diff --git a/examples/gateway/00-crds.yaml b/examples/gateway/00-crds.yaml index 9e77c4f05c0..36779bad26d 100644 --- a/examples/gateway/00-crds.yaml +++ b/examples/gateway/00-crds.yaml @@ -2,8 +2,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: gatewayclasses.gateway.networking.k8s.io @@ -444,8 +444,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: gateways.gateway.networking.k8s.io @@ -2032,8 +2032,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: grpcroutes.gateway.networking.k8s.io @@ -2187,7 +2187,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -2310,6 +2310,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: default: - matches: @@ -3614,8 +3626,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: httproutes.gateway.networking.k8s.io @@ -3756,7 +3768,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -3879,6 +3891,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: default: - matches: @@ -6126,7 +6150,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -6249,6 +6273,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: default: - matches: @@ -8384,8 +8420,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: referencegrants.gateway.networking.k8s.io @@ -8670,8 +8706,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: tcproutes.gateway.networking.k8s.io @@ -8747,7 +8783,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -8870,6 +8906,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: description: Rules are a list of TCP matchers and actions. items: @@ -9257,8 +9305,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: tlsroutes.gateway.networking.k8s.io @@ -9380,7 +9428,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -9503,6 +9551,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: description: Rules are a list of TLS matchers and actions. items: @@ -9893,8 +9953,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: udproutes.gateway.networking.k8s.io @@ -9970,7 +10030,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -10093,6 +10153,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: description: Rules are a list of UDP matchers and actions. items: diff --git a/examples/gateway/02-certificate_config.yaml b/examples/gateway/02-certificate_config.yaml index c8f72659b71..2317a8d8c42 100644 --- a/examples/gateway/02-certificate_config.yaml +++ b/examples/gateway/02-certificate_config.yaml @@ -92,8 +92,8 @@ spec: imagePullPolicy: IfNotPresent args: - create - - --host=gateway-api-admission-server,gateway-api-admission-server.gateway-system.svc - - --namespace=gateway-system + - --host=gateway-api-admission-server,gateway-api-admission-server.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) - --secret-name=gateway-api-admission env: - name: POD_NAMESPACE @@ -139,7 +139,7 @@ spec: args: - patch - --webhook-name=gateway-api-admission - - --namespace=gateway-system + - --namespace=$(POD_NAMESPACE) - --patch-mutating=false - --patch-validating=true - --secret-name=gateway-api-admission diff --git a/examples/render/contour-gateway-provisioner.yaml b/examples/render/contour-gateway-provisioner.yaml index 5b8fcb2f45d..4ba9a7bfdd2 100644 --- a/examples/render/contour-gateway-provisioner.yaml +++ b/examples/render/contour-gateway-provisioner.yaml @@ -8042,8 +8042,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: gatewayclasses.gateway.networking.k8s.io @@ -8484,8 +8484,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: gateways.gateway.networking.k8s.io @@ -10072,8 +10072,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: grpcroutes.gateway.networking.k8s.io @@ -10227,7 +10227,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -10350,6 +10350,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: default: - matches: @@ -11654,8 +11666,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: httproutes.gateway.networking.k8s.io @@ -11796,7 +11808,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -11919,6 +11931,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: default: - matches: @@ -14166,7 +14190,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -14289,6 +14313,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: default: - matches: @@ -16424,8 +16460,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: referencegrants.gateway.networking.k8s.io @@ -16710,8 +16746,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: tcproutes.gateway.networking.k8s.io @@ -16787,7 +16823,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -16910,6 +16946,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: description: Rules are a list of TCP matchers and actions. items: @@ -17297,8 +17345,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: tlsroutes.gateway.networking.k8s.io @@ -17420,7 +17468,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -17543,6 +17591,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: description: Rules are a list of TLS matchers and actions. items: @@ -17933,8 +17993,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: udproutes.gateway.networking.k8s.io @@ -18010,7 +18070,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -18133,6 +18193,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: description: Rules are a list of UDP matchers and actions. items: @@ -18718,8 +18790,8 @@ spec: imagePullPolicy: IfNotPresent args: - create - - --host=gateway-api-admission-server,gateway-api-admission-server.gateway-system.svc - - --namespace=gateway-system + - --host=gateway-api-admission-server,gateway-api-admission-server.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) - --secret-name=gateway-api-admission env: - name: POD_NAMESPACE @@ -18765,7 +18837,7 @@ spec: args: - patch - --webhook-name=gateway-api-admission - - --namespace=gateway-system + - --namespace=$(POD_NAMESPACE) - --patch-mutating=false - --patch-validating=true - --secret-name=gateway-api-admission diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml index 3e917725f46..bafec4177f3 100644 --- a/examples/render/contour-gateway.yaml +++ b/examples/render/contour-gateway.yaml @@ -8751,8 +8751,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: gatewayclasses.gateway.networking.k8s.io @@ -9193,8 +9193,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: gateways.gateway.networking.k8s.io @@ -10781,8 +10781,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: grpcroutes.gateway.networking.k8s.io @@ -10936,7 +10936,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -11059,6 +11059,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: default: - matches: @@ -12363,8 +12375,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: httproutes.gateway.networking.k8s.io @@ -12505,7 +12517,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -12628,6 +12640,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: default: - matches: @@ -14875,7 +14899,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -14998,6 +15022,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: default: - matches: @@ -17133,8 +17169,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: referencegrants.gateway.networking.k8s.io @@ -17419,8 +17455,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: tcproutes.gateway.networking.k8s.io @@ -17496,7 +17532,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -17619,6 +17655,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: description: Rules are a list of TCP matchers and actions. items: @@ -18006,8 +18054,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: tlsroutes.gateway.networking.k8s.io @@ -18129,7 +18177,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -18252,6 +18300,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: description: Rules are a list of TLS matchers and actions. items: @@ -18642,8 +18702,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923 - gateway.networking.k8s.io/bundle-version: v0.7.1-dev + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2245 + gateway.networking.k8s.io/bundle-version: v0.8.0-rc1 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: udproutes.gateway.networking.k8s.io @@ -18719,7 +18779,7 @@ spec: namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections - are a Service targeted as a ParentRef of the Route." + are a Service targeted as a ParentRef of the Route. \n " items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually @@ -18842,6 +18902,18 @@ spec: type: object maxItems: 32 type: array + x-kubernetes-validations: + - message: sectionName or port must be unique when parentRefs includes + 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind + == p2.kind && ((!has(p1.__namespace__) && !has(p2.__namespace__)) + || (!has(p1.__namespace__) && p2.__namespace__ == '') || (p1.__namespace__ + == '' && !has(p2.__namespace__)) || (p1.__namespace__ == p2.__namespace__)) + && p1.name == p2.name && ((!has(p1.sectionName) && !has(p2.sectionName)) + || (!has(p1.sectionName) && p2.sectionName == '') || (p1.sectionName + == '' && !has(p2.sectionName)) || (p1.sectionName == p2.sectionName)) + && ((!has(p1.port) && !has(p2.port)) || (!has(p1.port) && p2.port + == 0) || (p1.port == 0 && !has(p2.port)) || (p1.port == p2.port)))) rules: description: Rules are a list of UDP matchers and actions. items: @@ -19427,8 +19499,8 @@ spec: imagePullPolicy: IfNotPresent args: - create - - --host=gateway-api-admission-server,gateway-api-admission-server.gateway-system.svc - - --namespace=gateway-system + - --host=gateway-api-admission-server,gateway-api-admission-server.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) - --secret-name=gateway-api-admission env: - name: POD_NAMESPACE @@ -19474,7 +19546,7 @@ spec: args: - patch - --webhook-name=gateway-api-admission - - --namespace=gateway-system + - --namespace=$(POD_NAMESPACE) - --patch-mutating=false - --patch-validating=true - --secret-name=gateway-api-admission diff --git a/go.mod b/go.mod index 042291af8db..12548f9e287 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( k8s.io/klog/v2 v2.100.1 sigs.k8s.io/controller-runtime v0.15.1 sigs.k8s.io/controller-tools v0.12.1 - sigs.k8s.io/gateway-api v0.7.1-0.20230807171237-f74a2046de1b + sigs.k8s.io/gateway-api v0.8.0-rc1 sigs.k8s.io/kustomize/kyaml v0.14.2 ) diff --git a/go.sum b/go.sum index 09c9c1ce35b..2ecce77e8cd 100644 --- a/go.sum +++ b/go.sum @@ -824,8 +824,8 @@ sigs.k8s.io/controller-runtime v0.15.1 h1:9UvgKD4ZJGcj24vefUFgZFP3xej/3igL9BsOUT sigs.k8s.io/controller-runtime v0.15.1/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk= sigs.k8s.io/controller-tools v0.12.1 h1:GyQqxzH5wksa4n3YDIJdJJOopztR5VDM+7qsyg5yE4U= sigs.k8s.io/controller-tools v0.12.1/go.mod h1:rXlpTfFHZMpZA8aGq9ejArgZiieHd+fkk/fTatY8A2M= -sigs.k8s.io/gateway-api v0.7.1-0.20230807171237-f74a2046de1b h1:xlE+77w0ep13q8m5oN7cAM87OISerMQTGEptm4nfeA8= -sigs.k8s.io/gateway-api v0.7.1-0.20230807171237-f74a2046de1b/go.mod h1:6ndvKYt0iPrSovsFJzUBxEd9pzcsBroaQH3E/04iwUk= +sigs.k8s.io/gateway-api v0.8.0-rc1 h1:oRbzkElX4Ku/6FMslkIshAactoOn2nPSgU34hkvnnlw= +sigs.k8s.io/gateway-api v0.8.0-rc1/go.mod h1:6ndvKYt0iPrSovsFJzUBxEd9pzcsBroaQH3E/04iwUk= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kustomize/kyaml v0.14.2 h1:9WSwztbzwGszG1bZTziQUmVMrJccnyrLb5ZMKpJGvXw=