k8ts

// generated by cdk8s import { ApiObject, ApiObjectMetadata, GroupVersionKind } from "cdk8s" import { Construct } from "constructs" /** * Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners * to a set of IP addresses. * * @schema Gateway */ export class Gateway extends ApiObject { /** Returns the apiVersion and kind for "Gateway" */ public static readonly GVK: GroupVersionKind = { apiVersion: "gateway.networking.k8s.io/v1", kind: "Gateway" } /** * Renders a Kubernetes manifest for "Gateway". * * This can be used to inline resource manifests inside other objects (e.g. as templates). * * @param props Initialization props */ public static manifest(props: GatewayProps): any { return { ...Gateway.GVK, ...toJson_GatewayProps(props) } } /** * Defines a "Gateway" API object * * @param scope The scope in which to define this object * @param id A scope-local name for the object * @param props Initialization props */ public constructor(scope: Construct, id: string, props: GatewayProps) { super(scope, id, { ...Gateway.GVK, ...props }) } /** Renders the object to Kubernetes JSON. */ public toJson(): any { const resolved = super.toJson() return { ...Gateway.GVK, ...toJson_GatewayProps(resolved) } } } /** * Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners * to a set of IP addresses. * * @schema Gateway */ export interface GatewayProps { /** @schema Gateway#metadata */ readonly metadata?: ApiObjectMetadata /** * Spec defines the desired state of Gateway. * * @schema Gateway#spec */ readonly spec: GatewaySpec } /** Converts an object of type 'GatewayProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ export function toJson_GatewayProps( obj: GatewayProps | undefined ): Record<string, any> | undefined { if (obj === undefined) { return undefined } const result = { metadata: obj.metadata, spec: toJson_GatewaySpec(obj.spec) } // filter undefined values return Object.entries(result).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } /* eslint-enable max-len, quote-props */ /** * Spec defines the desired state of Gateway. * * @schema GatewaySpec */ export interface GatewaySpec { /** * Addresses requested for this Gateway. This is optional and behavior can depend on the * implementation. If a value is set in the spec and the requested address is invalid or * unavailable, the implementation MUST indicate this in the associated entry in * GatewayStatus.Addresses. * * The Addresses field represents a request for the address(es) on the "outside of the Gateway", * that traffic bound for this Gateway will use. This could be the IP address or hostname of an * external load balancer or other networking infrastructure, or some other address that traffic * will be sent to. * * If no Addresses are specified, the implementation MAY schedule the Gateway in an * implementation-specific manner, assigning an appropriate set of Addresses. * * The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the * Gateway and add a corresponding entry in GatewayStatus.Addresses. * * Support: Extended * * @schema GatewaySpec#addresses */ readonly addresses?: GatewaySpecAddresses[] /** * GatewayClassName used for this Gateway. This is the name of a GatewayClass resource. * * @schema GatewaySpec#gatewayClassName */ readonly gatewayClassName: string /** * Infrastructure defines infrastructure level attributes about this Gateway instance. * * Support: Extended * * @schema GatewaySpec#infrastructure */ readonly infrastructure?: GatewaySpecInfrastructure /** * Listeners associated with this Gateway. Listeners define logical endpoints that are bound on * this Gateway's addresses. At least one Listener MUST be specified. * * Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in * that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses * "set of Listeners" rather than "Listeners in a single Gateway" because implementations MAY * merge configuration from multiple Gateways onto a single data plane, and these rules _also_ * apply in that case). * * Practically, this means that each listener in a set MUST have a unique combination of Port, * Protocol, and, if supported by the protocol, Hostname. * * Some combinations of port, protocol, and TLS settings are considered Core support and MUST be * supported by implementations based on their targeted conformance profile: * * HTTP Profile * * 1. HTTPRoute, Port: 80, Protocol: HTTP * 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided * * TLS Profile * * 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough * * "Distinct" Listeners have the following property: * * The implementation can match inbound requests to a single distinct Listener. When multiple * Listeners share values for fields (for example, two Listeners with the same Port value), the * implementation can match requests to only one of the Listeners using other Listener fields. * * For example, the following Listener scenarios are distinct: * * 1. Multiple Listeners with the same Port that all use the "HTTP" Protocol that all have unique * Hostname values. * 2. Multiple Listeners with the same Port that use either the "HTTPS" or "TLS" Protocol that all * have unique Hostname values. * 3. A mixture of "TCP" and "UDP" Protocol Listeners, where no Listener with the same Protocol has * the same Port value. * * Some fields in the Listener struct have possible values that affect whether the Listener is * distinct. Hostname is particularly relevant for HTTP or HTTPS protocols. * * When using the Hostname value to select between same-Port, same-Protocol Listeners, the * Hostname value must be different on each Listener for the Listener to be distinct. * * When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from * the most specific to least specific Hostname values to choose the correct Listener and its * associated set of Routes. * * Exact matches must be processed before wildcard matches, and wildcard matches must be * processed before fallback (empty Hostname value) matches. For example, `"foo.example.com"` * takes precedence over `"*.example.com"`, and `"*.example.com"` takes precedence over `""`. * * Additionally, if there are multiple wildcard entries, more specific wildcard entries must be * processed before less specific wildcard entries. For example, `"*.foo.example.com"` takes * precedence over `"*.example.com"`. The precise definition here is that the higher the number * of dots in the hostname to the right of the wildcard character, the higher the precedence. * * The wildcard character will match any number of characters _and dots_ to the left, however, * so `"*.example.com"` will match both `"foo.bar.example.com"` _and_ `"bar.example.com"`. * * If a set of Listeners contains Listeners that are not distinct, then those Listeners are * Conflicted, and the implementation MUST set the "Conflicted" condition in the Listener Status * to "True". * * Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they * only accept the partial Listener set that contains no Conflicted Listeners. To put this * another way, implementations may accept a partial Listener set only if they throw out _all_ * the conflicting Listeners. No picking one of the conflicting listeners as the winner. This * also means that the Gateway must have at least one non-conflicting Listener in this case, * otherwise it violates the requirement that at least one Listener must be present. * * The implementation MUST set a "ListenersNotValid" condition on the Gateway Status when the * Gateway contains Conflicted Listeners whether or not they accept the Gateway. That Condition * SHOULD clearly indicate in the Message which Listeners are conflicted, and which are * Accepted. Additionally, the Listener status for those listeners SHOULD indicate which * Listeners are conflicted and not Accepted. * * A Gateway's Listeners are considered "compatible" if: * * 1. They are distinct. * 2. The implementation can serve them in compliance with the Addresses requirement that all * Listeners are available on all assigned addresses. * * Compatible combinations in Extended support are expected to vary across implementations. A * combination that is compatible for one implementation may not be compatible for another. * * For example, an implementation that cannot serve both TCP and UDP listeners on the same * address, or cannot mix HTTPS and generic TLS listens on the same port would not consider * those cases compatible, even though they are distinct. * * Note that requests SHOULD match at most one Listener. For example, if Listeners are defined * for "foo.example.com" and "_.example.com", a request to "foo.example.com" SHOULD only be * routed using routes attached to the "foo.example.com" Listener (and not the "_.example.com" * Listener). This concept is known as "Listener Isolation". Implementations that do not support * Listener Isolation MUST clearly document this. * * Implementations MAY merge separate Gateways onto a single set of Addresses if all Listeners * across all Gateways are compatible. * * Support: Core * * @schema GatewaySpec#listeners */ readonly listeners: GatewaySpecListeners[] } /** Converts an object of type 'GatewaySpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ export function toJson_GatewaySpec(obj: GatewaySpec | undefined): Record<string, any> | undefined { if (obj === undefined) { return undefined } const result = { addresses: obj.addresses?.map(y => toJson_GatewaySpecAddresses(y)), gatewayClassName: obj.gatewayClassName, infrastructure: toJson_GatewaySpecInfrastructure(obj.infrastructure), listeners: obj.listeners?.map(y => toJson_GatewaySpecListeners(y)) } // filter undefined values return Object.entries(result).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } /* eslint-enable max-len, quote-props */ /** * GatewayAddress describes an address that can be bound to a Gateway. * * @schema GatewaySpecAddresses */ export interface GatewaySpecAddresses { /** * Type of the address. * * @schema GatewaySpecAddresses#type */ readonly type?: string /** * Value of the address. The validity of the values will depend on the type and support by the * controller. * * Examples: `1.2.3.4`, `128::1`, `my-ip-address`. * * @schema GatewaySpecAddresses#value */ readonly value: string } /** Converts an object of type 'GatewaySpecAddresses' to JSON representation. */ /* eslint-disable max-len, quote-props */ export function toJson_GatewaySpecAddresses( obj: GatewaySpecAddresses | undefined ): Record<string, any> | undefined { if (obj === undefined) { return undefined } const result = { type: obj.type, value: obj.value } // filter undefined values return Object.entries(result).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } /* eslint-enable max-len, quote-props */ /** * Infrastructure defines infrastructure level attributes about this Gateway instance. * * Support: Extended * * @schema GatewaySpecInfrastructure */ export interface GatewaySpecInfrastructure { /** * Annotations that SHOULD be applied to any resources created in response to this Gateway. * * For implementations creating other Kubernetes objects, this should be the * `metadata.annotations` field on resources. For other implementations, this refers to any * relevant (implementation specific) "annotations" concepts. * * An implementation may chose to add additional implementation-specific annotations as they see * fit. * * Support: Extended * * @schema GatewaySpecInfrastructure#annotations */ readonly annotations?: { [key: string]: string } /** * Labels that SHOULD be applied to any resources created in response to this Gateway. * * For implementations creating other Kubernetes objects, this should be the `metadata.labels` * field on resources. For other implementations, this refers to any relevant (implementation * specific) "labels" concepts. * * An implementation may chose to add additional implementation-specific labels as they see fit. * * If an implementation maps these labels to Pods, or any other resource that would need to be * recreated when labels change, it SHOULD clearly warn about this behavior in documentation. * * Support: Extended * * @schema GatewaySpecInfrastructure#labels */ readonly labels?: { [key: string]: string } /** * ParametersRef is a reference to a resource that contains the configuration parameters * corresponding to the Gateway. This is optional if the controller does not require any * additional configuration. * * This follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis * * The Gateway's GatewayClass may provide its own `parametersRef`. When both are specified, the * merging behavior is implementation specific. It is generally recommended that GatewayClass * provides defaults that can be overridden by a Gateway. * * Support: Implementation-specific * * @schema GatewaySpecInfrastructure#parametersRef */ readonly parametersRef?: GatewaySpecInfrastructureParametersRef } /** Converts an object of type 'GatewaySpecInfrastructure' to JSON representation. */ /* eslint-disable max-len, quote-props */ export function toJson_GatewaySpecInfrastructure( obj: GatewaySpecInfrastructure | undefined ): Record<string, any> | undefined { if (obj === undefined) { return undefined } const result = { annotations: obj.annotations === undefined ? undefined : Object.entries(obj.annotations).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ), labels: obj.labels === undefined ? undefined : Object.entries(obj.labels).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ), parametersRef: toJson_GatewaySpecInfrastructureParametersRef(obj.parametersRef) } // filter undefined values return Object.entries(result).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } /* eslint-enable max-len, quote-props */ /** * Listener embodies the concept of a logical endpoint where a Gateway accepts network connections. * * @schema GatewaySpecListeners */ export interface GatewaySpecListeners { /** * AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted * namespaces where those Route resources MAY be present. * * Although a client request may match multiple route rules, only one rule may ultimately * receive the request. Matching precedence MUST be determined in order of the following * criteria: * * - The most specific match as defined by the Route type. * - The oldest Route based on creation timestamp. For example, a Route with a creation timestamp * of "2020-09-08 01:02:03" is given precedence over a Route with a creation timestamp of * "2020-09-08 01:02:04". * - If everything else is equivalent, the Route appearing first in alphabetical order * (namespace/name) should be given precedence. For example, foo/bar is given precedence over * foo/baz. * * All valid rules within a Route attached to this Listener should be implemented. Invalid Route * rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions * from valid to invalid, support for that Route rule should be dropped to ensure consistency. * For example, even if a filter specified by a Route rule is invalid, the rest of the rules * within that Route should still be supported. * * Support: Core * * @schema GatewaySpecListeners#allowedRoutes */ readonly allowedRoutes?: GatewaySpecListenersAllowedRoutes /** * Hostname specifies the virtual hostname to match for protocol types that define this concept. * When unspecified, all hostnames are matched. This field is ignored for protocols that don't * require hostname based matching. * * Implementations MUST apply Hostname matching appropriately for each of the following * protocols: * * - TLS: The Listener Hostname MUST match the SNI. * - HTTP: The Listener Hostname MUST match the Host header of the request. * - HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP protocol layers as * described above. If an implementation does not ensure that both the SNI and Host header * match the Listener hostname, it MUST clearly document that. * * For HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` * array. When both listener and route specify hostnames, there MUST be an intersection between * the values for a Route to be accepted. For more information, refer to the Route specific * Hostnames documentation. * * Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. * That means that a match for `*.example.com` would match both `test.example.com`, and * `foo.test.example.com`, but not `example.com`. * * Support: Core * * @schema GatewaySpecListeners#hostname */ readonly hostname?: string /** * Name is the name of the Listener. This name MUST be unique within a Gateway. * * Support: Core * * @schema GatewaySpecListeners#name */ readonly name: string /** * Port is the network port. Multiple listeners may use the same port, subject to the Listener * compatibility rules. * * Support: Core * * @schema GatewaySpecListeners#port */ readonly port: number /** * Protocol specifies the network protocol this listener expects to receive. * * Support: Core * * @schema GatewaySpecListeners#protocol */ readonly protocol: string /** * TLS is the TLS configuration for the Listener. This field is required if the Protocol field * is "HTTPS" or "TLS". It is invalid to set this field if the Protocol field is "HTTP", "TCP", * or "UDP". * * The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the * Hostname field for this listener. * * The GatewayClass MUST use the longest matching SNI out of all available certificates for any * TLS handshake. * * Support: Core * * @schema GatewaySpecListeners#tls */ readonly tls?: GatewaySpecListenersTls } /** Converts an object of type 'GatewaySpecListeners' to JSON representation. */ /* eslint-disable max-len, quote-props */ export function toJson_GatewaySpecListeners( obj: GatewaySpecListeners | undefined ): Record<string, any> | undefined { if (obj === undefined) { return undefined } const result = { allowedRoutes: toJson_GatewaySpecListenersAllowedRoutes(obj.allowedRoutes), hostname: obj.hostname, name: obj.name, port: obj.port, protocol: obj.protocol, tls: toJson_GatewaySpecListenersTls(obj.tls) } // filter undefined values return Object.entries(result).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } /* eslint-enable max-len, quote-props */ /** * ParametersRef is a reference to a resource that contains the configuration parameters * corresponding to the Gateway. This is optional if the controller does not require any additional * configuration. * * This follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis * * The Gateway's GatewayClass may provide its own `parametersRef`. When both are specified, the * merging behavior is implementation specific. It is generally recommended that GatewayClass * provides defaults that can be overridden by a Gateway. * * Support: Implementation-specific * * @schema GatewaySpecInfrastructureParametersRef */ export interface GatewaySpecInfrastructureParametersRef { /** * Group is the group of the referent. * * @schema GatewaySpecInfrastructureParametersRef#group */ readonly group: string /** * Kind is kind of the referent. * * @schema GatewaySpecInfrastructureParametersRef#kind */ readonly kind: string /** * Name is the name of the referent. * * @schema GatewaySpecInfrastructureParametersRef#name */ readonly name: string } /** Converts an object of type 'GatewaySpecInfrastructureParametersRef' to JSON representation. */ /* eslint-disable max-len, quote-props */ export function toJson_GatewaySpecInfrastructureParametersRef( obj: GatewaySpecInfrastructureParametersRef | undefined ): Record<string, any> | undefined { if (obj === undefined) { return undefined } const result = { group: obj.group, kind: obj.kind, name: obj.name } // filter undefined values return Object.entries(result).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } /* eslint-enable max-len, quote-props */ /** * AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted * namespaces where those Route resources MAY be present. * * Although a client request may match multiple route rules, only one rule may ultimately receive * the request. Matching precedence MUST be determined in order of the following criteria: * * - The most specific match as defined by the Route type. * - The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of * "2020-09-08 01:02:03" is given precedence over a Route with a creation timestamp of "2020-09-08 * 01:02:04". * - If everything else is equivalent, the Route appearing first in alphabetical order * (namespace/name) should be given precedence. For example, foo/bar is given precedence over * foo/baz. * * All valid rules within a Route attached to this Listener should be implemented. Invalid Route * rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from * valid to invalid, support for that Route rule should be dropped to ensure consistency. For * example, even if a filter specified by a Route rule is invalid, the rest of the rules within that * Route should still be supported. * * Support: Core * * @schema GatewaySpecListenersAllowedRoutes */ export interface GatewaySpecListenersAllowedRoutes { /** * Kinds specifies the groups and kinds of Routes that are allowed to bind to this Gateway * Listener. When unspecified or empty, the kinds of Routes selected are determined using the * Listener protocol. * * A RouteGroupKind MUST correspond to kinds of Routes that are compatible with the application * protocol specified in the Listener's Protocol field. If an implementation does not support or * recognize this resource type, it MUST set the "ResolvedRefs" condition to False for this * Listener with the "InvalidRouteKinds" reason. * * Support: Core * * @schema GatewaySpecListenersAllowedRoutes#kinds */ readonly kinds?: GatewaySpecListenersAllowedRoutesKinds[] /** * Namespaces indicates namespaces from which Routes may be attached to this Listener. This is * restricted to the namespace of this Gateway by default. * * Support: Core * * @schema GatewaySpecListenersAllowedRoutes#namespaces */ readonly namespaces?: GatewaySpecListenersAllowedRoutesNamespaces } /** Converts an object of type 'GatewaySpecListenersAllowedRoutes' to JSON representation. */ /* eslint-disable max-len, quote-props */ export function toJson_GatewaySpecListenersAllowedRoutes( obj: GatewaySpecListenersAllowedRoutes | undefined ): Record<string, any> | undefined { if (obj === undefined) { return undefined } const result = { kinds: obj.kinds?.map(y => toJson_GatewaySpecListenersAllowedRoutesKinds(y)), namespaces: toJson_GatewaySpecListenersAllowedRoutesNamespaces(obj.namespaces) } // filter undefined values return Object.entries(result).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } /* eslint-enable max-len, quote-props */ /** * TLS is the TLS configuration for the Listener. This field is required if the Protocol field is * "HTTPS" or "TLS". It is invalid to set this field if the Protocol field is "HTTP", "TCP", or * "UDP". * * The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the * Hostname field for this listener. * * The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS * handshake. * * Support: Core * * @schema GatewaySpecListenersTls */ export interface GatewaySpecListenersTls { /** * CertificateRefs contains a series of references to Kubernetes objects that contains TLS * certificates and private keys. These certificates are used to establish a TLS handshake for * requests that match the hostname of the associated listener. * * A single CertificateRef to a Kubernetes Secret has "Core" support. Implementations MAY choose * to support attaching multiple certificates to a Listener, but this behavior is * implementation-specific. * * References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant * in the target namespace that allows the certificate to be attached. If a ReferenceGrant does * not allow this reference, the "ResolvedRefs" condition MUST be set to False for this listener * with the "RefNotPermitted" reason. * * This field is required to have at least one element when the mode is set to "Terminate" * (default) and is optional otherwise. * * CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or * implementation-specific custom resources. * * Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls * * Support: Implementation-specific (More than one reference or other resource types) * * @schema GatewaySpecListenersTls#certificateRefs */ readonly certificateRefs?: GatewaySpecListenersTlsCertificateRefs[] /** * Mode defines the TLS behavior for the TLS session initiated by the client. There are two * possible modes: * * - Terminate: The TLS session between the downstream client and the Gateway is terminated at the * Gateway. This mode requires certificates to be specified in some way, such as populating * the certificateRefs field. * - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway * can't decipher the TLS stream except for the ClientHello message of the TLS protocol. The * certificateRefs field is ignored in this mode. * * Support: Core * * @schema GatewaySpecListenersTls#mode */ readonly mode?: GatewaySpecListenersTlsMode /** * Options are a list of key/value pairs to enable extended TLS configuration for each * implementation. For example, configuring the minimum TLS version or supported cipher suites. * * A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, * implementation-specific definitions MUST use domain-prefixed names, such as * `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by * Gateway API. * * Support: Implementation-specific * * @schema GatewaySpecListenersTls#options */ readonly options?: { [key: string]: string } } /** Converts an object of type 'GatewaySpecListenersTls' to JSON representation. */ /* eslint-disable max-len, quote-props */ export function toJson_GatewaySpecListenersTls( obj: GatewaySpecListenersTls | undefined ): Record<string, any> | undefined { if (obj === undefined) { return undefined } const result = { certificateRefs: obj.certificateRefs?.map(y => toJson_GatewaySpecListenersTlsCertificateRefs(y) ), mode: obj.mode, options: obj.options === undefined ? undefined : Object.entries(obj.options).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } // filter undefined values return Object.entries(result).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } /* eslint-enable max-len, quote-props */ /** * RouteGroupKind indicates the group and kind of a Route resource. * * @schema GatewaySpecListenersAllowedRoutesKinds */ export interface GatewaySpecListenersAllowedRoutesKinds { /** * Group is the group of the Route. * * @schema GatewaySpecListenersAllowedRoutesKinds#group */ readonly group?: string /** * Kind is the kind of the Route. * * @schema GatewaySpecListenersAllowedRoutesKinds#kind */ readonly kind: string } /** Converts an object of type 'GatewaySpecListenersAllowedRoutesKinds' to JSON representation. */ /* eslint-disable max-len, quote-props */ export function toJson_GatewaySpecListenersAllowedRoutesKinds( obj: GatewaySpecListenersAllowedRoutesKinds | undefined ): Record<string, any> | undefined { if (obj === undefined) { return undefined } const result = { group: obj.group, kind: obj.kind } // filter undefined values return Object.entries(result).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } /* eslint-enable max-len, quote-props */ /** * Namespaces indicates namespaces from which Routes may be attached to this Listener. This is * restricted to the namespace of this Gateway by default. * * Support: Core * * @schema GatewaySpecListenersAllowedRoutesNamespaces */ export interface GatewaySpecListenersAllowedRoutesNamespaces { /** * From indicates where Routes will be selected for this Gateway. Possible values are: * * - All: Routes in all namespaces may be used by this Gateway. * - Selector: Routes in namespaces selected by the selector may be used by this Gateway. * - Same: Only Routes in the same namespace may be used by this Gateway. * * Support: Core * * @schema GatewaySpecListenersAllowedRoutesNamespaces#from */ readonly from?: GatewaySpecListenersAllowedRoutesNamespacesFrom /** * Selector must be specified when From is set to "Selector". In that case, only Routes in * Namespaces matching this Selector will be selected by this Gateway. This field is ignored for * other values of "From". * * Support: Core * * @schema GatewaySpecListenersAllowedRoutesNamespaces#selector */ readonly selector?: GatewaySpecListenersAllowedRoutesNamespacesSelector } /** Converts an object of type 'GatewaySpecListenersAllowedRoutesNamespaces' to JSON representation. */ /* eslint-disable max-len, quote-props */ export function toJson_GatewaySpecListenersAllowedRoutesNamespaces( obj: GatewaySpecListenersAllowedRoutesNamespaces | undefined ): Record<string, any> | undefined { if (obj === undefined) { return undefined } const result = { from: obj.from, selector: toJson_GatewaySpecListenersAllowedRoutesNamespacesSelector(obj.selector) } // filter undefined values return Object.entries(result).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } /* eslint-enable max-len, quote-props */ /** * SecretObjectReference identifies an API object including its namespace, defaulting to Secret. * * The API object must be valid in the cluster; the Group and Kind must be registered in the cluster * for this reference to be valid. * * References to objects with invalid Group and Kind are not valid, and must be rejected by the * implementation, with appropriate Conditions set on the containing object. * * @schema GatewaySpecListenersTlsCertificateRefs */ export interface GatewaySpecListenersTlsCertificateRefs { /** * Group is the group of the referent. For example, "gateway.networking.k8s.io". When * unspecified or empty string, core API group is inferred. * * @schema GatewaySpecListenersTlsCertificateRefs#group */ readonly group?: string /** * Kind is kind of the referent. For example "Secret". * * @schema GatewaySpecListenersTlsCertificateRefs#kind */ readonly kind?: string /** * Name is the name of the referent. * * @schema GatewaySpecListenersTlsCertificateRefs#name */ readonly name: string /** * Namespace is the namespace of the referenced object. When unspecified, the local namespace is * inferred. * * Note that when a namespace different than the local namespace is specified, a ReferenceGrant * object is required in the referent namespace to allow that namespace's owner to accept the * reference. See the ReferenceGrant documentation for details. * * Support: Core * * @schema GatewaySpecListenersTlsCertificateRefs#namespace */ readonly namespace?: string } /** Converts an object of type 'GatewaySpecListenersTlsCertificateRefs' to JSON representation. */ /* eslint-disable max-len, quote-props */ export function toJson_GatewaySpecListenersTlsCertificateRefs( obj: GatewaySpecListenersTlsCertificateRefs | undefined ): Record<string, any> | undefined { if (obj === undefined) { return undefined } const result = { group: obj.group, kind: obj.kind, name: obj.name, namespace: obj.namespace } // filter undefined values return Object.entries(result).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } /* eslint-enable max-len, quote-props */ /** * Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible * modes: * * - Terminate: The TLS session between the downstream client and the Gateway is terminated at the * Gateway. This mode requires certificates to be specified in some way, such as populating the * certificateRefs field. * - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway * can't decipher the TLS stream except for the ClientHello message of the TLS protocol. The * certificateRefs field is ignored in this mode. * * Support: Core * * @schema GatewaySpecListenersTlsMode */ export enum GatewaySpecListenersTlsMode { /** Terminate */ TERMINATE = "Terminate", /** Passthrough */ PASSTHROUGH = "Passthrough" } /** * From indicates where Routes will be selected for this Gateway. Possible values are: * * - All: Routes in all namespaces may be used by this Gateway. * - Selector: Routes in namespaces selected by the selector may be used by this Gateway. * - Same: Only Routes in the same namespace may be used by this Gateway. * * Support: Core * * @schema GatewaySpecListenersAllowedRoutesNamespacesFrom */ export enum GatewaySpecListenersAllowedRoutesNamespacesFrom { /** All */ ALL = "All", /** Selector */ SELECTOR = "Selector", /** Same */ SAME = "Same" } /** * Selector must be specified when From is set to "Selector". In that case, only Routes in * Namespaces matching this Selector will be selected by this Gateway. This field is ignored for * other values of "From". * * Support: Core * * @schema GatewaySpecListenersAllowedRoutesNamespacesSelector */ export interface GatewaySpecListenersAllowedRoutesNamespacesSelector { /** * MatchExpressions is a list of label selector requirements. The requirements are ANDed. * * @schema GatewaySpecListenersAllowedRoutesNamespacesSelector#matchExpressions */ readonly matchExpressions?: GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions[] /** * MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is * equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", * and the values array contains only "value". The requirements are ANDed. * * @schema GatewaySpecListenersAllowedRoutesNamespacesSelector#matchLabels */ readonly matchLabels?: { [key: string]: string } } /** * Converts an object of type 'GatewaySpecListenersAllowedRoutesNamespacesSelector' to JSON * representation. */ /* eslint-disable max-len, quote-props */ export function toJson_GatewaySpecListenersAllowedRoutesNamespacesSelector( obj: GatewaySpecListenersAllowedRoutesNamespacesSelector | undefined ): Record<string, any> | undefined { if (obj === undefined) { return undefined } const result = { matchExpressions: obj.matchExpressions?.map(y => toJson_GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions(y) ), matchLabels: obj.matchLabels === undefined ? undefined : Object.entries(obj.matchLabels).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } // filter undefined values return Object.entries(result).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } /* eslint-enable max-len, quote-props */ /** * A label selector requirement is a selector that contains values, a key, and an operator that * relates the key and values. * * @schema GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions */ export interface GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions { /** * Key is the label key that the selector applies to. * * @schema GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#key */ readonly key: string /** * Operator represents a key's relationship to a set of values. Valid operators are In, NotIn, * Exists and DoesNotExist. * * @schema GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#operator */ readonly operator: string /** * Values is an array of string values. If the operator is In or NotIn, the values array must be * non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This * array is replaced during a strategic merge patch. * * @schema GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions#values */ readonly values?: string[] } /** * Converts an object of type 'GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions' * to JSON representation. */ /* eslint-disable max-len, quote-props */ export function toJson_GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions( obj: GatewaySpecListenersAllowedRoutesNamespacesSelectorMatchExpressions | undefined ): Record<string, any> | undefined { if (obj === undefined) { return undefined } const result = { key: obj.key, operator: obj.operator, values: obj.values?.map(y => y) } // filter undefined values return Object.entries(result).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } /* eslint-enable max-len, quote-props */ /** * Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners * to a set of IP addresses. * * @schema GatewayV1Beta1 */ export class GatewayV1Beta1 extends ApiObject { /** Returns the apiVersion and kind for "GatewayV1Beta1" */ public static readonly GVK: GroupVersionKind = { apiVersion: "gateway.networking.k8s.io/v1beta1", kind: "Gateway" } /** * Renders a Kubernetes manifest for "GatewayV1Beta1". * * This can be used to inline resource manifests inside other objects (e.g. as templates). * * @param props Initialization props */ public static manifest(props: GatewayV1Beta1Props): any { return { ...GatewayV1Beta1.GVK, ...toJson_GatewayV1Beta1Props(props) } } /** * Defines a "GatewayV1Beta1" API object * * @param scope The scope in which to define this object * @param id A scope-local name for the object * @param props Initialization props */ public constructor(scope: Construct, id: string, props: GatewayV1Beta1Props) { super(scope, id, { ...GatewayV1Beta1.GVK, ...props }) } /** Renders the object to Kubernetes JSON. */ public toJson(): any { const resolved = super.toJson() return { ...GatewayV1Beta1.GVK, ...toJson_GatewayV1Beta1Props(resolved) } } } /** * Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners * to a set of IP addresses. * * @schema GatewayV1Beta1 */ export interface GatewayV1Beta1Props { /** @schema GatewayV1Beta1#metadata */ readonly metadata?: ApiObjectMetadata /** * Spec defines the desired state of Gateway. * * @schema GatewayV1Beta1#spec */ readonly spec: GatewayV1Beta1Spec } /** Converts an object of type 'GatewayV1Beta1Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ export function toJson_GatewayV1Beta1Props( obj: GatewayV1Beta1Props | undefined ): Record<string, any> | undefined { if (obj === undefined) { return undefined } const result = { metadata: obj.metadata, spec: toJson_GatewayV1Beta1Spec(obj.spec) } // filter undefined values return Object.entries(result).reduce( (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {} ) } /* eslint-enable max-len, quote-props */ /** * Spec defines the desired state of Gateway. * * @schema GatewayV1Beta1Spec */ export interface GatewayV1Beta1Spec { /** * Addresses requested for this Gateway. This is optional and behavior can depend on the * implementation. If a value is set in the spec and the requested address is invalid or * unavailable, the implementation MUST indicate this in the associated entry in * GatewayStatus.Addresses. * * The Addresses field represents a request for the address(es) on the "outside of the Gateway", * that traffic bound for this Gateway will use. This could be the IP address or hostname of an * external load balancer or other networking infrastructure, or some other address that traffic * will be sent to. * * If no Addresses are specified, the implementation MAY schedule the Gateway in an * implementation-specific manner, assigning an appropriate set of Addresses. * * The implementation MUST bind all Listeners to every GatewayAddress that it assigns to the * Gateway and add a corresponding entry in GatewayStatus.Addresses. * * Support: Extended * * @schema GatewayV1Beta1Spec#addresses */ readonly addresses?: GatewayV1Beta1SpecAddresses[] /** * GatewayClassName used for this Gateway. This is the name of a GatewayClass resource. * * @schema GatewayV1Beta1Spec#gatewayClassName */ readonly gatewayClassName: string /** * Infrastructure defines infrastructure level attributes about this Gateway instance. * * Support: Extended * * @schema GatewayV1Beta1Spec#infrastructure */ readonly infrastructure?: GatewayV1Beta1SpecInfrastructure /** * Listeners associated with this Gateway. Listeners define logical endpoints that are bound on * this Gateway's addresses. At least one Listener MUST be specified. * * Each Listener in a set of Listeners (for example, in a single Gateway) MUST be _distinct_, in * that a traffic flow MUST be able to be assigned to exactly one listener. (This section uses * "set of Listeners" rather than "Listeners in a single Gateway" because implementations MAY * merge configuration from multiple Gateways onto a single data plane, and these rules _also_ * apply in that case). * * Practically, this means that each listener in a set MUST have a unique combination of Port, * Protocol, and, if supported by the protocol, Hostname. * * Some combinations of port, protocol, and TLS settings are considered Core support and MUST be * supported by implementations based on their targeted conformance profile: * * HTTP Profile * * 1. HTTPRoute, Port: 80, Protocol: HTTP * 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided * * TLS Profile * * 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough * * "Distinct" Listeners have the following property: * * The implementation can match inbound requests to a single distinct Listener. When multiple * Listeners share values for fields (for example, two Listeners with the same Port value), the * implementation can match requests to only one of the Listeners using other Listener fields. * * For example, the following Listener scenarios are distinct: * * 1. Multiple Listeners with the same Port that all use the "HTTP" Protocol that all have unique * Hostname values. * 2. Multiple Listeners with the same Port that use either the "HTTPS" or "TLS" Protocol that all * have unique Hostname values. * 3. A mixture of "TCP" and "UDP" Protocol Listeners, where no Listener with the same Protocol has * the same Port value. * * Some fields in the Listener struct have possible values that affect whether the Listener is * distinct. Hostname is particularly relevant for HTTP or HTTPS protocols. * * When using the Hostname value to select between same-Port, same-Protocol Listeners, the * Hostname value must be different on each Listener for the Listener to be distinct. * * When the Listeners are distinct based on Hostname, inbound request hostnames MUST match from * the most specific to least specific Hostname values to choose the correct Listener and its * associated set of Routes. * * Exact matches must be processed before wildcard matches, and wildcard matches must be * processed before fallback (empty Hostname value) matches. For example, `"foo.example.com"` * takes precedence over `"*.example.com"`, and `"*.example.com"` takes precedence over `""`. * * Additionally, if there are multiple wildcard entries, more specific wildcard entries must be * processed before less specific wildcard entries. For example, `"*.foo.example.com"` takes * precedence over `"*.example.com"`. The precise definition here is that the higher the number * of dots in the hostname to the right of the wildcard character, the higher the precedence. * * The wildcard character will match any number of characters _and dots_ to the left, however, * so `"*.example.com"` will match both `"foo.bar.example.com"` _and_ `"bar.example.com"`. * * If a set of Listeners contains Listeners that are not distinct, then those Listeners are * Conflicted, and the implementation MUST set the "Conflicted" condition in the Listener Status * to "True". * * Implementations MAY choose to accept a Gateway with some Conflicted Listeners only if they * only accept the partial Listener set that contains no Conflicted Listeners.