +1271,8 @@ spec: minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string + required: + - backendRefs type: object maxItems: 16 minItems: 1 @@ -1543,6 +1548,7 @@ spec: - name type: object required: + - conditions - controllerName - parentRef type: object diff --git a/config/crd/experimental/gateway.networking.k8s.io_udproutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_udproutes.yaml index 5ef205c1d2..6c5cd46b0b 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_udproutes.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_udproutes.yaml @@ -435,6 +435,8 @@ spec: minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string + required: + - backendRefs type: object maxItems: 16 minItems: 1 @@ -709,6 +711,7 @@ spec: - name type: object required: + - conditions - controllerName - parentRef type: object diff --git a/config/crd/experimental/gateway.networking.x-k8s.io_xbackendtrafficpolicies.yaml b/config/crd/experimental/gateway.networking.x-k8s.io_xbackendtrafficpolicies.yaml index a4674dec56..6c69c96b40 100644 --- a/config/crd/experimental/gateway.networking.x-k8s.io_xbackendtrafficpolicies.yaml +++ b/config/crd/experimental/gateway.networking.x-k8s.io_xbackendtrafficpolicies.yaml @@ -583,6 +583,7 @@ spec: type: string required: - ancestorRef + - conditions - controllerName type: object maxItems: 16 diff --git a/config/crd/experimental/gateway.networking.x-k8s.io_xlistenersets.yaml b/config/crd/experimental/gateway.networking.x-k8s.io_xlistenersets.yaml index 2454521c2e..637a9ed365 100644 --- a/config/crd/experimental/gateway.networking.x-k8s.io_xlistenersets.yaml +++ b/config/crd/experimental/gateway.networking.x-k8s.io_xlistenersets.yaml @@ -487,6 +487,8 @@ spec: maxItems: 8 minItems: 1 type: array + required: + - caCertificateRefs type: object mode: default: Terminate diff --git a/config/crd/standard/gateway.networking.k8s.io_grpcroutes.yaml b/config/crd/standard/gateway.networking.k8s.io_grpcroutes.yaml index 4982ec8453..989e24e844 100644 --- a/config/crd/standard/gateway.networking.k8s.io_grpcroutes.yaml +++ b/config/crd/standard/gateway.networking.k8s.io_grpcroutes.yaml @@ -2039,6 +2039,7 @@ spec: - name type: object required: + - conditions - controllerName - parentRef type: object diff --git a/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml b/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml index 1824bd5e19..12c0639a2f 100644 --- a/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml +++ b/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml @@ -2803,6 +2803,7 @@ spec: - name type: object required: + - conditions - controllerName - parentRef type: object @@ -5603,6 +5604,7 @@ spec: - name type: object required: + - conditions - controllerName - parentRef type: object diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index 92162b5a1b..4c70dd18b1 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -3093,6 +3093,7 @@ func schema_sigsk8sio_gateway_api_apis_v1_FrontendTLSValidation(ref common.Refer }, }, }, + Required: []string{"caCertificateRefs"}, }, }, Dependencies: []string{ @@ -5717,7 +5718,7 @@ func schema_sigsk8sio_gateway_api_apis_v1_RouteParentStatus(ref common.Reference }, }, }, - Required: []string{"parentRef", "controllerName"}, + Required: []string{"parentRef", "controllerName", "conditions"}, }, }, Dependencies: []string{ @@ -6156,7 +6157,7 @@ func schema_sigsk8sio_gateway_api_apis_v1alpha2_PolicyAncestorStatus(ref common. }, }, }, - Required: []string{"ancestorRef", "controllerName"}, + Required: []string{"ancestorRef", "controllerName", "conditions"}, }, }, Dependencies: []string{ @@ -6412,6 +6413,7 @@ func schema_sigsk8sio_gateway_api_apis_v1alpha2_TCPRouteRule(ref common.Referenc }, }, }, + Required: []string{"backendRefs"}, }, }, Dependencies: []string{ @@ -6621,6 +6623,7 @@ func schema_sigsk8sio_gateway_api_apis_v1alpha2_TLSRouteRule(ref common.Referenc }, }, }, + Required: []string{"backendRefs"}, }, }, Dependencies: []string{ @@ -6845,6 +6848,7 @@ func schema_sigsk8sio_gateway_api_apis_v1alpha2_UDPRouteRule(ref common.Referenc }, }, }, + Required: []string{"backendRefs"}, }, }, Dependencies: []string{