Updates based on jpeach feedback

api/v1alpha1/gateway_types.go

@@ -56,9 +56,14 @@ type GatewaySpec struct {
 	// Listeners associated with this Gateway. Listeners define what addresses,
 	// ports, protocols are bound on this Gateway.
 	Listeners []Listener `json:"listeners"`
-	// Routes associated with this Gateway. Routes define
-	// protocol-specific routing to backends (e.g. Services).
-	Routes []core.TypedLocalObjectReference `json:"routes"`
+	// Routes defines routes to associate with the Gateway.
+	//
+	// If unspecified, all routes will be associated to the Gateway.
+	//
+	// Support: Core
+	//
+	// +optional
+	Routes []Route `json:"routes,omitempty"`
 }
 
 const (
@@ -68,6 +73,28 @@ const (
 	HTTPSProcotol = "HTTPS"
 )
 
+// Route defines the schema for a route.
+type Route struct {
+	// RouteRef is a reference to an object to associate with the Gateway.
+	// RouteRef defines protocol-specific routing to back-ends (e.g. Services).
+	//
+	// If unspecified, all routes will be associated to the Gateway.
+	//
+	// Support: Core
+	//
+	// +optional
+	RouteRef core.ObjectReference `json:"routeRef"`
+	// TerminationPolicy defines a policy for terminating TLS connections
+	// of a route.
+	//
+	// If unspecified, TLS termination type "Edge" will be used.
+	//
+	// Support: Core
+	//
+	// +optional
+	TerminationPolicy TLSTerminationPolicy `json:"terminationPolicy,omitempty"`
+}
+
 // Listener defines a
 type Listener struct {
 	// Name can be used to tie this Listener to a ListenerStatus entry with the
@@ -149,14 +176,6 @@ const (
 // - aws: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies
 // - azure: https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-bindings#enforce-tls-1112
 type ListenerTLS struct {
-	// TerminationPolicy defines a policy for terminating TLS connections.
-	//
-	// If unspecified, TLS termination type "Edge" will be used.
-	//
-	// Support: Core
-	//
-	// +optional
-	TerminationPolicy TLSTerminationPolicy `json:"terminationPolicy,omitempty"`
 	// Certificates is a list of certificates containing resources
 	// that are bound to the listener.
 	//
@@ -198,16 +217,8 @@ type TLSTerminationPolicy struct {
 	//
 	// +optional
 	TerminationType TLSTerminationType `json:"terminationType,omitempty"`
-	// Routes is one or more routes to associate with the TLS termination policy.
-	//
-	// If unspecified, all routes associated with the Gateway listener will be used.
-	//
-	// Support: Core
-	//
-	// +optional
-	Routes []core.ObjectReference `json:"routes,omitempty"`
-	// CACertificates is a reference to one or more CA certificate used
-	// for establishing a TLS connection with the final destination when
+	// CACertificates is a reference to one or more CA certificates used
+	// for establishing a TLS connection with the backend object when
 	// using TLS termination type "Reencrypt".
 	//
 	// Here is a ConfigMap example (in yaml):
@@ -227,7 +238,7 @@ type TLSTerminationPolicy struct {
 	// Support: Implementation-specific (For other resource types)
 	//
 	// +optional
-	CACertificates []core.TypedLocalObjectReference `json:"caCertificates,omitempty"`
+	CACertificates []core.ObjectReference `json:"caCertificates,omitempty"`
 }
 
 // TLSTerminationType specifies where TLS connections will terminate.
@@ -239,13 +250,10 @@ const (
 
 	// TLSTerminationPassthrough terminates the TLS connection at the
 	// destination service. The destination service is responsible for
-	// decrypting data from the connection.
+	// decrypting data from the connection. The Gateway listener must be
+	// configured for the HTTPS protocol. SNI is used by the Gateway to
+	// perform route selection.
 	TLSTerminationPassthrough TLSTerminationType = "Passthrough"
-
-	// TLSTerminationReencrypt terminates the TLS connection at the gateway.
-	// The gateway creates an encrypted connection to the destination service
-	// using the provided certificate from DestinationCACertificate.
-	TLSTerminationReencrypt TLSTerminationType = "Reencrypt"
 )
 
 // GatewayStatus defines the observed state of Gateway.