review

Author: kl52752

apis/v1/gateway_types.go

@@ -298,12 +298,21 @@ type GatewaySpec struct {
 
 	// TLSConfigs stores TLS configurations for a Gateway.
 	//
-	// GatewayTLSConfigs will impact all existing and newly added Listeners.
+	//   - If the `port` field in `TLSConfig` is not set, the TLS configuration applies
+	//     to all listeners in the gateway. We call this `default` configuration.
+	//   - If the `port` field in `TLSConfig` is set, the TLS configuration applies
+	//     only to listeners with a matching port. Each port requires a unique TLS configuration.
+	//   - Per-port configurations can override the `default` configuration.
+	//   - The `default` configuration is optional. Clients can apply TLS configuration
+	//     to a subset of listeners by creating only per-port configurations.
+	//     Listeners with a port that does not match any TLS configuration will
+	//     not have `frontendValidation` set.
 	//
 	// Support: Core
-	//
 	// +optional
-	TLSConfigs GatewayTLSConfigs `json:"tlsConfigs,omitempty"`
+	//
+	// <gateway:experimental>
+	TLSConfigs []TLSConfig `json:"tlsConfigs,omitempty"`
 }
 
 // AllowedListeners defines which ListenerSets can be attached to this Gateway.
@@ -644,6 +653,7 @@ type TLSConfig struct {
 	// +optional
 	// <gateway:experimental>
 	Port *PortNumber `json:"port,omitempty"`
+	//
 	// FrontendValidation holds configuration information for validating the frontend (client).
 	// Setting this field will result in mutual authentication when connecting to the gateway.
 	// In browsers this may result in a dialog appearing
@@ -706,19 +716,6 @@ type FrontendTLSValidation struct {
 	Mode FrontendValidationModeType `json:"mode,omitempty"`
 }
 
-// GatewayTLSConfigs stores TLS configurations for a Gateway.
-//
-//   - If the `port` field in `TLSConfig` is not set, the TLS configuration applies
-//     to all listeners in the gateway. We call this `default` configuration.
-//   - If the `port` field in `TLSConfig` is set, the TLS configuration applies
-//     only to listeners with a matching port. Each port requires a unique TLS configuration.
-//   - Per-port configurations can override the `default` configuration.
-//   - The `default` configuration is optional. Clients can apply TLS configuration
-//     to a subset of listeners by creating only per-port configurations.
-//     Listeners with a port that does not match any TLS configuration will
-//     not have `frontendValidation` set.
-type GatewayTLSConfigs []TLSConfig
-
 // FrontendValidationModeType type defines how a Gateway validates client certificates.
 //
 // +kubebuilder:validation:Enum=AllowValidOnly;AllowInvalidOrMissingCert

apis/v1/zz_generated.deepcopy.go

@@ -78,19 +78,6 @@ type ObjectReference struct {
 	Namespace *Namespace `json:"namespace,omitempty"`
 }
 
-// GatewayTLSConfigs stores TLS configurations for a Gateway.
-//
-// * If the `port` field in `TLSConfig` is not set, the TLS configuration applies
-//   to all listeners in the gateway. We call this `default` configuration.
-// * If the `port` field in `TLSConfig` is set, the TLS configuration applies
-//   only to listeners with a matching port. Each port requires a unique TLS configuration.
-// * Per-port configurations can override the `default` configuration.
-// * The `default` configuration is optional. Clients can apply TLS configuration
-//   to a subset of listeners by creating only per-port configurations. Listeners
-//   with a port that does not match any TLS configuration will not have
-//   `frontendValidation` set.
-type GatewayTLSConfigs = []TLSConfig
-
 // TLSConfig describes a TLS configuration that can be applied to all Gateway
 // Listeners or to all Listeners matching the Port if set.
 type TLSConfig struct {
@@ -179,7 +166,22 @@ const (
 type GatewaySpec struct {
     ...
     // TLSConfigs stores TLS configurations for a Gateway.
-    TLSConfigs GatewayTLSConfigs
+	//
+	//   - If the `port` field in `TLSConfig` is not set, the TLS configuration applies
+	//     to all listeners in the gateway. We call this `default` configuration.
+	//   - If the `port` field in `TLSConfig` is set, the TLS configuration applies
+	//     only to listeners with a matching port. Each port requires a unique TLS configuration.
+	//   - Per-port configurations can override the `default` configuration.
+	//   - The `default` configuration is optional. Clients can apply TLS configuration
+	//     to a subset of listeners by creating only per-port configurations.
+	//     Listeners with a port that does not match any TLS configuration will
+	//     not have `frontendValidation` set.
+	//
+	// Support: Core
+	// +optional
+	//
+	// <gateway:experimental>
+	TLSConfigs []TLSConfig `json:"tlsConfigs,omitempty"`
 }
 
 ```
@@ -319,7 +321,6 @@ This GEP aims to standardize this behavior as an official part of the upstream s
 
 [TLS Handshake Protocol]: https://www.rfc-editor.org/rfc/rfc5246#section-7.4
 [Certificate Path Validation]: https://www.rfc-editor.org/rfc/rfc5280#section-6
-[GatewayTLSConfig]: ../../reference/spec.md#gateway.networking.k8s.io/v1.GatewayTLSConfig
 [BackendTLSPolicy]: ../../api-types/backendtlspolicy.md
 [TLS Configuration GEP]: ../gep-2907/index.md
 [Gateway API TLS Use Cases]: https://docs.google.com/document/d/17sctu2uMJtHmJTGtBi_awGB0YzoCLodtR6rUNmKMCs8/edit?pli=1#heading=h.cxuq8vo8pcxm