diff --git a/api/v1alpha1/backendtrafficpolicy_types.go b/api/v1alpha1/backendtrafficpolicy_types.go
new file mode 100644
index 000000000..2bdf5b553
--- /dev/null
+++ b/api/v1alpha1/backendtrafficpolicy_types.go
@@ -0,0 +1,91 @@
+package v1alpha1
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+ gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+)
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+type BackendTrafficPolicy struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+
+ Spec BackendTrafficPolicySpec `json:"spec,omitempty"`
+ Status gatewayv1alpha2.PolicyStatus `json:"status,omitempty"`
+}
+
+type BackendTrafficPolicySpec struct {
+ // TargetRef identifies an API object to apply policy to.
+ // Currently, Backends (i.e. Service, ServiceImport, or any
+ // implementation-specific backendRef) are the only valid API
+ // target references.
+ // +listType=map
+ // +listMapKey=group
+ // +listMapKey=kind
+ // +listMapKey=name
+ // +kubebuilder:validation:MinItems=1
+ // +kubebuilder:validation:MaxItems=16
+ TargetRefs []gatewayv1alpha2.LocalPolicyTargetReferenceWithSectionName `json:"targetRefs"`
+ // LoadBalancer represents the load balancer configuration for Kubernetes Service.
+ // The default strategy is round robin.
+ LoadBalancer *LoadBalancer `json:"loadbalancer,omitempty" yaml:"loadbalancer,omitempty"`
+ // The scheme used to talk with the upstream.
+ //
+ // +kubebuilder:validation:Enum=http;https;grpc;grpcs;
+ // +kubebuilder:default=http
+ Scheme string `json:"scheme,omitempty" yaml:"scheme,omitempty"`
+
+ // How many times that the proxy (Apache APISIX) should do when
+ // errors occur (error, timeout or bad http status codes like 500, 502).
+ // +optional
+ Retries *int `json:"retries,omitempty" yaml:"retries,omitempty"`
+
+ // Timeout settings for the read, send and connect to the upstream.
+ Timeout *Timeout `json:"timeout,omitempty" yaml:"timeout,omitempty"`
+
+ // Configures the host when the request is forwarded to the upstream.
+ // Can be one of pass, node or rewrite.
+ //
+ // +kubebuilder:validation:Enum=pass;node;rewrite;
+ // +kubebuilder:default=pass
+ PassHost string `json:"pass_host,omitempty" yaml:"pass_host,omitempty"`
+
+ // Specifies the host of the Upstream request. This is only valid if
+ // the pass_host is set to rewrite
+ Host Hostname `json:"upstream_host,omitempty" yaml:"upstream_host,omitempty"`
+}
+
+// LoadBalancer describes the load balancing parameters.
+// +kubebuilder:validation:XValidation:rule="!(has(self.key) && self.type != 'chash')"
+type LoadBalancer struct {
+ // +kubebuilder:validation:Enum=roundrobin;chash;ewma;least_conn;
+ // +kubebuilder:default=roundrobin
+ // +kubebuilder:validation:Required
+ Type string `json:"type" yaml:"type"`
+ // The HashOn and Key fields are required when Type is "chash".
+ // HashOn represents the key fetching scope.
+ // +kubebuilder:validation:Enum=vars;header;cookie;consumer;vars_combinations;
+ // +kubebuilder:default=vars
+ HashOn string `json:"hashOn,omitempty" yaml:"hashOn,omitempty"`
+ // Key represents the hash key.
+ Key string `json:"key,omitempty" yaml:"key,omitempty"`
+}
+
+type Timeout struct {
+ Connect metav1.Duration `json:"connect,omitempty" yaml:"connect,omitempty"`
+ Send metav1.Duration `json:"send,omitempty" yaml:"send,omitempty"`
+ Read metav1.Duration `json:"read,omitempty" yaml:"read,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+type BackendTrafficPolicyList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []BackendTrafficPolicy `json:"items"`
+}
+
+func init() {
+ SchemeBuilder.Register(&BackendTrafficPolicy{}, &BackendTrafficPolicyList{})
+}
diff --git a/api/v1alpha1/consumer_types.go b/api/v1alpha1/consumer_types.go
index b4364df14..e0cda80d7 100644
--- a/api/v1alpha1/consumer_types.go
+++ b/api/v1alpha1/consumer_types.go
@@ -46,10 +46,6 @@ type SecretReference struct {
Namespace *string `json:"namespace,omitempty"`
}
-type Status struct {
- Conditions []metav1.Condition `json:"conditions,omitempty"`
-}
-
// +kubebuilder:object:root=true
type ConsumerList struct {
metav1.TypeMeta `json:",inline"`
diff --git a/api/v1alpha1/types.go b/api/v1alpha1/types.go
new file mode 100644
index 000000000..070b7d9a3
--- /dev/null
+++ b/api/v1alpha1/types.go
@@ -0,0 +1,12 @@
+package v1alpha1
+
+import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=253
+// +kubebuilder:validation:Pattern=`^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
+type Hostname string
+
+type Status struct {
+ Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 562df618a..52915e5ab 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -21,11 +21,108 @@ limitations under the License.
package v1alpha1
import (
- apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
- "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
+ "sigs.k8s.io/gateway-api/apis/v1alpha2"
)
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BackendTrafficPolicy) DeepCopyInto(out *BackendTrafficPolicy) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTrafficPolicy.
+func (in *BackendTrafficPolicy) DeepCopy() *BackendTrafficPolicy {
+ if in == nil {
+ return nil
+ }
+ out := new(BackendTrafficPolicy)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *BackendTrafficPolicy) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BackendTrafficPolicyList) DeepCopyInto(out *BackendTrafficPolicyList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]BackendTrafficPolicy, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTrafficPolicyList.
+func (in *BackendTrafficPolicyList) DeepCopy() *BackendTrafficPolicyList {
+ if in == nil {
+ return nil
+ }
+ out := new(BackendTrafficPolicyList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *BackendTrafficPolicyList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BackendTrafficPolicySpec) DeepCopyInto(out *BackendTrafficPolicySpec) {
+ *out = *in
+ if in.TargetRefs != nil {
+ in, out := &in.TargetRefs, &out.TargetRefs
+ *out = make([]v1alpha2.LocalPolicyTargetReferenceWithSectionName, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.LoadBalancer != nil {
+ in, out := &in.LoadBalancer, &out.LoadBalancer
+ *out = new(LoadBalancer)
+ **out = **in
+ }
+ if in.Retries != nil {
+ in, out := &in.Retries, &out.Retries
+ *out = new(int)
+ **out = **in
+ }
+ if in.Timeout != nil {
+ in, out := &in.Timeout, &out.Timeout
+ *out = new(Timeout)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTrafficPolicySpec.
+func (in *BackendTrafficPolicySpec) DeepCopy() *BackendTrafficPolicySpec {
+ if in == nil {
+ return nil
+ }
+ out := new(BackendTrafficPolicySpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Consumer) DeepCopyInto(out *Consumer) {
*out = *in
@@ -222,7 +319,7 @@ func (in *GatewayProxySpec) DeepCopyInto(out *GatewayProxySpec) {
}
if in.PluginMetadata != nil {
in, out := &in.PluginMetadata, &out.PluginMetadata
- *out = make(map[string]apiextensionsv1.JSON, len(*in))
+ *out = make(map[string]v1.JSON, len(*in))
for key, val := range *in {
(*out)[key] = *val.DeepCopy()
}
@@ -269,6 +366,21 @@ func (in *GatewayRef) DeepCopy() *GatewayRef {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LoadBalancer) DeepCopyInto(out *LoadBalancer) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancer.
+func (in *LoadBalancer) DeepCopy() *LoadBalancer {
+ if in == nil {
+ return nil
+ }
+ out := new(LoadBalancer)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Plugin) DeepCopyInto(out *Plugin) {
*out = *in
@@ -390,7 +502,7 @@ func (in *Status) DeepCopyInto(out *Status) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
- *out = make([]v1.Condition, len(*in))
+ *out = make([]metav1.Condition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
@@ -406,3 +518,21 @@ func (in *Status) DeepCopy() *Status {
in.DeepCopyInto(out)
return out
}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Timeout) DeepCopyInto(out *Timeout) {
+ *out = *in
+ out.Connect = in.Connect
+ out.Send = in.Send
+ out.Read = in.Read
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Timeout.
+func (in *Timeout) DeepCopy() *Timeout {
+ if in == nil {
+ return nil
+ }
+ out := new(Timeout)
+ in.DeepCopyInto(out)
+ return out
+}
diff --git a/config/crd/bases/gateway.apisix.io_backendtrafficpolicies.yaml b/config/crd/bases/gateway.apisix.io_backendtrafficpolicies.yaml
new file mode 100644
index 000000000..3e325bf7f
--- /dev/null
+++ b/config/crd/bases/gateway.apisix.io_backendtrafficpolicies.yaml
@@ -0,0 +1,535 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.15.0
+ name: backendtrafficpolicies.gateway.apisix.io
+spec:
+ group: gateway.apisix.io
+ names:
+ kind: BackendTrafficPolicy
+ listKind: BackendTrafficPolicyList
+ plural: backendtrafficpolicies
+ singular: backendtrafficpolicy
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ loadbalancer:
+ description: |-
+ LoadBalancer represents the load balancer configuration for Kubernetes Service.
+ The default strategy is round robin.
+ properties:
+ hashOn:
+ default: vars
+ description: |-
+ The HashOn and Key fields are required when Type is "chash".
+ HashOn represents the key fetching scope.
+ enum:
+ - vars
+ - header
+ - cookie
+ - consumer
+ - vars_combinations
+ type: string
+ key:
+ description: Key represents the hash key.
+ type: string
+ type:
+ default: roundrobin
+ enum:
+ - roundrobin
+ - chash
+ - ewma
+ - least_conn
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - rule: '!(has(self.key) && self.type != ''chash'')'
+ pass_host:
+ default: pass
+ description: |-
+ Configures the host when the request is forwarded to the upstream.
+ Can be one of pass, node or rewrite.
+ enum:
+ - pass
+ - node
+ - rewrite
+ type: string
+ retries:
+ description: |-
+ How many times that the proxy (Apache APISIX) should do when
+ errors occur (error, timeout or bad http status codes like 500, 502).
+ type: integer
+ scheme:
+ default: http
+ description: The scheme used to talk with the upstream.
+ enum:
+ - http
+ - https
+ - grpc
+ - grpcs
+ type: string
+ targetRefs:
+ description: |-
+ TargetRef identifies an API object to apply policy to.
+ Currently, Backends (i.e. Service, ServiceImport, or any
+ implementation-specific backendRef) are the only valid API
+ target references.
+ items:
+ description: |-
+ LocalPolicyTargetReferenceWithSectionName identifies an API object to apply a
+ direct policy to. This should be used as part of Policy resources that can
+ target single resources. For more information on how this policy attachment
+ mode works, and a sample Policy resource, refer to the policy attachment
+ documentation for Gateway API.
+
+
+ Note: This should only be used for direct policy attachment when references
+ to SectionName are actually needed. In all other cases,
+ LocalPolicyTargetReference should be used.
+ properties:
+ group:
+ description: Group is the group of the target resource.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is kind of the target resource.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the target resource.
+ maxLength: 253
+ minLength: 1
+ type: string
+ sectionName:
+ description: |-
+ SectionName is the name of a section within the target resource. When
+ unspecified, this targetRef targets the entire resource. In the following
+ resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name
+ * HTTPRoute: HTTPRouteRule name
+ * Service: Port name
+
+
+ If a SectionName is specified, but does not exist on the targeted object,
+ the Policy must fail to attach, and the policy implementation should record
+ a `ResolvedRefs` or similar Condition in the Policy's status.
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ required:
+ - group
+ - kind
+ - name
+ type: object
+ maxItems: 16
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - kind
+ - name
+ x-kubernetes-list-type: map
+ timeout:
+ description: Timeout settings for the read, send and connect to the
+ upstream.
+ properties:
+ connect:
+ type: string
+ read:
+ type: string
+ send:
+ type: string
+ type: object
+ upstream_host:
+ description: |-
+ Specifies the host of the Upstream request. This is only valid if
+ the pass_host is set to rewrite
+ maxLength: 253
+ minLength: 1
+ pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ required:
+ - targetRefs
+ type: object
+ status:
+ description: |-
+ PolicyStatus defines the common attributes that all Policies should include within
+ their status.
+ properties:
+ ancestors:
+ description: |-
+ Ancestors is a list of ancestor resources (usually Gateways) that are
+ associated with the policy, and the status of the policy with respect to
+ each ancestor. When this policy attaches to a parent, the controller that
+ manages the parent and the ancestors MUST add an entry to this list when
+ the controller first sees the policy and SHOULD update the entry as
+ appropriate when the relevant ancestor is modified.
+
+
+ Note that choosing the relevant ancestor is left to the Policy designers;
+ an important part of Policy design is designing the right object level at
+ which to namespace this status.
+
+
+ Note also that implementations MUST ONLY populate ancestor status for
+ the Ancestor resources they are responsible for. Implementations MUST
+ use the ControllerName field to uniquely identify the entries in this list
+ that they are responsible for.
+
+
+ Note that to achieve this, the list of PolicyAncestorStatus structs
+ MUST be treated as a map with a composite key, made up of the AncestorRef
+ and ControllerName fields combined.
+
+
+ A maximum of 16 ancestors will be represented in this list. An empty list
+ means the Policy is not relevant for any ancestors.
+
+
+ If this slice is full, implementations MUST NOT add further entries.
+ Instead they MUST consider the policy unimplementable and signal that
+ on any related resources such as the ancestor that would be referenced
+ here. For example, if this list was full on BackendTLSPolicy, no
+ additional Gateways would be able to reference the Service targeted by
+ the BackendTLSPolicy.
+ items:
+ description: |-
+ PolicyAncestorStatus describes the status of a route with respect to an
+ associated Ancestor.
+
+
+ Ancestors refer to objects that are either the Target of a policy or above it
+ in terms of object hierarchy. For example, if a policy targets a Service, the
+ Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and
+ the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most
+ useful object to place Policy status on, so we recommend that implementations
+ SHOULD use Gateway as the PolicyAncestorStatus object unless the designers
+ have a _very_ good reason otherwise.
+
+
+ In the context of policy attachment, the Ancestor is used to distinguish which
+ resource results in a distinct application of this policy. For example, if a policy
+ targets a Service, it may have a distinct result per attached Gateway.
+
+
+ Policies targeting the same resource may have different effects depending on the
+ ancestors of those resources. For example, different Gateways targeting the same
+ Service may have different capabilities, especially if they have different underlying
+ implementations.
+
+
+ For example, in BackendTLSPolicy, the Policy attaches to a Service that is
+ used as a backend in a HTTPRoute that is itself attached to a Gateway.
+ In this case, the relevant object for status is the Gateway, and that is the
+ ancestor object referred to in this status.
+
+
+ Note that a parent is also an ancestor, so for objects where the parent is the
+ relevant object for status, this struct SHOULD still be used.
+
+
+ This struct is intended to be used in a slice that's effectively a map,
+ with a composite key made up of the AncestorRef and the ControllerName.
+ properties:
+ ancestorRef:
+ description: |-
+ AncestorRef corresponds with a ParentRef in the spec that this
+ PolicyAncestorStatus struct describes the status of.
+ properties:
+ group:
+ default: gateway.networking.k8s.io
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ default: Gateway
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable any other kind of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ port:
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
+ the Route MUST be considered detached from the Gateway.
+
+
+ Support: Extended
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ sectionName:
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ required:
+ - name
+ type: object
+ conditions:
+ description: Conditions describes the status of the Policy with
+ respect to the given Ancestor.
+ items:
+ description: "Condition contains details for one aspect of
+ the current state of this API Resource.\n---\nThis struct
+ is intended for direct use as an array at the field path
+ .status.conditions. For example,\n\n\n\ttype FooStatus
+ struct{\n\t // Represents the observations of a foo's
+ current state.\n\t // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+ +listType=map\n\t // +listMapKey=type\n\t Conditions
+ []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+ patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 8
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ controllerName:
+ description: |-
+ ControllerName is a domain/path string that indicates the name of the
+ controller that wrote this status. This corresponds with the
+ controllerName field on GatewayClass.
+
+
+ Example: "example.net/gateway-controller".
+
+
+ The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
+ valid Kubernetes names
+ (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
+
+
+ Controllers MUST populate this field when writing status. Controllers should ensure that
+ entries to status populated with their ControllerName are cleaned up when they are no
+ longer necessary.
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
+ type: string
+ required:
+ - ancestorRef
+ - controllerName
+ type: object
+ maxItems: 16
+ type: array
+ required:
+ - ancestors
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
index b5b680c22..d60b18110 100644
--- a/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@@ -5,6 +5,7 @@ resources:
- bases/gateway.apisix.io_pluginconfigs.yaml
- bases/gateway.apisix.io_gatewayproxies.yaml
- bases/gateway.apisix.io_consumers.yaml
+- bases/gateway.apisix.io_backendtrafficpolicies.yaml
# +kubebuilder:scaffold:crdkustomizeresource
patches:
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 3b79829c4..e45ccade1 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -55,6 +55,21 @@ rules:
- get
- list
- watch
+- apiGroups:
+ - gateway.apisix.io
+ resources:
+ - backendtrafficpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - gateway.apisix.io
+ resources:
+ - backendtrafficpolicies/status
+ verbs:
+ - get
+ - update
- apiGroups:
- gateway.apisix.io
resources:
diff --git a/internal/manager/controllers.go b/internal/manager/controllers.go
index 813483c1f..852f2424d 100644
--- a/internal/manager/controllers.go
+++ b/internal/manager/controllers.go
@@ -24,6 +24,8 @@ import (
// +kubebuilder:rbac:groups=gateway.apisix.io,resources=gatewayproxies,verbs=get;list;watch
// +kubebuilder:rbac:groups=gateway.apisix.io,resources=consumers,verbs=get;list;watch
// +kubebuilder:rbac:groups=gateway.apisix.io,resources=consumers/status,verbs=get;update
+// +kubebuilder:rbac:groups=gateway.apisix.io,resources=backendtrafficpolicies,verbs=get;list;watch
+// +kubebuilder:rbac:groups=gateway.apisix.io,resources=backendtrafficpolicies/status,verbs=get;update
// GatewayAPI
// +kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gatewayclasses,verbs=get;list;watch;update