Skip to content

Commit

Permalink
add api changes according to gep-3155
Browse files Browse the repository at this point in the history
Co-authored-by: @mkosieradzki 10385115+mkosieradzki@users.noreply.github.com
  • Loading branch information
LiorLieberman committed Aug 29, 2024
1 parent d416ed4 commit c131972
Show file tree
Hide file tree
Showing 18 changed files with 872 additions and 25 deletions.
39 changes: 39 additions & 0 deletions apis/applyconfiguration/apis/v1/gatewaybackendtls.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 9 additions & 0 deletions apis/applyconfiguration/apis/v1/gatewayspec.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

17 changes: 17 additions & 0 deletions apis/applyconfiguration/apis/v1alpha3/backendtlspolicyspec.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

62 changes: 62 additions & 0 deletions apis/applyconfiguration/apis/v1alpha3/subjectaltname.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

33 changes: 33 additions & 0 deletions apis/applyconfiguration/internal/internal.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions apis/applyconfiguration/utils.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

32 changes: 32 additions & 0 deletions apis/v1/gateway_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,15 @@ type GatewaySpec struct {
// <gateway:experimental>
// +optional
Infrastructure *GatewayInfrastructure `json:"infrastructure,omitempty"`

// BackendTLS configures TLS settings for when this Gateway is connecting to
// backends with TLS.
//
// Support: Core
//
// +optional
// <gateway:experimental>
BackendTLS *GatewayBackendTLS `json:"backendTLS,omitempty"`
}

// Listener embodies the concept of a logical endpoint where a Gateway accepts
Expand Down Expand Up @@ -374,6 +383,29 @@ const (
UDPProtocolType ProtocolType = "UDP"
)

// GatewayBackendTLS describes backend TLS configuration for gateway.
type GatewayBackendTLS struct {
// ClientCertificateRef is a reference to an object that contains a Client
// Certificate and the associated private key.
//
// References to a resource in different namespace are invalid UNLESS there
// is a ReferenceGrant in the target namespace that allows the certificate
// to be attached. If a ReferenceGrant does not allow this reference, the
// "ResolvedRefs" condition MUST be set to False for this listener with the
// "RefNotPermitted" reason.
//
// ClientCertificateRef can reference to standard Kubernetes resources, i.e.
// Secret, or implementation-specific custom resources.
//
// This setting can be overridden on the service level by use of BackendTLSPolicy.
//
// Support: Core
//
// +optional
// <gateway:experimental>
ClientCertificateRef *SecretObjectReference `json:"clientCertificateRef,omitempty"`
}

// GatewayTLSConfig describes a TLS configuration.
//
// +kubebuilder:validation:XValidation:message="certificateRefs or options must be specified when mode is Terminate",rule="self.mode == 'Terminate' ? size(self.certificateRefs) > 0 || size(self.options) > 0 : true"
Expand Down
13 changes: 13 additions & 0 deletions apis/v1/shared_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -535,6 +535,19 @@ type Hostname string
// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
type PreciseHostname string

// AbsoluteURI represents a Uniform Resource Identifier (URI) as defined by RFC3986.

// The AbsoluteURI MUST NOT be a relative URI, and it MUST follow the URI syntax and
// encoding rules specified in RFC3986. The AbsoluteURI MUST include both a
// scheme (e.g., "http" or "spiffe") and a scheme-specific-part. URIs that
// include an authority MUST include a fully qualified domain name or
// IP address as the host.

// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:validation:Pattern=`^(([^:/?#]+):)(//([^/?#]*))([^?#]*)(\?([^#]*))?(#(.*))?`
type AbsoluteURI string

// Group refers to a Kubernetes Group. It must either be an empty string or a
// RFC 1123 subdomain.
//
Expand Down
25 changes: 25 additions & 0 deletions apis/v1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit c131972

Please sign in to comment.