github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-08 11:38:15 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #121405 from alexzielenski/apiserver/apiextensions/ratcheting-benchmarks

Browse Source 
KEP-4008: CRDValidationRatcheting: Add Benchmarks
This commit is contained in:
Kubernetes Prow Robot 2023-10-28 00:53:46 +02:00 committed by GitHub
commit 7310ea0628
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
80 changed files with 8901 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

241
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test.go
View File

@ -22,18 +22,27 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"io"
"io/fs"
"os"
"path/filepath"
"strings" "strings"
"testing" "testing"
"time" "time"
jsonpatch "github.com/evanphx/json-patch" jsonpatch "github.com/evanphx/json-patch"
apiextensionsinternal "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
structuralschema "k8s.io/apiextensions-apiserver/pkg/apiserver/schema"
apiservervalidation "k8s.io/apiextensions-apiserver/pkg/apiserver/validation"
"k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
"k8s.io/apiextensions-apiserver/pkg/features" "k8s.io/apiextensions-apiserver/pkg/features"
"k8s.io/apiextensions-apiserver/pkg/registry/customresource"
"k8s.io/apiextensions-apiserver/test/integration/fixtures" "k8s.io/apiextensions-apiserver/test/integration/fixtures"
apierrors "k8s.io/apimachinery/pkg/api/errors" apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/uuid" "k8s.io/apimachinery/pkg/util/uuid"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
@ -41,6 +50,8 @@ import (
utilfeature "k8s.io/apiserver/pkg/util/feature" utilfeature "k8s.io/apiserver/pkg/util/feature"
"k8s.io/client-go/dynamic" "k8s.io/client-go/dynamic"
featuregatetesting "k8s.io/component-base/featuregate/testing" featuregatetesting "k8s.io/component-base/featuregate/testing"
"k8s.io/kube-openapi/pkg/validation/spec"
"k8s.io/kube-openapi/pkg/validation/strfmt"
) )
var stringSchema *apiextensionsv1.JSONSchemaProps = &apiextensionsv1.JSONSchemaProps{ var stringSchema *apiextensionsv1.JSONSchemaProps = &apiextensionsv1.JSONSchemaProps{
@ -1664,3 +1675,233 @@ func TestRatchetingFunctionality(t *testing.T) {
func ptr[T any](v T) *T { func ptr[T any](v T) *T {
return &v return &v
} }
type validator func(new, old *unstructured.Unstructured)
func newValidator(customResourceValidation *apiextensionsinternal.JSONSchemaProps, kind schema.GroupVersionKind, namespaceScoped bool) (validator, error) {
// Replicate customResourceStrategy validation
openapiSchema := &spec.Schema{}
if customResourceValidation != nil {
// TODO: replace with NewStructural(...).ToGoOpenAPI
if err := apiservervalidation.ConvertJSONSchemaPropsWithPostProcess(customResourceValidation, openapiSchema, apiservervalidation.StripUnsupportedFormatsPostProcess); err != nil {
return nil, err
}
}
schemaValidator := apiservervalidation.NewRatchetingSchemaValidator(
openapiSchema,
nil,
"",
strfmt.Default)
sts, err := structuralschema.NewStructural(customResourceValidation)
if err != nil {
return nil, err
}
strategy := customresource.NewStrategy(
nil, // No need for typer, since only using validation
namespaceScoped,
kind,
schemaValidator,
nil, // No status schema validator
sts,
nil, // No need for status
nil, // No need for scale
)
return func(new, old *unstructured.Unstructured) {
_ = strategy.ValidateUpdate(context.TODO(), new, old)
}, nil
}
// Recursively walks the provided directory and parses the YAML files into
// unstructured objects. If there are more than one object in a single file,
// they are all added to the returned slice.
func loadObjects(dir string) []*unstructured.Unstructured {
result := []*unstructured.Unstructured{}
err := filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
if err != nil {
return err
} else if d.IsDir() {
return nil
} else if filepath.Ext(d.Name()) != ".yaml" {
return nil
}
// Read the file in as []byte
data, err := os.ReadFile(path)
if err != nil {
return err
}
decoder := utilyaml.NewYAMLOrJSONDecoder(bytes.NewReader(data), 4096)
// Split the data by YAML drame
for {
parsed := &unstructured.Unstructured{}
if err := decoder.Decode(parsed); err != nil {
if errors.Is(err, io.EOF) {
break
}
return err
}
result = append(result, parsed)
}
return nil
})
if err != nil {
panic(err)
}
return result
}
func BenchmarkRatcheting(b *testing.B) {
// Walk directory with CRDs, for each file parse YAML with multiple CRDs in it.
// Keep track in a map a validator for each unique gvk
crdObjects := loadObjects("ratcheting_test_cases/crds")
invalidFiles := loadObjects("ratcheting_test_cases/invalid")
validFiles := loadObjects("ratcheting_test_cases/valid")
// Create a validator for each GVK.
validators := map[schema.GroupVersionKind]validator{}
for _, crd := range crdObjects {
parsed := apiextensionsv1.CustomResourceDefinition{}
if err := runtime.DefaultUnstructuredConverter.FromUnstructured(crd.Object, &parsed); err != nil {
b.Fatalf("Failed to parse CRD %v", err)
return
}
for _, v := range parsed.Spec.Versions {
gvk := schema.GroupVersionKind{
Group: parsed.Spec.Group,
Version: v.Name,
Kind: parsed.Spec.Names.Kind,
}
// Create structural schema from v.Schema.OpenAPIV3Schema
internalValidation := &apiextensionsinternal.CustomResourceValidation{}
if err := apiextensionsv1.Convert_v1_CustomResourceValidation_To_apiextensions_CustomResourceValidation(v.Schema, internalValidation, nil); err != nil {
b.Fatal(fmt.Errorf("failed converting CRD validation to internal version: %v", err))
return
}
validator, err := newValidator(internalValidation.OpenAPIV3Schema, gvk, parsed.Spec.Scope == apiextensionsv1.NamespaceScoped)
if err != nil {
b.Fatal(err)
return
}
validators[gvk] = validator
}
}
// Organize all the files by GVK.
gvksToValidFiles := map[schema.GroupVersionKind][]*unstructured.Unstructured{}
gvksToInvalidFiles := map[schema.GroupVersionKind][]*unstructured.Unstructured{}
for _, valid := range validFiles {
gvk := valid.GroupVersionKind()
gvksToValidFiles[gvk] = append(gvksToValidFiles[gvk], valid)
}
for _, invalid := range invalidFiles {
gvk := invalid.GroupVersionKind()
gvksToInvalidFiles[gvk] = append(gvksToInvalidFiles[gvk], invalid)
}
// Remove any GVKs for which we dont have both valid and invalid files.
for gvk := range gvksToValidFiles {
if _, ok := gvksToInvalidFiles[gvk]; !ok {
delete(gvksToValidFiles, gvk)
}
}
for gvk := range gvksToInvalidFiles {
if _, ok := gvksToValidFiles[gvk]; !ok {
delete(gvksToInvalidFiles, gvk)
}
}
type pair struct {
old *unstructured.Unstructured
new *unstructured.Unstructured
}
// For each valid file, match it with every invalid file of the same GVK
validXValidPairs := []pair{}
validXInvalidPairs := []pair{}
invalidXInvalidPairs := []pair{}
for gvk, valids := range gvksToValidFiles {
for _, validOld := range valids {
for _, validNew := range gvksToValidFiles[gvk] {
validXValidPairs = append(validXValidPairs, pair{old: validOld, new: validNew})
}
}
}
for gvk, valids := range gvksToValidFiles {
for _, valid := range valids {
for _, invalid := range gvksToInvalidFiles[gvk] {
validXInvalidPairs = append(validXInvalidPairs, pair{old: valid, new: invalid})
}
}
}
// For each invalid file, add pair with every other invalid file of the same
// GVK including itself
for gvk, invalids := range gvksToInvalidFiles {
for _, invalid := range invalids {
for _, invalid2 := range gvksToInvalidFiles[gvk] {
invalidXInvalidPairs = append(invalidXInvalidPairs, pair{old: invalid, new: invalid2})
}
}
}
// For each pair, run the ratcheting algorithm on the update.
//
for _, ratchetingEnabled := range []bool{true, false} {
name := "RatchetingEnabled"
if !ratchetingEnabled {
name = "RatchetingDisabled"
}
b.Run(name, func(b *testing.B) {
defer featuregatetesting.SetFeatureGateDuringTest(b, utilfeature.DefaultFeatureGate, features.CRDValidationRatcheting, ratchetingEnabled)()
b.ResetTimer()
do := func(pairs []pair) {
for _, pair := range pairs {
// Create a validator for the GVK of the valid object.
validator, ok := validators[pair.old.GroupVersionKind()]
if !ok {
b.Log("No validator for GVK", pair.old.GroupVersionKind())
continue
}
// Run the ratcheting algorithm on the update.
// Don't care about result for benchmark
validator(pair.old, pair.new)
}
}
b.Run("ValidXValid", func(b *testing.B) {
for i := 0; i < b.N; i++ {
do(validXValidPairs)
}
})
b.Run("ValidXInvalid", func(b *testing.B) {
for i := 0; i < b.N; i++ {
do(validXInvalidPairs)
}
})
b.Run("InvalidXInvalid", func(b *testing.B) {
for i := 0; i < b.N; i++ {
do(invalidXInvalidPairs)
}
})
})
}
}

7166
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/crds/standard-install.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

13
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/gateway/duplicate-listeners.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: duplicate-listeners
spec:
gatewayClassName: acme-lb
listeners:
- name: same
protocol: HTTP
port: 80
- name: same
protocol: HTTP
port: 443

11
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/gateway/hostname-tcp.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: hostname-tcp
spec:
gatewayClassName: acme-lb
listeners:
- name: example
hostname: example.com
protocol: TCP
port: 80

11
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/gateway/hostname-udp.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: hostname-udp
spec:
gatewayClassName: acme-lb
listeners:
- name: example
hostname: example.com
protocol: UDP
port: 80

28
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/gateway/invalid-addresses.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: invalid-addresses
spec:
gatewayClassName: acme-lb
addresses:
- value: 1200:0000:::AB00:1234:0000:2552:7777:1313
- value: 21DA:D3:0:2F3B:2AY:FF:FE28:9C5A
- value: "2001:db8:3c4d:15:0:d234:3eee:"
- value: "2001:db8:3c4d:15:0:d234:3eee:::"
- value: ":::1234::"
- value: "1.1.1"
- value: "1.a.3.4"
- value: "foo.com"
- type: IPAddress
value: "256.255.255.255"
- type: "Hostname"
value: "foo.com:80"
- type: "example.com/custom"
value: "anything goes"
listeners:
- protocol: HTTP
port: 80
name: prod-web-gw
allowedRoutes:
namespaces:
from: Same

10
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/gateway/invalid-listener-name.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: invalid-listener-name
spec:
gatewayClassName: acme-lb
listeners:
- name: bad>
protocol: HTTP
port: 80

10
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/gateway/invalid-listener-port.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: invalid-listener-port
spec:
gatewayClassName: acme-lb
listeners:
- name: foo
protocol: HTTP
port: 123456789

16
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/gateway/tlsconfig-tcp.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: tlsconfig-tcp
spec:
gatewayClassName: acme-lb
listeners:
- name: example
protocol: TCP
port: 443
tls:
certificateRefs:
- kind: Secret
group: ""
name: bar-example-com-cert

6
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/gatewayclass/invalid-controller.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: GatewayClass
metadata:
name: invalid-controller
spec:
controllerName: example

12
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/duplicate-header-match.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: duplicate-header-match
spec:
rules:
- matches:
- headers:
- name: foo
value: bar
- name: foo
value: bar

12
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/duplicate-query-match.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: duplicate-query-match
spec:
rules:
- matches:
- queryParams:
- name: foo
value: bar
- name: foo
value: bar

10
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/httproute-portless-backend.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: portless-backend
spec:
parentRefs:
- name: prod-web
rules:
- backendRefs:
- name: foo

12
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/httproute-portless-service.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: portless-service
spec:
parentRefs:
- name: prod-web
rules:
- backendRefs:
- name: foo
kind: Service
group: ""

10
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/invalid-backend-group.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: invalid-backend-group
spec:
rules:
- backendRefs:
- group: "*"
name: foo
port: 80

10
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/invalid-backend-kind.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: invalid-backend-kind
spec:
rules:
- backendRefs:
- kind: "*"
name: foo
port: 80

9
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/invalid-backend-port.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: invalid-backend-port
spec:
rules:
- backendRefs:
- name: my-service1
port: 800080

12
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/invalid-filter-duplicate-header.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: invalid-filter-duplicate-header
spec:
rules:
- filters:
- type: RequestHeaderModifier
requestHeaderModifier:
remove:
- foo
- foo

18
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/invalid-filter-duplicate.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: invalid-filter-duplicate
spec:
rules:
- filters:
- type: RequestHeaderModifier
requestHeaderModifier:
add:
- name: my-header
value: foo
- type: RequestHeaderModifier
requestHeaderModifier:
add:
- name: my-header
value: bar

8
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/invalid-filter-empty.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: invalid-filter-empty
spec:
rules:
- filters:
- type: RequestHeaderModifier

11
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/invalid-filter-wrong-field.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: invalid-filter-wrong-field
spec:
rules:
- filters:
- type: RequestHeaderModifier
requestRedirect:
port: 443

11
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/invalid-header-name.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: invalid-header-name
spec:
rules:
- matches:
- headers:
- type: Exact
name: magic/
value: foo

10
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/invalid-hostname.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: invalid-hostname
spec:
hostnames:
- http://a<
rules:
- backendRefs:
- name: foo

14
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/invalid-httredirect-hostname.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: invalid-backend-port
spec:
rules:
- backendRefs:
- name: my-service
port: 8080
filters:
- type: RequestRedirect
requestRedirect:
hostname: "*.gateway.networking.k8s.io"

8
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/invalid-method.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: invalid-method
spec:
rules:
- matches:
- method: NOTREAL

10
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/invalid-path-alphanum-specialchars-mix.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: invalid-path-alphanum-specialchars-mix
spec:
rules:
- matches:
- path:
type: PathPrefix
value: /my[/]path01

10
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/invalid-path-specialchars.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: invalid-path-specialchars
spec:
rules:
- matches:
- path:
type: PathPrefix
value: /[]

16
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/httproute/invalid-request-redirect-with-backendref.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-filter-rewrite
spec:
hostnames:
- rewrite.example
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
backendRefs:
- name: example-svc
port: 80

8
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/referencegrant/missing-from.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
name: missing-from
spec:
to:
- group: ""
kind: "Service"

11
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/referencegrant/missing-ns.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
name: missing-ns
spec:
to:
- group: ""
kind: "Service"
from:
- group: "gateway.networking.k8s.io"
kind: "HTTPRoute"

9
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/invalid/referencegrant/missing-to.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
name: missing-to
spec:
from:
- group: ""
kind: "Service"
namespace: "example"

11
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/0-namespaces.yaml Normal file
View File

@ -0,0 +1,11 @@
# These namespaces can be used for examples without recreating them each time.
---
apiVersion: v1
kind: Namespace
metadata:
name: gateway-api-example-ns1
---
apiVersion: v1
kind: Namespace
metadata:
name: gateway-api-example-ns2

57
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/basic-http.yaml Normal file
View File

@ -0,0 +1,57 @@
#$ Used in:
#$ - site-src/api-types/httproute.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: GatewayClass
metadata:
name: acme-lb
spec:
controllerName: acme.io/gateway-controller
parametersRef:
name: acme-lb
group: acme.io
kind: Parameters
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: my-gateway
spec:
gatewayClassName: acme-lb
listeners: # Use GatewayClass defaults for listener definition.
- name: http
protocol: HTTP
port: 80
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-app-1
spec:
parentRefs:
- name: my-gateway
hostnames:
- "foo.com"
rules:
- matches:
- path:
type: PathPrefix
value: /bar
backendRefs:
- name: my-service1
port: 8080
- matches:
- headers:
- type: Exact
name: magic
value: foo
queryParams:
- type: Exact
name: great
value: example
path:
type: PathPrefix
value: /some/thing
method: GET
backendRefs:
- name: my-service2
port: 8080

27
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/cross-namespace-routing/0-namespaces.yaml Normal file
View File

@ -0,0 +1,27 @@
#$ Used in:
#$ - site-src/guides/multiple-ns.md
apiVersion: v1
kind: Namespace
metadata:
name: infra-ns
labels:
shared-gateway-access: "true"
---
apiVersion: v1
kind: Namespace
metadata:
name: site-ns
labels:
shared-gateway-access: "true"
---
apiVersion: v1
kind: Namespace
metadata:
name: store-ns
labels:
shared-gateway-access: "true"
---
apiVersion: v1
kind: Namespace
metadata:
name: no-external-access

23
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/cross-namespace-routing/gateway.yaml Normal file
View File

@ -0,0 +1,23 @@
#$ Used in:
#$ - site-src/guides/multiple-ns.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: shared-gateway
namespace: infra-ns
spec:
gatewayClassName: shared-gateway-class
listeners:
- name: https
hostname: "foo.example.com"
protocol: HTTPS
port: 443
allowedRoutes:
namespaces:
from: Selector
selector:
matchLabels:
shared-gateway-access: "true"
tls:
certificateRefs:
- name: foo-example-com

36
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/cross-namespace-routing/site-route.yaml Normal file
View File

@ -0,0 +1,36 @@
#$ Used in:
#$ - site-src/guides/multiple-ns.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: home
namespace: site-ns
spec:
parentRefs:
- name: shared-gateway
namespace: infra-ns
rules:
- backendRefs:
- name: home
port: 8080
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: login
namespace: site-ns
spec:
parentRefs:
- name: shared-gateway
namespace: infra-ns
rules:
- matches:
- path:
value: /login
backendRefs:
- name: login-v1
port: 8080
weight: 90
- name: login-v2
port: 8080
weight: 10

18
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/cross-namespace-routing/store-route.yaml Normal file
View File

@ -0,0 +1,18 @@
#$ Used in:
#$ - site-src/guides/multiple-ns.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: store
namespace: store-ns
spec:
parentRefs:
- name: shared-gateway
namespace: infra-ns
rules:
- matches:
- path:
value: /store
backendRefs:
- name: store
port: 8080

51
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/default-match-http.yaml Normal file
View File

@ -0,0 +1,51 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: GatewayClass
metadata:
name: default-match-example
spec:
controllerName: acme.io/gateway-controller
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: default-match-gw
spec:
gatewayClassName: default-match-example
listeners:
- name: http
protocol: HTTP
port: 80
---
# This HTTPRoute demonstrates patch match defaulting. If no path match is
# specified, CRD defaults adds a default PathPrefix match on the path "/". This
# matches every HTTP request and ensures that route rules always have at
# least one valid match.
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: default-match-route
labels:
app: default-match
spec:
parentRefs:
- name: default-match-gw
hostnames:
- default-match.com
rules:
- matches:
- headers:
- type: Exact
name: magic
value: default-match
backendRefs:
- group: acme.io
kind: CustomBackend
name: my-custom-resource
port: 8080
- matches:
- path:
type: Exact
value: /example/exact
backendRefs:
- name: my-service-2
port: 8080

27
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/gateway-addresses.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: gateway-addresses
spec:
gatewayClassName: acme-lb
addresses:
- value: 1200:0000:AB00:1234:0000:2552:7777:1313
- value: 21DA:D3:0:2F3B:2AA:FF:FE28:9C5A
- value: "2001:db8:3c4d:15:0:d234:3eee::"
- value: "1234::"
- value: "1.1.1.1"
- value: "1.2.3.4"
- value: "0.0.0.0"
- value: "9.255.255.255"
- value: "11.0.0.0"
- type: IPAddress
value: "255.255.255.255"
- type: "Hostname"
value: "example.com"
listeners:
- protocol: HTTP
port: 80
name: prod-web-gw
allowedRoutes:
namespaces:
from: Same

20
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-filter.yaml Normal file
View File

@ -0,0 +1,20 @@
#$ Used in:
#$ - site-src/api-types/httproute.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-filter-1
spec:
hostnames:
- my.filter.com
rules:
- filters:
- type: RequestHeaderModifier
requestHeaderModifier:
add:
- name: my-header
value: foo
backendRefs:
- name: my-filter-svc1
weight: 1
port: 80

18
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-redirect-path.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-filter-1
namespace: gateway-api-example-ns1
spec:
parentRefs:
- name: my-filter-gateway
sectionName: http
hostnames:
- my-filter.example.com
rules:
- filters:
- type: RequestRedirect
requestRedirect:
path:
type: ReplaceFullPath
replaceFullPath: /foo

21
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-redirect-rewrite/httproute-redirect-full.yaml Normal file
View File

@ -0,0 +1,21 @@
#$ Used in:
#$ - site-src/api-types/httproute.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-filter-redirect
spec:
hostnames:
- redirect.example
rules:
- matches:
- path:
type: PathPrefix
value: /cayenne
filters:
- type: RequestRedirect
requestRedirect:
path:
type: ReplaceFullPath
replaceFullPath: /paprika
statusCode: 302

15
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-redirect-rewrite/httproute-redirect-https.yaml Normal file
View File

@ -0,0 +1,15 @@
#$ Used in:
#$ - site-src/api-types/httproute.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-filter-redirect
spec:
hostnames:
- redirect.example
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301

21
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-redirect-rewrite/httproute-redirect-prefix.yaml Normal file
View File

@ -0,0 +1,21 @@
#$ Used in:
#$ - site-src/api-types/httproute.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-filter-redirect
spec:
hostnames:
- redirect.example
rules:
- matches:
- path:
type: PathPrefix
value: /cayenne
filters:
- type: RequestRedirect
requestRedirect:
path:
type: ReplacePrefixMatch
replacePrefixMatch: /paprika
statusCode: 302

25
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-redirect-rewrite/httproute-rewrite-path.yaml Normal file
View File

@ -0,0 +1,25 @@
#$ Used in:
#$ - site-src/api-types/httproute.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-filter-rewrite
spec:
hostnames:
- rewrite.example
rules:
- matches:
- path:
type: PathPrefix
value: /cardamom
filters:
- type: URLRewrite
urlRewrite:
hostname: elsewhere.example
path:
type: ReplaceFullPath
replaceFullPath: /fennel
backendRefs:
- name: example-svc
weight: 1
port: 80

18
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-redirect-rewrite/httproute-rewrite.yaml Normal file
View File

@ -0,0 +1,18 @@
#$ Used in:
#$ - site-src/api-types/httproute.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-filter-rewrite
spec:
hostnames:
- rewrite.example
rules:
- filters:
- type: URLRewrite
urlRewrite:
hostname: elsewhere.example
backendRefs:
- name: example-svc
weight: 1
port: 80

21
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-redirect-rewrite/httproute-rewritepath.yaml Normal file
View File

@ -0,0 +1,21 @@
#$ Used in:
#$ - site-src/api-types/httproute.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-filter-rewrite
spec:
hostnames:
- rewrite.example
rules:
- filters:
- type: URLRewrite
urlRewrite:
hostname: elsewhere.example
path:
type: ReplacePrefixMatch
replacePrefixMatch: /fennel
backendRefs:
- name: example-svc
weight: 1
port: 80

73
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-redirect.yaml Normal file
View File

@ -0,0 +1,73 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: GatewayClass
metadata:
name: filter-lb
spec:
controllerName: acme.io/gateway-controller
parametersRef:
name: acme-lb
group: acme.io
kind: Parameters
---
apiVersion: v1
kind: Namespace
metadata:
name: gateway-api-example-ns1
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: my-filter-gateway
namespace: gateway-api-example-ns1
spec:
gatewayClassName: filter-lb
listeners:
- name: http
protocol: HTTP
port: 80
- name: https
protocol: HTTPS
port: 443
tls:
certificateRefs:
- kind: Secret
group: ""
name: example-com-cert
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-filter-1
namespace: gateway-api-example-ns1
spec:
parentRefs:
- name: my-filter-gateway
sectionName: http
hostnames:
- my-filter.example.com
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-filter-2
namespace: gateway-api-example-ns1
spec:
parentRefs:
- name: my-filter-gateway
sectionName: https
hostnames:
- my-filter.example.com
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: my-filter-svc1
weight: 1
port: 80

21
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-request-header-add.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: header-http-echo
spec:
parentRefs:
- name: acme-gw
rules:
- matches:
- path:
type: PathPrefix
value: /add-a-request-header
filters:
- type: RequestHeaderModifier
requestHeaderModifier:
add:
- name: my-header-name
value: my-header-value
backendRefs:
- name: echo
port: 8080

20
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-request-header-remove.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: header-http-echo
spec:
parentRefs:
- name: acme-gw
rules:
- matches:
- path:
type: PathPrefix
value: /remove-a-request-header
filters:
- type: RequestHeaderModifier
requestHeaderModifier:
remove:
- x-request-id
backendRefs:
- name: echo
port: 8080

21
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-request-header-set.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: header-http-echo
spec:
parentRefs:
- name: acme-gw
rules:
- matches:
- path:
type: PathPrefix
value: /edit-a-request-header
filters:
- type: RequestHeaderModifier
requestHeaderModifier:
set:
- name: my-header-name
value: my-new-header-value
backendRefs:
- name: echo
port: 8080

18
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-rewrite.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: http-filter-1
namespace: gateway-api-example-ns1
spec:
parentRefs:
- name: my-filter-gateway
sectionName: http
hostnames:
- my-filter.example.com
rules:
- filters:
- type: URLRewrite
urlRewrite:
path:
type: ReplaceFullPath
replaceFullPath: /foo

21
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-route-attachment/gateway-namespaces.yaml Normal file
View File

@ -0,0 +1,21 @@
#$ Used in:
#$ - site-src/concepts/api-overview.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: prod-gateway
namespace: gateway-api-example-ns1
spec:
gatewayClassName: foo-lb
listeners:
- name: prod-web
port: 80
protocol: HTTP
allowedRoutes:
kinds:
- kind: HTTPRoute
namespaces:
from: Selector
selector:
matchLabels:
expose-apps: "true"

23
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-route-attachment/gateway-strict.yaml Normal file
View File

@ -0,0 +1,23 @@
#$ Used in:
#$ - site-src/concepts/api-overview.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: foo-gateway
namespace: gateway-api-example-ns1
spec:
gatewayClassName: foo-lb
listeners:
- name: prod-web
port: 80
protocol: HTTP
allowedRoutes:
kinds:
- kind: HTTPRoute
namespaces:
from: Selector
selector:
matchLabels:
# This label is added automatically as of K8s 1.22
# to all namespaces
kubernetes.io/metadata.name: gateway-api-example-ns2

16
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-route-attachment/httproute.yaml Normal file
View File

@ -0,0 +1,16 @@
#$ Used in:
#$ - site-src/concepts/api-overview.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: my-route
namespace: gateway-api-example-ns2
spec:
parentRefs:
- kind: Gateway
name: foo-gateway
namespace: gateway-api-example-ns1
rules:
- backendRefs:
- name: foo-svc
port: 8080

23
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-routing/bar-httproute.yaml Normal file
View File

@ -0,0 +1,23 @@
#$ Used in:
#$ - site-src/guides/http-routing.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: bar-route
spec:
parentRefs:
- name: example-gateway
hostnames:
- "bar.example.com"
rules:
- matches:
- headers:
- type: Exact
name: env
value: canary
backendRefs:
- name: bar-svc-canary
port: 8080
- backendRefs:
- name: bar-svc
port: 8080

19
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-routing/foo-httproute.yaml Normal file
View File

@ -0,0 +1,19 @@
#$ Used in:
#$ - site-src/guides/http-routing.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: foo-route
spec:
parentRefs:
- name: example-gateway
hostnames:
- "foo.example.com"
rules:
- matches:
- path:
type: PathPrefix
value: /login
backendRefs:
- name: foo-svc
port: 8080

26
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/http-routing/gateway.yaml Normal file
View File

@ -0,0 +1,26 @@
#$ Used in:
#$ - site-src/guides/http-routing.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: example-gateway
spec:
gatewayClassName: example-gateway-class
listeners:
- name: http
protocol: HTTP
port: 80
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: example-route
spec:
parentRefs:
- name: example-gateway
hostnames:
- "example.com"
rules:
- backendRefs:
- name: example-svc
port: 80

28
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/httproute.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: my-app
spec:
rules:
- matches:
- path:
type: PathPrefix
value: /mypath
backendRefs:
- name: my-service-1
port: 8080
- matches:
- path:
type: PathPrefix
value: /mypath-012
backendRefs:
- name: my-service-2
port: 8080
- matches:
- path:
type: PathPrefix
value: /my%20path/123
backendRefs:
- name: my-service-3
port: 8080

9
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/multicluster/0-namespaces.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Namespace
metadata:
name: foo
---
apiVersion: v1
kind: Namespace
metadata:
name: bar

19
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/multicluster/httproute-gamma.yaml Normal file
View File

@ -0,0 +1,19 @@
#$ Used in:
#$ - geps/gep-1748.md
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
name: store
spec:
parentRefs:
- group: multicluster.x-k8s.io
kind: ServiceImport
name: store
rules:
- matches:
- path:
value: "/cart"
backendRefs:
- group: multicluster.x-k8s.io
kind: ServiceImport
name: cart

20
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/multicluster/httproute-hybrid.yaml Normal file
View File

@ -0,0 +1,20 @@
#$ Used in:
#$ - geps/gep-1748.md
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
name: store
spec:
parentRefs:
- name: external-http
rules:
- backendRefs:
- kind: Service
name: store
port: 8080
weight: 90
- group: multicluster.x-k8s.io
kind: ServiceImport
name: store-global
port: 8080
weight: 10

33
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/multicluster/httproute-location.yaml Normal file
View File

@ -0,0 +1,33 @@
#$ Used in:
#$ - geps/gep-1748.md
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
name: store
spec:
parentRefs:
- name: external-http
rules:
- matches:
- path:
type: PathPrefix
value: /west
backendRefs:
- group: multicluster.x-k8s.io
kind: ServiceImport
name: store-west
port: 8080
- matches:
- path:
type: PathPrefix
value: /east
backendRefs:
- group: multicluster.x-k8s.io
kind: ServiceImport
name: store-east
port: 8080
- backendRefs:
- group: multicluster.x-k8s.io
kind: ServiceImport
name: store
port: 8080

24
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/multicluster/httproute-method.yaml Normal file
View File

@ -0,0 +1,24 @@
#$ Used in:
#$ - geps/gep-1748.md
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
name: api
spec:
parentRefs:
- name: api-gw
rules:
- matches:
- method: POST
- method: PUT
- method: DELETE
backendRefs:
- group: multicluster.x-k8s.io
kind: ServiceImport
name: api-primary
port: 8080
- backendRefs:
- group: multicluster.x-k8s.io
kind: ServiceImport
name: api-replicas
port: 8080

32
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/multicluster/httproute-referencegrant.yaml Normal file
View File

@ -0,0 +1,32 @@
#$ Used in:
#$ - geps/gep-1748.md
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
name: foo
namespace: foo
spec:
rules:
- matches:
- path:
type: PathPrefix
value: /bar
backendRefs:
- group: multicluster.x-k8s.io
kind: ServiceImport
name: bar
namespace: bar
---
kind: ReferenceGrant
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
name: bar
namespace: bar
spec:
from:
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: foo
to:
- group: multicluster.x-k8s.io
kind: ServiceImport

15
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/multicluster/httproute-simple.yaml Normal file
View File

@ -0,0 +1,15 @@
#$ Used in:
#$ - geps/gep-1748.md
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
name: store
spec:
parentRefs:
- name: external-http
rules:
- backendRefs:
- group: multicluster.x-k8s.io
kind: ServiceImport
name: store
port: 8080

14
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/reference-grant.yaml Normal file
View File

@ -0,0 +1,14 @@
#$ Used in:
#$ - site-src/concepts/security-model.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
name: allow-prod-traffic
spec:
from:
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: prod
to:
- group: ""
kind: Service

16
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/simple-gateway/gateway.yaml Normal file
View File

@ -0,0 +1,16 @@
#$ Used in:
#$ - site-src/guides/traffic-splitting.md
#$ - site-src/guides/simple-gateway.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: prod-web
spec:
gatewayClassName: acme-lb
listeners:
- protocol: HTTP
port: 80
name: prod-web-gw
allowedRoutes:
namespaces:
from: Same

14
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/simple-gateway/httproute.yaml Normal file
View File

@ -0,0 +1,14 @@
#$ Used in:
#$ - site-src/guides/simple-gateway.md
#$ - site-src/blog/2021/introducing-v1beta1.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: foo
spec:
parentRefs:
- name: prod-web
rules:
- backendRefs:
- name: foo-svc
port: 8080

18
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/simple-http-https/bar-route.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: bar
spec:
parentRefs:
- name: example-gateway
sectionName: https
hostnames:
- bar.example.com
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: bar-app
port: 80

25
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/simple-http-https/foo-route.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: foo
spec:
parentRefs:
- name: example-gateway
sectionName: https
hostnames:
- foo.example.com
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: foo-app
port: 80
- matches:
- path:
type: PathPrefix
value: /orders
backendRefs:
- name: foo-orders-app
port: 80

20
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/simple-http-https/gateway.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: example-gateway
spec:
gatewayClassName: prod
listeners:
- name: http
port: 80
protocol: HTTP
hostname: "*.example.com"
- name: https
port: 443
protocol: HTTPS
hostname: "*.example.com"
tls:
mode: Terminate
certificateRefs:
- kind: Secret
name: example-com

17
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/simple-http-https/tls-redirect-route.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: tls-redirect
spec:
parentRefs:
- name: example-gateway
sectionName: http
hostnames:
- foo.example.com
- bar.example.com
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
port: 443

27
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/tls-basic.yaml Normal file
View File

@ -0,0 +1,27 @@
#$ Used in:
#$ - site-src/guides/tls.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: tls-basic
spec:
gatewayClassName: acme-lb
listeners:
- name: foo-https
protocol: HTTPS
port: 443
hostname: foo.example.com
tls:
certificateRefs:
- kind: Secret
group: ""
name: foo-example-com-cert
- name: bar-https
protocol: HTTPS
port: 443
hostname: bar.example.com
tls:
certificateRefs:
- kind: Secret
group: ""
name: bar-example-com-cert

34
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/tls-cert-cross-namespace.yaml Normal file
View File

@ -0,0 +1,34 @@
#$ Used in:
#$ - site-src/v1alpha2/guides/tls.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: cross-namespace-tls-gateway
namespace: gateway-api-example-ns1
spec:
gatewayClassName: acme-lb
listeners:
- name: https
protocol: HTTPS
port: 443
hostname: "*.example.com"
tls:
certificateRefs:
- kind: Secret
group: ""
name: wildcard-example-com-cert
namespace: gateway-api-example-ns2
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
name: allow-ns1-gateways-to-ref-secrets
namespace: gateway-api-example-ns2
spec:
from:
- group: gateway.networking.k8s.io
kind: Gateway
namespace: gateway-api-example-ns1
to:
- group: ""
kind: Secret

15
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/traffic-splitting/simple-split.yaml Normal file
View File

@ -0,0 +1,15 @@
#$ Used in:
#$ - site-src/guides/traffic-splitting.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: simple-split
spec:
rules:
- backendRefs:
- name: foo-v1
port: 8080
weight: 90
- name: foo-v2
port: 8080
weight: 10

22
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/traffic-splitting/traffic-split-1.yaml Normal file
View File

@ -0,0 +1,22 @@
#$ Used in:
#$ - site-src/guides/traffic-splitting.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: foo-route
labels:
gateway: prod-web-gw
spec:
hostnames:
- foo.example.com
rules:
- backendRefs:
- name: foo-v1
port: 8080
- matches:
- headers:
- name: traffic
value: test
backendRefs:
- name: foo-v2
port: 8080

20
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/traffic-splitting/traffic-split-2.yaml Normal file
View File

@ -0,0 +1,20 @@
#$ Used in:
#$ - site-src/guides/traffic-splitting.md
#$ - site-src/api-types/httproute.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: foo-route
labels:
gateway: prod-web-gw
spec:
hostnames:
- foo.example.com
rules:
- backendRefs:
- name: foo-v1
port: 8080
weight: 90
- name: foo-v2
port: 8080
weight: 10

19
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/traffic-splitting/traffic-split-3.yaml Normal file
View File

@ -0,0 +1,19 @@
#$ Used in:
#$ - site-src/guides/traffic-splitting.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: foo-route
labels:
gateway: prod-web-gw
spec:
hostnames:
- foo.example.com
rules:
- backendRefs:
- name: foo-v1
port: 8080
weight: 0
- name: foo-v2
port: 8080
weight: 1

27
staging/src/k8s.io/apiextensions-apiserver/test/integration/ratcheting_test_cases/valid/wildcard-tls-gateway.yaml Normal file
View File

@ -0,0 +1,27 @@
#$ Used in:
#$ - site-src/guides/tls.md
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: wildcard-tls-gateway
spec:
gatewayClassName: acme-lb
listeners:
- name: foo-https
protocol: HTTPS
port: 443
hostname: foo.example.com
tls:
certificateRefs:
- kind: Secret
group: ""
name: foo-example-com-cert
- name: wildcard-https
protocol: HTTPS
port: 443
hostname: "*.example.com"
tls:
certificateRefs:
- kind: Secret
group: ""
name: wildcard-example-com-cert