1 # generated using: kubectl kustomize 'github.com/kong/kubernetes-ingress-controller/config/crd?ref=v3.1.0'
2 apiVersion: apiextensions.k8s.io/v1
3 kind: CustomResourceDefinition
6 controller-gen.kubebuilder.io/version: v0.14.0
7 name: ingressclassparameterses.configuration.konghq.com
9 group: configuration.konghq.com
11 kind: IngressClassParameters
12 listKind: IngressClassParametersList
13 plural: ingressclassparameterses
14 singular: ingressclassparameters
20 description: IngressClassParameters is the Schema for the IngressClassParameters
25 APIVersion defines the versioned schema of this representation of an object.
26 Servers should convert recognized schemas to the latest internal value, and
27 may reject unrecognized values.
28 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
32 Kind is a string value representing the REST resource this object represents.
33 Servers may infer this from the endpoint the client submits requests to.
36 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
41 description: Spec is the IngressClassParameters specification.
43 enableLegacyRegexDetection:
46 EnableLegacyRegexDetection automatically detects if ImplementationSpecific Ingress paths are regular expression
47 paths using the legacy 2.x heuristic. The controller adds the "~" prefix to those paths if the Kong version is
52 description: Offload load-balancing to kube-proxy or sidecar.
59 apiVersion: apiextensions.k8s.io/v1
60 kind: CustomResourceDefinition
63 controller-gen.kubebuilder.io/version: v0.14.0
64 name: kongclusterplugins.configuration.konghq.com
66 group: configuration.konghq.com
69 - kong-ingress-controller
70 kind: KongClusterPlugin
71 listKind: KongClusterPluginList
72 plural: kongclusterplugins
75 singular: kongclusterplugin
78 - additionalPrinterColumns:
79 - description: Name of the plugin
84 jsonPath: .metadata.creationTimestamp
87 - description: Indicates if the plugin is disabled
92 - description: Configuration of the plugin
97 - jsonPath: .status.conditions[?(@.type=="Programmed")].status
103 description: KongClusterPlugin is the Schema for the kongclusterplugins API.
107 APIVersion defines the versioned schema of this representation of an object.
108 Servers should convert recognized schemas to the latest internal value, and
109 may reject unrecognized values.
110 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
114 Config contains the plugin configuration. It's a list of keys and values
115 required to configure the plugin.
116 Please read the documentation of the plugin being configured to set values
117 in here. For any plugin in Kong, anything that goes in the `config` JSON
118 key in the Admin API request, goes into this property.
119 Only one of `config` or `configFrom` may be used in a KongClusterPlugin, not both at once.
121 x-kubernetes-preserve-unknown-fields: true
124 ConfigFrom references a secret containing the plugin configuration.
125 This should be used when the plugin configuration contains sensitive information,
126 such as AWS credentials in the Lambda plugin or the client secret in the OIDC plugin.
127 Only one of `config` or `configFrom` may be used in a KongClusterPlugin, not both at once.
130 description: Specifies a name, a namespace, and a key of a secret
134 description: The key containing the value.
137 description: The secret containing the key.
140 description: The namespace containing the secret.
152 ConfigPatches represents JSON patches to the configuration of the plugin.
153 Each item means a JSON patch to add something in the configuration,
154 where path is specified in `path` and value is in `valueFrom` referencing
156 When Config is specified, patches will be applied to the configuration in Config.
157 Otherwise, patches will be applied to an empty object.
160 NamespacedConfigPatch is a JSON patch to add values from secrets to KongClusterPlugin
161 to the generated configuration of plugin in Kong.
164 description: Path is the JSON path to add the patch.
167 description: ValueFrom is the reference to a key of a secret where
168 the patched value comes from.
171 description: Specifies a name, a namespace, and a key of a secret
175 description: The key containing the value.
178 description: The secret containing the key.
181 description: The namespace containing the secret.
197 description: ConsumerRef is a reference to a particular consumer.
200 description: Disabled set if the plugin is disabled or not.
204 InstanceName is an optional custom name to identify an instance of the plugin. This is useful when running the
205 same plugin in multiple contexts, for example, on multiple services.
209 Kind is a string value representing the REST resource this object represents.
210 Servers may infer this from the endpoint the client submits requests to.
213 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
219 Ordering overrides the normal plugin execution order. It's only available on Kong Enterprise.
220 `<phase>` is a request processing phase (for example, `access` or `body_filter`) and
221 `<plugin>` is the name of the plugin that will run before or after the KongPlugin.
222 For example, a KongPlugin with `plugin: rate-limiting` and `before.access: ["key-auth"]`
223 will create a rate limiting plugin that limits requests _before_ they are authenticated.
226 additionalProperties:
230 description: PluginOrderingPhase indicates which plugins in a phase
231 should affect the target plugin's order
234 additionalProperties:
238 description: PluginOrderingPhase indicates which plugins in a phase
239 should affect the target plugin's order
243 description: PluginName is the name of the plugin to which to apply the
248 Protocols configures plugin to run on requests received on specific
252 KongProtocol is a valid Kong protocol.
253 This alias is necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342
266 RunOn configures the plugin to run on the first or the second or both
267 nodes in case of a service mesh deployment.
274 description: Status represents the current status of the KongClusterPlugin
279 - lastTransitionTime: "1970-01-01T00:00:00Z"
280 message: Waiting for controller
285 Conditions describe the current conditions of the KongClusterPluginStatus.
288 Known condition types are:
293 description: "Condition contains details for one aspect of the current
294 state of this API Resource.\n---\nThis struct is intended for
295 direct use as an array at the field path .status.conditions. For
296 example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
297 observations of a foo's current state.\n\t // Known .status.conditions.type
298 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
299 +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
300 \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
301 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
302 \ // other fields\n\t}"
306 lastTransitionTime is the last time the condition transitioned from one status to another.
307 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
312 message is a human readable message indicating details about the transition.
313 This may be an empty string.
318 observedGeneration represents the .metadata.generation that the condition was set based upon.
319 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
320 with respect to the current state of the instance.
326 reason contains a programmatic identifier indicating the reason for the condition's last transition.
327 Producers of specific condition types may define expected values and meanings for this field,
328 and whether the values are considered a guaranteed API.
329 The value should be a CamelCase string.
330 This field may not be empty.
333 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
336 description: status of the condition, one of True, False, Unknown.
344 type of condition in CamelCase or in foo.example.com/CamelCase.
346 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
347 useful (see .node.status.conditions), the ability to deconflict is important.
348 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
350 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
361 x-kubernetes-list-map-keys:
363 x-kubernetes-list-type: map
368 x-kubernetes-validations:
369 - message: Using both config and configFrom fields is not allowed.
370 rule: '!(has(self.config) && has(self.configFrom))'
371 - message: Using both configFrom and configPatches fields is not allowed.
372 rule: '!(has(self.configFrom) && has(self.configPatches))'
373 - message: The plugin field is immutable
374 rule: self.plugin == oldSelf.plugin
380 apiVersion: apiextensions.k8s.io/v1
381 kind: CustomResourceDefinition
384 controller-gen.kubebuilder.io/version: v0.14.0
385 name: kongconsumergroups.configuration.konghq.com
387 group: configuration.konghq.com
390 - kong-ingress-controller
391 kind: KongConsumerGroup
392 listKind: KongConsumerGroupList
393 plural: kongconsumergroups
396 singular: kongconsumergroup
399 - additionalPrinterColumns:
401 jsonPath: .metadata.creationTimestamp
404 - jsonPath: .status.conditions[?(@.type=="Programmed")].status
410 description: KongConsumerGroup is the Schema for the kongconsumergroups API.
414 APIVersion defines the versioned schema of this representation of an object.
415 Servers should convert recognized schemas to the latest internal value, and
416 may reject unrecognized values.
417 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
421 Kind is a string value representing the REST resource this object represents.
422 Servers may infer this from the endpoint the client submits requests to.
425 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
430 description: Status represents the current status of the KongConsumerGroup
435 - lastTransitionTime: "1970-01-01T00:00:00Z"
436 message: Waiting for controller
441 Conditions describe the current conditions of the KongConsumerGroup.
444 Known condition types are:
449 description: "Condition contains details for one aspect of the current
450 state of this API Resource.\n---\nThis struct is intended for
451 direct use as an array at the field path .status.conditions. For
452 example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
453 observations of a foo's current state.\n\t // Known .status.conditions.type
454 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
455 +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
456 \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
457 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
458 \ // other fields\n\t}"
462 lastTransitionTime is the last time the condition transitioned from one status to another.
463 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
468 message is a human readable message indicating details about the transition.
469 This may be an empty string.
474 observedGeneration represents the .metadata.generation that the condition was set based upon.
475 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
476 with respect to the current state of the instance.
482 reason contains a programmatic identifier indicating the reason for the condition's last transition.
483 Producers of specific condition types may define expected values and meanings for this field,
484 and whether the values are considered a guaranteed API.
485 The value should be a CamelCase string.
486 This field may not be empty.
489 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
492 description: status of the condition, one of True, False, Unknown.
500 type of condition in CamelCase or in foo.example.com/CamelCase.
502 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
503 useful (see .node.status.conditions), the ability to deconflict is important.
504 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
506 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
517 x-kubernetes-list-map-keys:
519 x-kubernetes-list-type: map
527 apiVersion: apiextensions.k8s.io/v1
528 kind: CustomResourceDefinition
531 controller-gen.kubebuilder.io/version: v0.14.0
532 name: kongconsumers.configuration.konghq.com
534 group: configuration.konghq.com
537 - kong-ingress-controller
539 listKind: KongConsumerList
540 plural: kongconsumers
543 singular: kongconsumer
546 - additionalPrinterColumns:
547 - description: Username of a Kong Consumer
552 jsonPath: .metadata.creationTimestamp
555 - jsonPath: .status.conditions[?(@.type=="Programmed")].status
561 description: KongConsumer is the Schema for the kongconsumers API.
565 APIVersion defines the versioned schema of this representation of an object.
566 Servers should convert recognized schemas to the latest internal value, and
567 may reject unrecognized values.
568 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
572 ConsumerGroups are references to consumer groups (that consumer wants to be part of)
579 Credentials are references to secrets containing a credential to be
586 CustomID is a Kong cluster-unique existing ID for the consumer - useful for mapping
587 Kong with users in your existing database.
591 Kind is a string value representing the REST resource this object represents.
592 Servers may infer this from the endpoint the client submits requests to.
595 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
600 description: Status represents the current status of the KongConsumer
605 - lastTransitionTime: "1970-01-01T00:00:00Z"
606 message: Waiting for controller
611 Conditions describe the current conditions of the KongConsumer.
614 Known condition types are:
619 description: "Condition contains details for one aspect of the current
620 state of this API Resource.\n---\nThis struct is intended for
621 direct use as an array at the field path .status.conditions. For
622 example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
623 observations of a foo's current state.\n\t // Known .status.conditions.type
624 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
625 +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
626 \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
627 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
628 \ // other fields\n\t}"
632 lastTransitionTime is the last time the condition transitioned from one status to another.
633 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
638 message is a human readable message indicating details about the transition.
639 This may be an empty string.
644 observedGeneration represents the .metadata.generation that the condition was set based upon.
645 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
646 with respect to the current state of the instance.
652 reason contains a programmatic identifier indicating the reason for the condition's last transition.
653 Producers of specific condition types may define expected values and meanings for this field,
654 and whether the values are considered a guaranteed API.
655 The value should be a CamelCase string.
656 This field may not be empty.
659 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
662 description: status of the condition, one of True, False, Unknown.
670 type of condition in CamelCase or in foo.example.com/CamelCase.
672 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
673 useful (see .node.status.conditions), the ability to deconflict is important.
674 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
676 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
687 x-kubernetes-list-map-keys:
689 x-kubernetes-list-type: map
692 description: Username is a Kong cluster-unique username of the consumer.
695 x-kubernetes-validations:
696 - message: Need to provide either username or custom_id
697 rule: has(self.username) || has(self.custom_id)
703 apiVersion: apiextensions.k8s.io/v1
704 kind: CustomResourceDefinition
707 controller-gen.kubebuilder.io/version: v0.14.0
708 name: kongingresses.configuration.konghq.com
710 group: configuration.konghq.com
713 - kong-ingress-controller
715 listKind: KongIngressList
716 plural: kongingresses
719 singular: kongingress
725 description: KongIngress is the Schema for the kongingresses API.
729 APIVersion defines the versioned schema of this representation of an object.
730 Servers should convert recognized schemas to the latest internal value, and
731 may reject unrecognized values.
732 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
736 Kind is a string value representing the REST resource this object represents.
737 Servers may infer this from the endpoint the client submits requests to.
740 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
746 Proxy defines additional connection options for the routes to be configured in the
747 Kong Gateway, e.g. `connection_timeout`, `retries`, etc.
750 description: "The timeout in milliseconds for\testablishing a connection
751 to the upstream server.\nDeprecated: use Service's \"konghq.com/connect-timeout\"
757 (optional) The path to be used in requests to the upstream server.
758 Deprecated: use Service's "konghq.com/path" annotation instead.
763 The protocol used to communicate with the upstream.
764 Deprecated: use Service's "konghq.com/protocol" annotation instead.
776 The timeout in milliseconds between two successive read operations
777 for transmitting a request to the upstream server.
778 Deprecated: use Service's "konghq.com/read-timeout" annotation instead.
783 The number of retries to execute upon failure to proxy.
784 Deprecated: use Service's "konghq.com/retries" annotation instead.
789 The timeout in milliseconds between two successive write operations
790 for transmitting a request to the upstream server.
791 Deprecated: use Service's "konghq.com/write-timeout" annotation instead.
797 Route define rules to match client requests.
798 Each Route is associated with a Service,
799 and a Service may have multiple Routes associated to it.
802 additionalProperties:
807 Headers contains one or more lists of values indexed by header name
808 that will cause this Route to match if present in the request.
809 The Host header cannot be used with this attribute.
810 Deprecated: use Ingress' "konghq.com/headers" annotation instead.
812 https_redirect_status_code:
814 HTTPSRedirectStatusCode is the status code Kong responds with
815 when all properties of a Route match except the protocol.
816 Deprecated: use Ingress' "ingress.kubernetes.io/force-ssl-redirect" or
817 "konghq.com/https-redirect-status-code" annotations instead.
821 Methods is a list of HTTP methods that match this Route.
822 Deprecated: use Ingress' "konghq.com/methods" annotation instead.
828 PathHandling controls how the Service path, Route path and requested path
829 are combined when sending a request to the upstream.
830 Deprecated: use Ingress' "konghq.com/path-handling" annotation instead.
837 PreserveHost sets When matching a Route via one of the hosts domain names,
838 use the request Host header in the upstream request headers.
839 If set to false, the upstream Host header will be that of the Service’s host.
840 Deprecated: use Ingress' "konghq.com/preserve-host" annotation instead.
844 Protocols is an array of the protocols this Route should allow.
845 Deprecated: use Ingress' "konghq.com/protocols" annotation instead.
848 KongProtocol is a valid Kong protocol.
849 This alias is necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342
862 RegexPriority is a number used to choose which route resolves a given request
863 when several routes match it using regexes simultaneously.
864 Deprecated: use Ingress' "konghq.com/regex-priority" annotation instead.
868 RequestBuffering sets whether to enable request body buffering or not.
869 Deprecated: use Ingress' "konghq.com/request-buffering" annotation instead.
873 ResponseBuffering sets whether to enable response body buffering or not.
874 Deprecated: use Ingress' "konghq.com/response-buffering" annotation instead.
878 SNIs is a list of SNIs that match this Route when using stream routing.
879 Deprecated: use Ingress' "konghq.com/snis" annotation instead.
885 StripPath sets When matching a Route via one of the paths
886 strip the matching prefix from the upstream request URL.
887 Deprecated: use Ingress' "konghq.com/strip-path" annotation instead.
892 Upstream represents a virtual hostname and can be used to loadbalance
893 incoming requests over multiple targets (e.g. Kubernetes `Services` can
894 be a target, OR `Endpoints` can be targets).
898 Algorithm is the load balancing algorithm to use.
899 Accepted values are: "round-robin", "consistent-hashing", "least-connections", "latency".
908 HashFallback defines What to use as hashing input
909 if the primary hash_on does not return a hash.
910 Accepted values are: "none", "consumer", "ip", "header", "cookie".
912 hash_fallback_header:
914 HashFallbackHeader is the header name to take the value from as hash input.
915 Only required when "hash_fallback" is set to "header".
917 hash_fallback_query_arg:
918 description: HashFallbackQueryArg is the "hash_fallback" version of
921 hash_fallback_uri_capture:
922 description: HashFallbackURICapture is the "hash_fallback" version
927 HashOn defines what to use as hashing input.
928 Accepted values are: "none", "consumer", "ip", "header", "cookie", "path", "query_arg", "uri_capture".
932 The cookie name to take the value from as hash input.
933 Only required when "hash_on" or "hash_fallback" is set to "cookie".
937 The cookie path to set in the response headers.
938 Only required when "hash_on" or "hash_fallback" is set to "cookie".
942 HashOnHeader defines the header name to take the value from as hash input.
943 Only required when "hash_on" is set to "header".
946 description: HashOnQueryArg is the query string parameter whose value
947 is the hash input when "hash_on" is set to "query_arg".
951 HashOnURICapture is the name of the capture group whose value is the hash input when "hash_on" is set to
955 description: Healthchecks defines the health check configurations
959 description: ActiveHealthcheck configures active health check
966 additionalProperties:
973 Healthy configures thresholds and HTTP status codes
974 to mark targets healthy for an upstream.
992 https_verify_certificate:
1001 Unhealthy configures thresholds and HTTP status codes
1002 to mark targets unhealthy.
1024 PassiveHealthcheck configures passive checks around
1025 passive health checks.
1029 Healthy configures thresholds and HTTP status codes
1030 to mark targets healthy for an upstream.
1047 Unhealthy configures thresholds and HTTP status codes
1048 to mark targets unhealthy.
1073 HostHeader is The hostname to be used as Host header
1074 when proxying requests through Kong.
1077 description: Slots is the number of slots in the load balancer algorithm.
1082 x-kubernetes-validations:
1083 - message: '''proxy'' field is no longer supported, use Service''s annotations
1085 rule: '!has(self.proxy)'
1086 - message: '''route'' field is no longer supported, use Ingress'' annotations
1088 rule: '!has(self.route)'
1094 apiVersion: apiextensions.k8s.io/v1
1095 kind: CustomResourceDefinition
1098 controller-gen.kubebuilder.io/version: v0.14.0
1099 name: konglicenses.configuration.konghq.com
1101 group: configuration.konghq.com
1104 - kong-ingress-controller
1106 listKind: KongLicenseList
1107 plural: konglicenses
1110 singular: konglicense
1113 - additionalPrinterColumns:
1115 jsonPath: .metadata.creationTimestamp
1118 - description: Enabled to configure on Kong gateway instances
1125 description: KongLicense stores a Kong enterprise license to apply to managed
1126 Kong gateway instances.
1130 APIVersion defines the versioned schema of this representation of an object.
1131 Servers should convert recognized schemas to the latest internal value, and
1132 may reject unrecognized values.
1133 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1138 Enabled is set to true to let controllers (like KIC or KGO) to reconcile it.
1139 Default value is true to apply the license by default.
1143 Kind is a string value representing the REST resource this object represents.
1144 Servers may infer this from the endpoint the client submits requests to.
1147 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1152 description: RawLicenseString is a string with the raw content of the
1156 description: Status is the status of the KongLicense being processed by
1162 KongLicenseControllerStatus is the status of owning KongLicense being processed
1163 identified by the controllerName field.
1167 - lastTransitionTime: "1970-01-01T00:00:00Z"
1168 message: Waiting for controller
1172 description: Conditions describe the current conditions of the
1173 KongLicense on the controller.
1175 description: "Condition contains details for one aspect of
1176 the current state of this API Resource.\n---\nThis struct
1177 is intended for direct use as an array at the field path
1178 .status.conditions. For example,\n\n\n\ttype FooStatus
1179 struct{\n\t // Represents the observations of a foo's
1180 current state.\n\t // Known .status.conditions.type are:
1181 \"Available\", \"Progressing\", and \"Degraded\"\n\t //
1182 +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
1183 +listType=map\n\t // +listMapKey=type\n\t Conditions
1184 []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
1185 patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
1186 \ // other fields\n\t}"
1190 lastTransitionTime is the last time the condition transitioned from one status to another.
1191 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1196 message is a human readable message indicating details about the transition.
1197 This may be an empty string.
1202 observedGeneration represents the .metadata.generation that the condition was set based upon.
1203 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
1204 with respect to the current state of the instance.
1210 reason contains a programmatic identifier indicating the reason for the condition's last transition.
1211 Producers of specific condition types may define expected values and meanings for this field,
1212 and whether the values are considered a guaranteed API.
1213 The value should be a CamelCase string.
1214 This field may not be empty.
1217 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1220 description: status of the condition, one of True, False,
1229 type of condition in CamelCase or in foo.example.com/CamelCase.
1231 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
1232 useful (see .node.status.conditions), the ability to deconflict is important.
1233 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1235 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1238 - lastTransitionTime
1246 x-kubernetes-list-map-keys:
1248 x-kubernetes-list-type: map
1251 ControllerName is an identifier of the controller to reconcile this KongLicense.
1252 Should be unique in the list of controller statuses.
1256 ControllerRef is the reference of the controller to reconcile this KongLicense.
1257 It is usually the name of (KIC/KGO) pod that reconciles it.
1261 Group is the group of referent.
1262 It should be empty if the referent is in "core" group (like pod).
1264 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1268 Kind is the kind of the referent.
1269 By default the nil kind means kind Pod.
1272 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1275 description: Name is the name of the referent.
1281 Namespace is the namespace of the referent.
1282 It should be empty if the referent is cluster scoped.
1285 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1294 x-kubernetes-list-map-keys:
1296 x-kubernetes-list-type: map
1307 apiVersion: apiextensions.k8s.io/v1
1308 kind: CustomResourceDefinition
1311 controller-gen.kubebuilder.io/version: v0.14.0
1312 name: kongplugins.configuration.konghq.com
1314 group: configuration.konghq.com
1317 - kong-ingress-controller
1319 listKind: KongPluginList
1323 singular: kongplugin
1326 - additionalPrinterColumns:
1327 - description: Name of the plugin
1332 jsonPath: .metadata.creationTimestamp
1335 - description: Indicates if the plugin is disabled
1340 - description: Configuration of the plugin
1345 - jsonPath: .status.conditions[?(@.type=="Programmed")].status
1351 description: KongPlugin is the Schema for the kongplugins API.
1355 APIVersion defines the versioned schema of this representation of an object.
1356 Servers should convert recognized schemas to the latest internal value, and
1357 may reject unrecognized values.
1358 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1362 Config contains the plugin configuration. It's a list of keys and values
1363 required to configure the plugin.
1364 Please read the documentation of the plugin being configured to set values
1365 in here. For any plugin in Kong, anything that goes in the `config` JSON
1366 key in the Admin API request, goes into this property.
1367 Only one of `config` or `configFrom` may be used in a KongPlugin, not both at once.
1369 x-kubernetes-preserve-unknown-fields: true
1372 ConfigFrom references a secret containing the plugin configuration.
1373 This should be used when the plugin configuration contains sensitive information,
1374 such as AWS credentials in the Lambda plugin or the client secret in the OIDC plugin.
1375 Only one of `config` or `configFrom` may be used in a KongPlugin, not both at once.
1378 description: Specifies a name and a key of a secret to refer to. The
1379 namespace is implicitly set to the one of referring object.
1382 description: The key containing the value.
1385 description: The secret containing the key.
1396 ConfigPatches represents JSON patches to the configuration of the plugin.
1397 Each item means a JSON patch to add something in the configuration,
1398 where path is specified in `path` and value is in `valueFrom` referencing
1400 When Config is specified, patches will be applied to the configuration in Config.
1401 Otherwise, patches will be applied to an empty object.
1404 ConfigPatch is a JSON patch (RFC6902) to add values from Secret to the generated configuration.
1405 It is an equivalent of the following patch:
1406 `{"op": "add", "path": {.Path}, "value": {.ComputedValueFrom}}`.
1409 description: Path is the JSON-Pointer value (RFC6901) that references
1410 a location within the target configuration.
1413 description: ValueFrom is the reference to a key of a secret where
1414 the patched value comes from.
1417 description: Specifies a name and a key of a secret to refer
1418 to. The namespace is implicitly set to the one of referring
1422 description: The key containing the value.
1425 description: The secret containing the key.
1440 description: ConsumerRef is a reference to a particular consumer.
1443 description: Disabled set if the plugin is disabled or not.
1447 InstanceName is an optional custom name to identify an instance of the plugin. This is useful when running the
1448 same plugin in multiple contexts, for example, on multiple services.
1452 Kind is a string value representing the REST resource this object represents.
1453 Servers may infer this from the endpoint the client submits requests to.
1456 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1462 Ordering overrides the normal plugin execution order. It's only available on Kong Enterprise.
1463 `<phase>` is a request processing phase (for example, `access` or `body_filter`) and
1464 `<plugin>` is the name of the plugin that will run before or after the KongPlugin.
1465 For example, a KongPlugin with `plugin: rate-limiting` and `before.access: ["key-auth"]`
1466 will create a rate limiting plugin that limits requests _before_ they are authenticated.
1469 additionalProperties:
1473 description: PluginOrderingPhase indicates which plugins in a phase
1474 should affect the target plugin's order
1477 additionalProperties:
1481 description: PluginOrderingPhase indicates which plugins in a phase
1482 should affect the target plugin's order
1486 description: PluginName is the name of the plugin to which to apply the
1491 Protocols configures plugin to run on requests received on specific
1495 KongProtocol is a valid Kong protocol.
1496 This alias is necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342
1509 RunOn configures the plugin to run on the first or the second or both
1510 nodes in case of a service mesh deployment.
1517 description: Status represents the current status of the KongPlugin resource.
1521 - lastTransitionTime: "1970-01-01T00:00:00Z"
1522 message: Waiting for controller
1527 Conditions describe the current conditions of the KongPluginStatus.
1530 Known condition types are:
1535 description: "Condition contains details for one aspect of the current
1536 state of this API Resource.\n---\nThis struct is intended for
1537 direct use as an array at the field path .status.conditions. For
1538 example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
1539 observations of a foo's current state.\n\t // Known .status.conditions.type
1540 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
1541 +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
1542 \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
1543 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
1544 \ // other fields\n\t}"
1548 lastTransitionTime is the last time the condition transitioned from one status to another.
1549 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1554 message is a human readable message indicating details about the transition.
1555 This may be an empty string.
1560 observedGeneration represents the .metadata.generation that the condition was set based upon.
1561 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
1562 with respect to the current state of the instance.
1568 reason contains a programmatic identifier indicating the reason for the condition's last transition.
1569 Producers of specific condition types may define expected values and meanings for this field,
1570 and whether the values are considered a guaranteed API.
1571 The value should be a CamelCase string.
1572 This field may not be empty.
1575 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1578 description: status of the condition, one of True, False, Unknown.
1586 type of condition in CamelCase or in foo.example.com/CamelCase.
1588 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
1589 useful (see .node.status.conditions), the ability to deconflict is important.
1590 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1592 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1595 - lastTransitionTime
1603 x-kubernetes-list-map-keys:
1605 x-kubernetes-list-type: map
1610 x-kubernetes-validations:
1611 - message: Using both config and configFrom fields is not allowed.
1612 rule: '!(has(self.config) && has(self.configFrom))'
1613 - message: Using both configFrom and configPatches fields is not allowed.
1614 rule: '!(has(self.configFrom) && has(self.configPatches))'
1615 - message: The plugin field is immutable
1616 rule: self.plugin == oldSelf.plugin
1622 apiVersion: apiextensions.k8s.io/v1
1623 kind: CustomResourceDefinition
1626 controller-gen.kubebuilder.io/version: v0.14.0
1628 gateway.networking.k8s.io/policy: direct
1629 name: kongupstreampolicies.configuration.konghq.com
1631 group: configuration.konghq.com
1634 - kong-ingress-controller
1635 kind: KongUpstreamPolicy
1636 listKind: KongUpstreamPolicyList
1637 plural: kongupstreampolicies
1640 singular: kongupstreampolicy
1647 KongUpstreamPolicy allows configuring algorithm that should be used for load balancing traffic between Kong
1648 Upstream's Targets. It also allows configuring health checks for Kong Upstream's Targets.
1651 Its configuration is similar to Kong Upstream object (https://docs.konghq.com/gateway/latest/admin-api/#upstream-object),
1652 and it is applied to Kong Upstream objects created by the controller.
1655 It can be attached to Services. To attach it to a Service, it has to be annotated with
1656 `konghq.com/upstream-policy: <name>`, where `<name>` is the name of the KongUpstreamPolicy
1657 object in the same namespace as the Service.
1660 When attached to a Service, it will affect all Kong Upstreams created for the Service.
1663 When attached to a Service used in a Gateway API *Route rule with multiple BackendRefs, all of its Services MUST
1664 be configured with the same KongUpstreamPolicy. Otherwise, the controller will *ignore* the KongUpstreamPolicy.
1667 Note: KongUpstreamPolicy doesn't implement Gateway API's GEP-713 strictly.
1668 In particular, it doesn't use the TargetRef for attaching to Services and Gateway API *Routes - annotations are
1669 used instead. This is to allow reusing the same KongUpstreamPolicy for multiple Services and Gateway API *Routes.
1673 APIVersion defines the versioned schema of this representation of an object.
1674 Servers should convert recognized schemas to the latest internal value, and
1675 may reject unrecognized values.
1676 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1680 Kind is a string value representing the REST resource this object represents.
1681 Servers may infer this from the endpoint the client submits requests to.
1684 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1689 description: Spec contains the configuration of the Kong upstream.
1693 Algorithm is the load balancing algorithm to use.
1694 Accepted values are: "round-robin", "consistent-hashing", "least-connections", "latency".
1697 - consistent-hashing
1703 HashOn defines how to calculate hash for consistent-hashing load balancing algorithm.
1704 Algorithm must be set to "consistent-hashing" for this field to have effect.
1707 description: Cookie is the name of the cookie to use as hash input.
1710 description: CookiePath is cookie path to set in the response
1714 description: Header is the name of the header to use as hash input.
1718 Input allows using one of the predefined inputs (ip, consumer, path).
1719 For other parametrized inputs, use one of the fields below.
1726 description: QueryArg is the name of the query argument to use
1730 description: URICapture is the name of the URI capture group to
1736 HashOnFallback defines how to calculate hash for consistent-hashing load balancing algorithm if the primary hash
1738 Algorithm must be set to "consistent-hashing" for this field to have effect.
1741 description: Cookie is the name of the cookie to use as hash input.
1744 description: CookiePath is cookie path to set in the response
1748 description: Header is the name of the header to use as hash input.
1752 Input allows using one of the predefined inputs (ip, consumer, path).
1753 For other parametrized inputs, use one of the fields below.
1760 description: QueryArg is the name of the query argument to use
1764 description: URICapture is the name of the URI capture group to
1769 description: Healthchecks defines the health check configurations
1773 description: Active configures active health check probing.
1776 description: Concurrency is the number of targets to check
1781 additionalProperties:
1785 description: Headers is a list of HTTP headers to add to the
1789 description: Healthy configures thresholds and HTTP status
1790 codes to mark targets healthy for an upstream.
1793 description: HTTPStatuses is a list of HTTP status codes
1794 that Kong considers a success.
1796 description: HTTPStatus is an HTTP status code.
1802 description: Interval is the interval between active health
1803 checks for an upstream in seconds when in a healthy
1808 description: Successes is the number of successes to consider
1814 description: HTTPPath is the path to use in GET HTTP request
1819 description: HTTPSSNI is the SNI to use in GET HTTPS request
1822 httpsVerifyCertificate:
1823 description: HTTPSVerifyCertificate is a boolean value that
1824 indicates if the certificate should be verified.
1827 description: Timeout is the probe timeout in seconds.
1832 Type determines whether to perform active health checks using HTTP or HTTPS, or just attempt a TCP connection.
1833 Accepted values are "http", "https", "tcp", "grpc", "grpcs".
1842 description: Unhealthy configures thresholds and HTTP status
1843 codes to mark targets unhealthy for an upstream.
1846 description: HTTPFailures is the number of failures to
1847 consider a target unhealthy.
1851 description: HTTPStatuses is a list of HTTP status codes
1852 that Kong considers a failure.
1854 description: HTTPStatus is an HTTP status code.
1860 description: Interval is the interval between active health
1861 checks for an upstream in seconds when in an unhealthy
1866 description: TCPFailures is the number of TCP failures
1867 in a row to consider a target unhealthy.
1871 description: Timeouts is the number of timeouts in a row
1872 to consider a target unhealthy.
1878 description: Passive configures passive health check probing.
1881 description: Healthy configures thresholds and HTTP status
1882 codes to mark targets healthy for an upstream.
1885 description: HTTPStatuses is a list of HTTP status codes
1886 that Kong considers a success.
1888 description: HTTPStatus is an HTTP status code.
1894 description: Interval is the interval between active health
1895 checks for an upstream in seconds when in a healthy
1900 description: Successes is the number of successes to consider
1907 Type determines whether to perform passive health checks interpreting HTTP/HTTPS statuses,
1908 or just check for TCP connection success.
1909 Accepted values are "http", "https", "tcp", "grpc", "grpcs".
1918 description: Unhealthy configures thresholds and HTTP status
1919 codes to mark targets unhealthy.
1922 description: HTTPFailures is the number of failures to
1923 consider a target unhealthy.
1927 description: HTTPStatuses is a list of HTTP status codes
1928 that Kong considers a failure.
1930 description: HTTPStatus is an HTTP status code.
1936 description: Interval is the interval between active health
1937 checks for an upstream in seconds when in an unhealthy
1942 description: TCPFailures is the number of TCP failures
1943 in a row to consider a target unhealthy.
1947 description: Timeouts is the number of timeouts in a row
1948 to consider a target unhealthy.
1955 Threshold is the minimum percentage of the upstream’s targets’ weight that must be available for the whole
1956 upstream to be considered healthy.
1961 Slots is the number of slots in the load balancer algorithm.
1962 If not set, the default value in Kong for the algorithm is used.
1968 description: Status defines the current state of KongUpstreamPolicy
1972 Ancestors is a list of ancestor resources (usually Gateways) that are
1973 associated with the policy, and the status of the policy with respect to
1974 each ancestor. When this policy attaches to a parent, the controller that
1975 manages the parent and the ancestors MUST add an entry to this list when
1976 the controller first sees the policy and SHOULD update the entry as
1977 appropriate when the relevant ancestor is modified.
1980 Note that choosing the relevant ancestor is left to the Policy designers;
1981 an important part of Policy design is designing the right object level at
1982 which to namespace this status.
1985 Note also that implementations MUST ONLY populate ancestor status for
1986 the Ancestor resources they are responsible for. Implementations MUST
1987 use the ControllerName field to uniquely identify the entries in this list
1988 that they are responsible for.
1991 Note that to achieve this, the list of PolicyAncestorStatus structs
1992 MUST be treated as a map with a composite key, made up of the AncestorRef
1993 and ControllerName fields combined.
1996 A maximum of 16 ancestors will be represented in this list. An empty list
1997 means the Policy is not relevant for any ancestors.
2000 If this slice is full, implementations MUST NOT add further entries.
2001 Instead they MUST consider the policy unimplementable and signal that
2002 on any related resources such as the ancestor that would be referenced
2003 here. For example, if this list was full on BackendTLSPolicy, no
2004 additional Gateways would be able to reference the Service targeted by
2005 the BackendTLSPolicy.
2008 PolicyAncestorStatus describes the status of a route with respect to an
2009 associated Ancestor.
2012 Ancestors refer to objects that are either the Target of a policy or above it
2013 in terms of object hierarchy. For example, if a policy targets a Service, the
2014 Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and
2015 the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most
2016 useful object to place Policy status on, so we recommend that implementations
2017 SHOULD use Gateway as the PolicyAncestorStatus object unless the designers
2018 have a _very_ good reason otherwise.
2021 In the context of policy attachment, the Ancestor is used to distinguish which
2022 resource results in a distinct application of this policy. For example, if a policy
2023 targets a Service, it may have a distinct result per attached Gateway.
2026 Policies targeting the same resource may have different effects depending on the
2027 ancestors of those resources. For example, different Gateways targeting the same
2028 Service may have different capabilities, especially if they have different underlying
2032 For example, in BackendTLSPolicy, the Policy attaches to a Service that is
2033 used as a backend in a HTTPRoute that is itself attached to a Gateway.
2034 In this case, the relevant object for status is the Gateway, and that is the
2035 ancestor object referred to in this status.
2038 Note that a parent is also an ancestor, so for objects where the parent is the
2039 relevant object for status, this struct SHOULD still be used.
2042 This struct is intended to be used in a slice that's effectively a map,
2043 with a composite key made up of the AncestorRef and the ControllerName.
2047 AncestorRef corresponds with a ParentRef in the spec that this
2048 PolicyAncestorStatus struct describes the status of.
2051 default: gateway.networking.k8s.io
2053 Group is the group of the referent.
2054 When unspecified, "gateway.networking.k8s.io" is inferred.
2055 To set the core API group (such as for a "Service" kind referent),
2056 Group must be explicitly set to "" (empty string).
2061 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2066 Kind is kind of the referent.
2069 There are two kinds of parent resources with "Core" support:
2072 * Gateway (Gateway conformance profile)
2073 * Service (Mesh conformance profile, experimental, ClusterIP Services only)
2076 Support for other resources is Implementation-Specific.
2079 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2083 Name is the name of the referent.
2092 Namespace is the namespace of the referent. When unspecified, this refers
2093 to the local namespace of the Route.
2096 Note that there are specific rules for ParentRefs which cross namespace
2097 boundaries. Cross-namespace references are only valid if they are explicitly
2098 allowed by something in the namespace they are referring to. For example:
2099 Gateway has the AllowedRoutes field, and ReferenceGrant provides a
2100 generic way to enable any other kind of cross-namespace reference.
2103 <gateway:experimental:description>
2104 ParentRefs from a Route to a Service in the same namespace are "producer"
2105 routes, which apply default routing rules to inbound connections from
2106 any namespace to the Service.
2109 ParentRefs from a Route to a Service in a different namespace are
2110 "consumer" routes, and these routing rules are only applied to outbound
2111 connections originating from the same namespace as the Route, for which
2112 the intended destination of the connections are a Service targeted as a
2113 ParentRef of the Route.
2114 </gateway:experimental:description>
2120 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2124 Port is the network port this Route targets. It can be interpreted
2125 differently based on the type of parent resource.
2128 When the parent resource is a Gateway, this targets all listeners
2129 listening on the specified port that also support this kind of Route(and
2130 select this Route). It's not recommended to set `Port` unless the
2131 networking behaviors specified in a Route must apply to a specific port
2132 as opposed to a listener(s) whose port(s) may be changed. When both Port
2133 and SectionName are specified, the name and port of the selected listener
2134 must match both specified values.
2137 <gateway:experimental:description>
2138 When the parent resource is a Service, this targets a specific port in the
2139 Service spec. When both Port (experimental) and SectionName are specified,
2140 the name and port of the selected port must match both specified values.
2141 </gateway:experimental:description>
2144 Implementations MAY choose to support other parent resources.
2145 Implementations supporting other types of parent resources MUST clearly
2146 document how/if Port is interpreted.
2149 For the purpose of status, an attachment is considered successful as
2150 long as the parent resource accepts it partially. For example, Gateway
2151 listeners can restrict which Routes can attach to them by Route kind,
2152 namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
2153 from the referencing Route, the Route MUST be considered successfully
2154 attached. If no Gateway listeners accept attachment from this Route,
2155 the Route MUST be considered detached from the Gateway.
2161 <gateway:experimental>
2168 SectionName is the name of a section within the target resource. In the
2169 following resources, SectionName is interpreted as the following:
2172 * Gateway: Listener Name. When both Port (experimental) and SectionName
2173 are specified, the name and port of the selected listener must match
2174 both specified values.
2175 * Service: Port Name. When both Port (experimental) and SectionName
2176 are specified, the name and port of the selected listener must match
2177 both specified values. Note that attaching Routes to Services as Parents
2178 is part of experimental Mesh support and is not supported for any other
2182 Implementations MAY choose to support attaching Routes to other resources.
2183 If that is the case, they MUST clearly document how SectionName is
2187 When unspecified (empty string), this will reference the entire resource.
2188 For the purpose of status, an attachment is considered successful if at
2189 least one section in the parent resource accepts it. For example, Gateway
2190 listeners can restrict which Routes can attach to them by Route kind,
2191 namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
2192 the referencing Route, the Route MUST be considered successfully
2193 attached. If no Gateway listeners accept attachment from this Route, the
2194 Route MUST be considered detached from the Gateway.
2200 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2206 description: Conditions describes the status of the Policy with
2207 respect to the given Ancestor.
2209 description: "Condition contains details for one aspect of
2210 the current state of this API Resource.\n---\nThis struct
2211 is intended for direct use as an array at the field path
2212 .status.conditions. For example,\n\n\n\ttype FooStatus
2213 struct{\n\t // Represents the observations of a foo's
2214 current state.\n\t // Known .status.conditions.type are:
2215 \"Available\", \"Progressing\", and \"Degraded\"\n\t //
2216 +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
2217 +listType=map\n\t // +listMapKey=type\n\t Conditions
2218 []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
2219 patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
2220 \ // other fields\n\t}"
2224 lastTransitionTime is the last time the condition transitioned from one status to another.
2225 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
2230 message is a human readable message indicating details about the transition.
2231 This may be an empty string.
2236 observedGeneration represents the .metadata.generation that the condition was set based upon.
2237 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
2238 with respect to the current state of the instance.
2244 reason contains a programmatic identifier indicating the reason for the condition's last transition.
2245 Producers of specific condition types may define expected values and meanings for this field,
2246 and whether the values are considered a guaranteed API.
2247 The value should be a CamelCase string.
2248 This field may not be empty.
2251 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2254 description: status of the condition, one of True, False,
2263 type of condition in CamelCase or in foo.example.com/CamelCase.
2265 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
2266 useful (see .node.status.conditions), the ability to deconflict is important.
2267 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
2269 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2272 - lastTransitionTime
2281 x-kubernetes-list-map-keys:
2283 x-kubernetes-list-type: map
2286 ControllerName is a domain/path string that indicates the name of the
2287 controller that wrote this status. This corresponds with the
2288 controllerName field on GatewayClass.
2291 Example: "example.net/gateway-controller".
2294 The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
2295 valid Kubernetes names
2296 (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
2299 Controllers MUST populate this field when writing status. Controllers should ensure that
2300 entries to status populated with their ControllerName are cleaned up when they are no
2304 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
2316 x-kubernetes-validations:
2317 - message: Only one of spec.hashOn.(input|cookie|header|uriCapture|queryArg)
2319 rule: 'has(self.spec.hashOn) ? [has(self.spec.hashOn.input), has(self.spec.hashOn.cookie),
2320 has(self.spec.hashOn.header), has(self.spec.hashOn.uriCapture), has(self.spec.hashOn.queryArg)].filter(fieldSet,
2321 fieldSet == true).size() <= 1 : true'
2322 - message: When spec.hashOn.cookie is set, spec.hashOn.cookiePath is required.
2323 rule: 'has(self.spec.hashOn) && has(self.spec.hashOn.cookie) ? has(self.spec.hashOn.cookiePath)
2325 - message: When spec.hashOn.cookiePath is set, spec.hashOn.cookie is required.
2326 rule: 'has(self.spec.hashOn) && has(self.spec.hashOn.cookiePath) ? has(self.spec.hashOn.cookie)
2328 - message: spec.algorithm must be set to "consistent-hashing" when spec.hashOn
2330 rule: 'has(self.spec.hashOn) ? has(self.spec.algorithm) && self.spec.algorithm
2331 == "consistent-hashing" : true'
2332 - message: Only one of spec.hashOnFallback.(input|header|uriCapture|queryArg)
2334 rule: 'has(self.spec.hashOnFallback) ? [has(self.spec.hashOnFallback.input),
2335 has(self.spec.hashOnFallback.header), has(self.spec.hashOnFallback.uriCapture),
2336 has(self.spec.hashOnFallback.queryArg)].filter(fieldSet, fieldSet == true).size()
2338 - message: spec.algorithm must be set to "consistent-hashing" when spec.hashOnFallback
2340 rule: 'has(self.spec.hashOnFallback) ? has(self.spec.algorithm) && self.spec.algorithm
2341 == "consistent-hashing" : true'
2342 - message: spec.hashOnFallback.cookie must not be set.
2343 rule: 'has(self.spec.hashOnFallback) ? !has(self.spec.hashOnFallback.cookie)
2345 - message: spec.hashOnFallback.cookiePath must not be set.
2346 rule: 'has(self.spec.hashOnFallback) ? !has(self.spec.hashOnFallback.cookiePath)
2348 - message: spec.healthchecks.passive.healthy.interval must not be set.
2349 rule: 'has(self.spec.healthchecks) && has(self.spec.healthchecks.passive)
2350 && has(self.spec.healthchecks.passive.healthy) ? !has(self.spec.healthchecks.passive.healthy.interval)
2352 - message: spec.healthchecks.passive.unhealthy.interval must not be set.
2353 rule: 'has(self.spec.healthchecks) && has(self.spec.healthchecks.passive)
2354 && has(self.spec.healthchecks.passive.unhealthy) ? !has(self.spec.healthchecks.passive.unhealthy.interval)
2356 - message: spec.hashOnFallback must not be set when spec.hashOn.cookie is
2358 rule: 'has(self.spec.hashOn) && has(self.spec.hashOn.cookie) ? !has(self.spec.hashOnFallback)
2365 apiVersion: apiextensions.k8s.io/v1
2366 kind: CustomResourceDefinition
2369 controller-gen.kubebuilder.io/version: v0.14.0
2370 name: kongvaults.configuration.konghq.com
2372 group: configuration.konghq.com
2375 - kong-ingress-controller
2377 listKind: KongVaultList
2384 - additionalPrinterColumns:
2385 - description: Name of the backend of the vault
2386 jsonPath: .spec.backend
2389 - description: Prefix of vault URI to reference the values in the vault
2390 jsonPath: .spec.prefix
2394 jsonPath: .metadata.creationTimestamp
2397 - description: Description
2398 jsonPath: .spec.description
2402 - jsonPath: .status.conditions[?(@.type=="Programmed")].status
2409 KongVault is the schema for kongvaults API which defines a custom Kong vault.
2410 A Kong vault is a storage to store sensitive data, where the values can be referenced in configuration of plugins.
2411 See: https://docs.konghq.com/gateway/latest/kong-enterprise/secrets-management/
2415 APIVersion defines the versioned schema of this representation of an object.
2416 Servers should convert recognized schemas to the latest internal value, and
2417 may reject unrecognized values.
2418 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2422 Kind is a string value representing the REST resource this object represents.
2423 Servers may infer this from the endpoint the client submits requests to.
2426 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2431 description: KongVaultSpec defines specification of a custom Kong vault.
2435 Backend is the type of the backend storing the secrets in the vault.
2436 The supported backends of Kong is listed here:
2437 https://docs.konghq.com/gateway/latest/kong-enterprise/secrets-management/backends/
2441 description: Config is the configuration of the vault. Varies for
2443 x-kubernetes-preserve-unknown-fields: true
2445 description: Description is the additional information about the vault.
2449 Prefix is the prefix of vault URI for referencing values in the vault.
2450 It is immutable after created.
2458 description: KongVaultStatus represents the current status of the KongVault
2463 - lastTransitionTime: "1970-01-01T00:00:00Z"
2464 message: Waiting for controller
2469 Conditions describe the current conditions of the KongVaultStatus.
2472 Known condition types are:
2477 description: "Condition contains details for one aspect of the current
2478 state of this API Resource.\n---\nThis struct is intended for
2479 direct use as an array at the field path .status.conditions. For
2480 example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
2481 observations of a foo's current state.\n\t // Known .status.conditions.type
2482 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
2483 +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
2484 \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
2485 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
2486 \ // other fields\n\t}"
2490 lastTransitionTime is the last time the condition transitioned from one status to another.
2491 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
2496 message is a human readable message indicating details about the transition.
2497 This may be an empty string.
2502 observedGeneration represents the .metadata.generation that the condition was set based upon.
2503 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
2504 with respect to the current state of the instance.
2510 reason contains a programmatic identifier indicating the reason for the condition's last transition.
2511 Producers of specific condition types may define expected values and meanings for this field,
2512 and whether the values are considered a guaranteed API.
2513 The value should be a CamelCase string.
2514 This field may not be empty.
2517 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2520 description: status of the condition, one of True, False, Unknown.
2528 type of condition in CamelCase or in foo.example.com/CamelCase.
2530 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
2531 useful (see .node.status.conditions), the ability to deconflict is important.
2532 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
2534 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2537 - lastTransitionTime
2545 x-kubernetes-list-map-keys:
2547 x-kubernetes-list-type: map
2554 x-kubernetes-validations:
2555 - message: The spec.prefix field is immutable
2556 rule: self.spec.prefix == oldSelf.spec.prefix
2562 apiVersion: apiextensions.k8s.io/v1
2563 kind: CustomResourceDefinition
2566 controller-gen.kubebuilder.io/version: v0.14.0
2567 name: tcpingresses.configuration.konghq.com
2569 group: configuration.konghq.com
2572 - kong-ingress-controller
2574 listKind: TCPIngressList
2575 plural: tcpingresses
2576 singular: tcpingress
2579 - additionalPrinterColumns:
2580 - description: Address of the load balancer
2581 jsonPath: .status.loadBalancer.ingress[*].ip
2585 jsonPath: .metadata.creationTimestamp
2591 description: TCPIngress is the Schema for the tcpingresses API.
2595 APIVersion defines the versioned schema of this representation of an object.
2596 Servers should convert recognized schemas to the latest internal value, and
2597 may reject unrecognized values.
2598 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2602 Kind is a string value representing the REST resource this object represents.
2603 Servers may infer this from the endpoint the client submits requests to.
2606 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2611 description: Spec is the TCPIngress specification.
2614 description: A list of rules used to configure the Ingress.
2617 IngressRule represents a rule to apply against incoming requests.
2618 Matching is performed based on an (optional) SNI and port.
2622 Backend defines the referenced service endpoint to which the traffic
2623 will be forwarded to.
2626 description: Specifies the name of the referenced service.
2630 description: Specifies the port of the referenced service.
2641 Host is the fully qualified domain name of a network host, as defined
2643 If a Host is not specified, then port-based TCP routing is performed. Kong
2644 doesn't care about the content of the TCP stream in this case.
2645 If a Host is specified, the protocol must be TLS over TCP.
2646 A plain-text TCP request cannot be routed based on Host. It can only
2647 be routed based on Port.
2651 Port is the port on which to accept TCP or TLS over TCP sessions and
2652 route. It is a required field. If a Host is not specified, the requested
2653 are routed based only on Port.
2665 TLS configuration. This is similar to the `tls` section in the
2666 Ingress resource in networking.v1beta1 group.
2667 The mapping of SNIs to TLS cert-key pair defined here will be
2668 used for HTTP Ingress rules as well. Once can define the mapping in
2669 this resource or the original Ingress resource, both have the same
2672 description: IngressTLS describes the transport layer security.
2676 Hosts are a list of hosts included in the TLS certificate. The values in
2677 this list must match the name/s used in the tlsSecret. Defaults to the
2678 wildcard host setting for the loadbalancer controller fulfilling this
2679 Ingress, if left unspecified.
2684 description: SecretName is the name of the secret used to terminate
2691 description: TCPIngressStatus defines the observed state of TCPIngress.
2694 description: LoadBalancer contains the current status of the load-balancer.
2698 Ingress is a list containing ingress points for the load-balancer.
2699 Traffic intended for the service should be sent to these ingress points.
2702 LoadBalancerIngress represents the status of a load-balancer ingress point:
2703 traffic intended for the service should be sent to an ingress point.
2707 Hostname is set for load-balancer ingress points that are DNS based
2708 (typically AWS load-balancers)
2712 IP is set for load-balancer ingress points that are IP based
2713 (typically GCE or OpenStack load-balancers)
2717 IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified.
2718 Setting this to "VIP" indicates that traffic is delivered to the node with
2719 the destination set to the load-balancer's IP and port.
2720 Setting this to "Proxy" indicates that traffic is delivered to the node or pod with
2721 the destination set to the node's IP and node port or the pod's IP and port.
2722 Service implementations may use this information to adjust traffic routing.
2726 Ports is a list of records of service ports
2727 If used, every port defined in the service should have an entry in it
2732 Error is to record the problem with the service port
2733 The format of the error shall comply with the following rules:
2734 - built-in error values shall be specified in this file and those shall use
2736 - cloud provider specific error values must have names that comply with the
2737 format foo.example.com/CamelCase.
2739 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
2741 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2744 description: Port is the port number of the service
2745 port of which status is recorded here
2751 Protocol is the protocol of the service port of which status is recorded here
2752 The supported values are: "TCP", "UDP", "SCTP"
2759 x-kubernetes-list-type: atomic
2770 apiVersion: apiextensions.k8s.io/v1
2771 kind: CustomResourceDefinition
2774 controller-gen.kubebuilder.io/version: v0.14.0
2775 name: udpingresses.configuration.konghq.com
2777 group: configuration.konghq.com
2780 - kong-ingress-controller
2782 listKind: UDPIngressList
2783 plural: udpingresses
2784 singular: udpingress
2787 - additionalPrinterColumns:
2788 - description: Address of the load balancer
2789 jsonPath: .status.loadBalancer.ingress[*].ip
2793 jsonPath: .metadata.creationTimestamp
2799 description: UDPIngress is the Schema for the udpingresses API.
2803 APIVersion defines the versioned schema of this representation of an object.
2804 Servers should convert recognized schemas to the latest internal value, and
2805 may reject unrecognized values.
2806 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2810 Kind is a string value representing the REST resource this object represents.
2811 Servers may infer this from the endpoint the client submits requests to.
2814 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2819 description: Spec is the UDPIngress specification.
2822 description: A list of rules used to configure the Ingress.
2825 UDPIngressRule represents a rule to apply against incoming requests
2826 wherein no Host matching is available for request routing, only the port
2827 is used to match requests.
2831 Backend defines the Kubernetes service which accepts traffic from the
2832 listening Port defined above.
2835 description: Specifies the name of the referenced service.
2839 description: Specifies the port of the referenced service.
2850 Port indicates the port for the Kong proxy to accept incoming traffic
2851 on, which will then be routed to the service Backend.
2863 description: UDPIngressStatus defines the observed state of UDPIngress.
2866 description: LoadBalancer contains the current status of the load-balancer.
2870 Ingress is a list containing ingress points for the load-balancer.
2871 Traffic intended for the service should be sent to these ingress points.
2874 LoadBalancerIngress represents the status of a load-balancer ingress point:
2875 traffic intended for the service should be sent to an ingress point.
2879 Hostname is set for load-balancer ingress points that are DNS based
2880 (typically AWS load-balancers)
2884 IP is set for load-balancer ingress points that are IP based
2885 (typically GCE or OpenStack load-balancers)
2889 IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified.
2890 Setting this to "VIP" indicates that traffic is delivered to the node with
2891 the destination set to the load-balancer's IP and port.
2892 Setting this to "Proxy" indicates that traffic is delivered to the node or pod with
2893 the destination set to the node's IP and node port or the pod's IP and port.
2894 Service implementations may use this information to adjust traffic routing.
2898 Ports is a list of records of service ports
2899 If used, every port defined in the service should have an entry in it
2904 Error is to record the problem with the service port
2905 The format of the error shall comply with the following rules:
2906 - built-in error values shall be specified in this file and those shall use
2908 - cloud provider specific error values must have names that comply with the
2909 format foo.example.com/CamelCase.
2911 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
2913 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2916 description: Port is the port number of the service
2917 port of which status is recorded here
2923 Protocol is the protocol of the service port of which status is recorded here
2924 The supported values are: "TCP", "UDP", "SCTP"
2931 x-kubernetes-list-type: atomic