diff --git a/apis/v1beta1/gateway_types.go b/apis/v1beta1/gateway_types.go index 971890867e..836258f055 100644 --- a/apis/v1beta1/gateway_types.go +++ b/apis/v1beta1/gateway_types.go @@ -132,6 +132,13 @@ type GatewaySpec struct { // matches. For example, `"foo.example.com"` takes precedence over // `"*.example.com"`, and `"*.example.com"` takes precedence over `""`. // + // Note that requests SHOULD match at most one Listener. For example, if + // Listeners are defined for "foo.example.com" and "*.example.com", a + // request to "foo.example.com" SHOULD only be routed using routes attached + // to the "foo.example.com" Listener (and not the "*.example.com" Listener). + // This concept is known as "Listener Isolation". Implementations that do + // not support Listener Isolation MUST clearly document this. + // // Implementations MAY merge separate Gateways onto a single set of // Addresses if all Listeners across all Gateways are compatible. // diff --git a/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml b/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml index 7901a50bd0..c263b68315 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml @@ -217,9 +217,15 @@ spec: wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\"foo.example.com\"` takes precedence over `\"*.example.com\"`, and `\"*.example.com\"` - takes precedence over `\"\"`. \n Implementations MAY merge separate - Gateways onto a single set of Addresses if all Listeners across - all Gateways are compatible. \n Support: Core" + takes precedence over `\"\"`. \n Note that requests SHOULD match + at most one Listener. For example, if Listeners are defined for + \"foo.example.com\" and \"*.example.com\", a request to \"foo.example.com\" + SHOULD only be routed using routes attached to the \"foo.example.com\" + Listener (and not the \"*.example.com\" Listener). This concept + is known as \"Listener Isolation\". Implementations that do not + support Listener Isolation MUST clearly document this. \n Implementations + MAY merge separate Gateways onto a single set of Addresses if all + Listeners across all Gateways are compatible. \n Support: Core" items: description: Listener embodies the concept of a logical endpoint where a Gateway accepts network connections. @@ -1068,9 +1074,15 @@ spec: wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\"foo.example.com\"` takes precedence over `\"*.example.com\"`, and `\"*.example.com\"` - takes precedence over `\"\"`. \n Implementations MAY merge separate - Gateways onto a single set of Addresses if all Listeners across - all Gateways are compatible. \n Support: Core" + takes precedence over `\"\"`. \n Note that requests SHOULD match + at most one Listener. For example, if Listeners are defined for + \"foo.example.com\" and \"*.example.com\", a request to \"foo.example.com\" + SHOULD only be routed using routes attached to the \"foo.example.com\" + Listener (and not the \"*.example.com\" Listener). This concept + is known as \"Listener Isolation\". Implementations that do not + support Listener Isolation MUST clearly document this. \n Implementations + MAY merge separate Gateways onto a single set of Addresses if all + Listeners across all Gateways are compatible. \n Support: Core" items: description: Listener embodies the concept of a logical endpoint where a Gateway accepts network connections. diff --git a/config/crd/standard/gateway.networking.k8s.io_gateways.yaml b/config/crd/standard/gateway.networking.k8s.io_gateways.yaml index de241d1d9d..cfa69c3d51 100644 --- a/config/crd/standard/gateway.networking.k8s.io_gateways.yaml +++ b/config/crd/standard/gateway.networking.k8s.io_gateways.yaml @@ -174,9 +174,15 @@ spec: wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\"foo.example.com\"` takes precedence over `\"*.example.com\"`, and `\"*.example.com\"` - takes precedence over `\"\"`. \n Implementations MAY merge separate - Gateways onto a single set of Addresses if all Listeners across - all Gateways are compatible. \n Support: Core" + takes precedence over `\"\"`. \n Note that requests SHOULD match + at most one Listener. For example, if Listeners are defined for + \"foo.example.com\" and \"*.example.com\", a request to \"foo.example.com\" + SHOULD only be routed using routes attached to the \"foo.example.com\" + Listener (and not the \"*.example.com\" Listener). This concept + is known as \"Listener Isolation\". Implementations that do not + support Listener Isolation MUST clearly document this. \n Implementations + MAY merge separate Gateways onto a single set of Addresses if all + Listeners across all Gateways are compatible. \n Support: Core" items: description: Listener embodies the concept of a logical endpoint where a Gateway accepts network connections. @@ -982,9 +988,15 @@ spec: wildcard matches, and wildcard matches must be processed before fallback (empty Hostname value) matches. For example, `\"foo.example.com\"` takes precedence over `\"*.example.com\"`, and `\"*.example.com\"` - takes precedence over `\"\"`. \n Implementations MAY merge separate - Gateways onto a single set of Addresses if all Listeners across - all Gateways are compatible. \n Support: Core" + takes precedence over `\"\"`. \n Note that requests SHOULD match + at most one Listener. For example, if Listeners are defined for + \"foo.example.com\" and \"*.example.com\", a request to \"foo.example.com\" + SHOULD only be routed using routes attached to the \"foo.example.com\" + Listener (and not the \"*.example.com\" Listener). This concept + is known as \"Listener Isolation\". Implementations that do not + support Listener Isolation MUST clearly document this. \n Implementations + MAY merge separate Gateways onto a single set of Addresses if all + Listeners across all Gateways are compatible. \n Support: Core" items: description: Listener embodies the concept of a logical endpoint where a Gateway accepts network connections.