From 63e2d58304e23db916289a560044e6b37d9aee7d Mon Sep 17 00:00:00 2001 From: Daneyon Hansen Date: Tue, 11 Feb 2020 12:55:14 -0800 Subject: [PATCH] Updates based on jpeach feedback --- api/v1alpha1/gateway_types.go | 64 ++--- api/v1alpha1/zz_generated.deepcopy.go | 31 ++- .../bases/networking.x.k8s.io_gateways.yaml | 219 +++++++++--------- 3 files changed, 161 insertions(+), 153 deletions(-) diff --git a/api/v1alpha1/gateway_types.go b/api/v1alpha1/gateway_types.go index 89156c3d10..be92f3416b 100644 --- a/api/v1alpha1/gateway_types.go +++ b/api/v1alpha1/gateway_types.go @@ -56,9 +56,14 @@ type GatewaySpec struct { // Listeners associated with this Gateway. Listeners define what addresses, // ports, protocols are bound on this Gateway. Listeners []Listener `json:"listeners"` - // Routes associated with this Gateway. Routes define - // protocol-specific routing to backends (e.g. Services). - Routes []core.TypedLocalObjectReference `json:"routes"` + // Routes defines routes to associate with the Gateway. + // + // If unspecified, all routes will be associated to the Gateway. + // + // Support: Core + // + // +optional + Routes []Route `json:"routes,omitempty"` } const ( @@ -68,6 +73,28 @@ const ( HTTPSProcotol = "HTTPS" ) +// Route defines the schema for a route. +type Route struct { + // RouteRef is a reference to an object to associate with the Gateway. + // RouteRef defines protocol-specific routing to back-ends (e.g. Services). + // + // If unspecified, all routes will be associated to the Gateway. + // + // Support: Core + // + // +optional + RouteRef core.ObjectReference `json:"routeRef"` + // TerminationPolicy defines a policy for terminating TLS connections + // of a route. + // + // If unspecified, TLS termination type "Edge" will be used. + // + // Support: Core + // + // +optional + TerminationPolicy TLSTerminationPolicy `json:"terminationPolicy,omitempty"` +} + // Listener defines a type Listener struct { // Name can be used to tie this Listener to a ListenerStatus entry with the @@ -149,14 +176,6 @@ const ( // - aws: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies // - azure: https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-bindings#enforce-tls-1112 type ListenerTLS struct { - // TerminationPolicy defines a policy for terminating TLS connections. - // - // If unspecified, TLS termination type "Edge" will be used. - // - // Support: Core - // - // +optional - TerminationPolicy TLSTerminationPolicy `json:"terminationPolicy,omitempty"` // Certificates is a list of certificates containing resources // that are bound to the listener. // @@ -198,16 +217,8 @@ type TLSTerminationPolicy struct { // // +optional TerminationType TLSTerminationType `json:"terminationType,omitempty"` - // Routes is one or more routes to associate with the TLS termination policy. - // - // If unspecified, all routes associated with the Gateway listener will be used. - // - // Support: Core - // - // +optional - Routes []core.ObjectReference `json:"routes,omitempty"` - // CACertificates is a reference to one or more CA certificate used - // for establishing a TLS connection with the final destination when + // CACertificates is a reference to one or more CA certificates used + // for establishing a TLS connection with the backend object when // using TLS termination type "Reencrypt". // // Here is a ConfigMap example (in yaml): @@ -227,7 +238,7 @@ type TLSTerminationPolicy struct { // Support: Implementation-specific (For other resource types) // // +optional - CACertificates []core.TypedLocalObjectReference `json:"caCertificates,omitempty"` + CACertificates []core.ObjectReference `json:"caCertificates,omitempty"` } // TLSTerminationType specifies where TLS connections will terminate. @@ -239,13 +250,10 @@ const ( // TLSTerminationPassthrough terminates the TLS connection at the // destination service. The destination service is responsible for - // decrypting data from the connection. + // decrypting data from the connection. The Gateway listener must be + // configured for the HTTPS protocol. SNI is used by the Gateway to + // perform route selection. TLSTerminationPassthrough TLSTerminationType = "Passthrough" - - // TLSTerminationReencrypt terminates the TLS connection at the gateway. - // The gateway creates an encrypted connection to the destination service - // using the provided certificate from DestinationCACertificate. - TLSTerminationReencrypt TLSTerminationType = "Reencrypt" ) // GatewayStatus defines the observed state of Gateway. diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 452afb7435..37365cf5a8 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -241,7 +241,7 @@ func (in *GatewaySpec) DeepCopyInto(out *GatewaySpec) { } if in.Routes != nil { in, out := &in.Routes, &out.Routes - *out = make([]v1.TypedLocalObjectReference, len(*in)) + *out = make([]Route, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -670,7 +670,6 @@ func (in *ListenerStatus) DeepCopy() *ListenerStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ListenerTLS) DeepCopyInto(out *ListenerTLS) { *out = *in - in.TerminationPolicy.DeepCopyInto(&out.TerminationPolicy) if in.Certificates != nil { in, out := &in.Certificates, &out.Certificates *out = make([]v1.TypedLocalObjectReference, len(*in)) @@ -703,19 +702,29 @@ func (in *ListenerTLS) DeepCopy() *ListenerTLS { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSTerminationPolicy) DeepCopyInto(out *TLSTerminationPolicy) { +func (in *Route) DeepCopyInto(out *Route) { *out = *in - if in.Routes != nil { - in, out := &in.Routes, &out.Routes - *out = make([]v1.ObjectReference, len(*in)) - copy(*out, *in) + out.RouteRef = in.RouteRef + in.TerminationPolicy.DeepCopyInto(&out.TerminationPolicy) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Route. +func (in *Route) DeepCopy() *Route { + if in == nil { + return nil } + out := new(Route) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSTerminationPolicy) DeepCopyInto(out *TLSTerminationPolicy) { + *out = *in if in.CACertificates != nil { in, out := &in.CACertificates, &out.CACertificates - *out = make([]v1.TypedLocalObjectReference, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = make([]v1.ObjectReference, len(*in)) + copy(*out, *in) } } diff --git a/config/crd/bases/networking.x.k8s.io_gateways.yaml b/config/crd/bases/networking.x.k8s.io_gateways.yaml index 1d99c15ee4..a98a193e49 100644 --- a/config/crd/bases/networking.x.k8s.io_gateways.yaml +++ b/config/crd/bases/networking.x.k8s.io_gateways.yaml @@ -153,100 +153,6 @@ spec: sense to loft that as a core API construct. \n Support: Implementation-specific." type: object - terminationPolicy: - description: "TerminationPolicy defines a policy for terminating - TLS connections. \n If unspecified, TLS termination type - \"Edge\" will be used. \n Support: Core" - properties: - caCertificates: - description: "CACertificates is a reference to one or - more CA certificate used for establishing a TLS connection - with the final destination when using TLS termination - type \"Reencrypt\". \n Here is a ConfigMap example (in - yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: - my-dest-svc-ca namespace: my-dest-svc-namespace data: - \ ca-bundle.crt: | -----BEGIN CERTIFICATE----- - \ Destination Service CA Certificate Bundle. -----END - CERTIFICATE----- \n Support: Core (Kubernetes ConfigMap) - Support: Implementation-specific (For other resource - types)" - items: - description: TypedLocalObjectReference contains enough - information to let you locate the typed referenced - object inside the same namespace. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - type: array - routes: - description: "Routes is one or more routes to associate - with the TLS termination policy. \n If unspecified, - all routes associated with the Gateway listener will - be used. \n Support: Core" - items: - description: ObjectReference contains enough information - to let you inspect or modify the referred object. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object - instead of an entire object, this string should - contain a valid JSON/Go field access statement, - such as desiredState.manifest.containers[2]. For - example, if the object reference is to a container - within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to - the name of the container that triggered the event) - or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax - is chosen only to have some well-defined way of - referencing a part of an object. TODO: this design - is not final and this field is subject to change - in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which - this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - type: array - terminationType: - description: "TerminationType defines how to terminate - TLS connections. \n If unspecified, TLS termination - type \"Edge\" will be used. \n Support: Core" - type: string - type: object required: - options type: object @@ -255,33 +161,118 @@ spec: type: object type: array routes: - description: Routes associated with this Gateway. Routes define protocol-specific - routing to backends (e.g. Services). + description: "Routes defines routes to associate with the Gateway. \n + If unspecified, all routes will be associated to the Gateway. \n Support: + Core" items: - description: TypedLocalObjectReference contains enough information - to let you locate the typed referenced object inside the same namespace. + description: Route defines the schema for a route. properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in - the core API group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name + routeRef: + description: "RouteRef is a reference to an object to associate + with the Gateway. RouteRef defines protocol-specific routing + to back-ends (e.g. Services). \n If unspecified, all routes + will be associated to the Gateway. \n Support: Core" + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + terminationPolicy: + description: "TerminationPolicy defines a policy for terminating + TLS connections of a route. \n If unspecified, TLS termination + type \"Edge\" will be used. \n Support: Core" + properties: + caCertificates: + description: "CACertificates is a reference to one or more + CA certificates used for establishing a TLS connection with + the backend object when using TLS termination type \"Reencrypt\". + \n Here is a ConfigMap example (in yaml): \n apiVersion: + v1 kind: ConfigMap metadata: name: my-dest-svc-ca namespace: + my-dest-svc-namespace data: ca-bundle.crt: | -----BEGIN + CERTIFICATE----- Destination Service CA Certificate + Bundle. -----END CERTIFICATE----- \n Support: Core + (Kubernetes ConfigMap) Support: Implementation-specific + (For other resource types)" + items: + description: ObjectReference contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + terminationType: + description: "TerminationType defines how to terminate TLS + connections. \n If unspecified, TLS termination type \"Edge\" + will be used. \n Support: Core" + type: string + type: object type: object type: array required: - class - listeners - - routes type: object status: description: GatewayStatus defines the observed state of Gateway.