From 694e3204c65223be916ded639008eec77aa6c5be Mon Sep 17 00:00:00 2001 From: Shane Utt Date: Tue, 4 Jan 2022 13:44:32 -0500 Subject: [PATCH] chore: make L4 match rules a list This is in order to align it better with how match rules are currently expressed using the HTTPRoute API. --- apis/v1alpha2/tcproute_types.go | 3 +- apis/v1alpha2/udproute_types.go | 3 +- apis/v1alpha2/zz_generated.deepcopy.go | 12 +- .../gateway.networking.k8s.io_tcproutes.yaml | 160 +++++++++--------- .../gateway.networking.k8s.io_udproutes.yaml | 160 +++++++++--------- .../gateway.networking.k8s.io_tcproutes.yaml | 160 +++++++++--------- .../gateway.networking.k8s.io_udproutes.yaml | 160 +++++++++--------- examples/v1alpha2/traffic-matching-tcp.yaml | 2 +- site-src/geps/gep-735.md | 2 +- 9 files changed, 346 insertions(+), 316 deletions(-) diff --git a/apis/v1alpha2/tcproute_types.go b/apis/v1alpha2/tcproute_types.go index c8ea05bb4b..82e6584b80 100644 --- a/apis/v1alpha2/tcproute_types.go +++ b/apis/v1alpha2/tcproute_types.go @@ -62,7 +62,8 @@ type TCPRouteRule struct { // Matches are rules for routing traffic to backends based on addresses. // // +optional - Matches *AddressRouteMatches `json:"matches,omitempty"` + // +kubebuilder:validation:MaxItems=16 + Matches []AddressRouteMatches `json:"matches,omitempty"` // BackendRefs defines the backend(s) where matching requests should be // sent. If unspecified or invalid (refers to a non-existent resource or a diff --git a/apis/v1alpha2/udproute_types.go b/apis/v1alpha2/udproute_types.go index fcf90e47a3..0c3a951cb7 100644 --- a/apis/v1alpha2/udproute_types.go +++ b/apis/v1alpha2/udproute_types.go @@ -62,7 +62,8 @@ type UDPRouteRule struct { // Matches add rules for filtering traffic to backends based on addresses. // // +optional - Matches *AddressRouteMatches `json:"matches,omitempty"` + // +kubebuilder:validation:MaxItems=16 + Matches []AddressRouteMatches `json:"matches,omitempty"` // BackendRefs defines the backend(s) where matching requests should be // sent. If unspecified or invalid (refers to a non-existent resource or a diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go index 59f1c130c0..2b062adbfa 100644 --- a/apis/v1alpha2/zz_generated.deepcopy.go +++ b/apis/v1alpha2/zz_generated.deepcopy.go @@ -1368,8 +1368,10 @@ func (in *TCPRouteRule) DeepCopyInto(out *TCPRouteRule) { *out = *in if in.Matches != nil { in, out := &in.Matches, &out.Matches - *out = new(AddressRouteMatches) - (*in).DeepCopyInto(*out) + *out = make([]AddressRouteMatches, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.BackendRefs != nil { in, out := &in.BackendRefs, &out.BackendRefs @@ -1618,8 +1620,10 @@ func (in *UDPRouteRule) DeepCopyInto(out *UDPRouteRule) { *out = *in if in.Matches != nil { in, out := &in.Matches, &out.Matches - *out = new(AddressRouteMatches) - (*in).DeepCopyInto(*out) + *out = make([]AddressRouteMatches, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.BackendRefs != nil { in, out := &in.BackendRefs, &out.BackendRefs diff --git a/config/crd/experimental/gateway.networking.k8s.io_tcproutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_tcproutes.yaml index 2bc5a84f3f..ed9edf31ec 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_tcproutes.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_tcproutes.yaml @@ -221,83 +221,89 @@ spec: matches: description: Matches are rules for routing traffic to backends based on addresses. - properties: - destinationAddresses: - description: "DestinationAddresses indicates the destination - network addresses which are valid for routing traffic. - \n Support: Core" - items: - description: AddressMatch defines matching rules for network - addresses by type. - properties: - type: - description: "Type of the address, either IPAddress - or NamedAddress. \n If NamedAddress is used this - is a custom and specific value for each implementation - to handle (and add validation for) according to - their own needs. \n For IPAddress the implementor - may expect either IPv4 or IPv6. \n Support: Core - (IPAddress) Support: Custom (NamedAddress)" - enum: - - IPAddress - - NamedAddress - type: string - value: - description: "Value of the address. The validity of - the values will depend on the type and support by - the controller. \n If implementations support proxy-protocol - (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) - they must respect the connection metadata from proxy-protocol - in the match logic implemented for these address - values. \n Examples: `1.2.3.4`, `128::1`, `my-named-address`. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - required: - - value - type: object - type: array - sourceAddresses: - description: "SourceAddresses indicates the originating - (source) network addresses which are valid for routing - traffic. \n Support: Core" - items: - description: AddressMatch defines matching rules for network - addresses by type. - properties: - type: - description: "Type of the address, either IPAddress - or NamedAddress. \n If NamedAddress is used this - is a custom and specific value for each implementation - to handle (and add validation for) according to - their own needs. \n For IPAddress the implementor - may expect either IPv4 or IPv6. \n Support: Core - (IPAddress) Support: Custom (NamedAddress)" - enum: - - IPAddress - - NamedAddress - type: string - value: - description: "Value of the address. The validity of - the values will depend on the type and support by - the controller. \n If implementations support proxy-protocol - (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) - they must respect the connection metadata from proxy-protocol - in the match logic implemented for these address - values. \n Examples: `1.2.3.4`, `128::1`, `my-named-address`. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - required: - - value - type: object - type: array - required: - - destinationAddresses - - sourceAddresses - type: object + items: + description: AddressRouteMatches defines AddressMatch rules + for inbound traffic according to source and/or destination + address of a packet or connection. + properties: + destinationAddresses: + description: "DestinationAddresses indicates the destination + network addresses which are valid for routing traffic. + \n Support: Core" + items: + description: AddressMatch defines matching rules for + network addresses by type. + properties: + type: + description: "Type of the address, either IPAddress + or NamedAddress. \n If NamedAddress is used this + is a custom and specific value for each implementation + to handle (and add validation for) according to + their own needs. \n For IPAddress the implementor + may expect either IPv4 or IPv6. \n Support: Core + (IPAddress) Support: Custom (NamedAddress)" + enum: + - IPAddress + - NamedAddress + type: string + value: + description: "Value of the address. The validity + of the values will depend on the type and support + by the controller. \n If implementations support + proxy-protocol (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) + they must respect the connection metadata from + proxy-protocol in the match logic implemented + for these address values. \n Examples: `1.2.3.4`, + `128::1`, `my-named-address`. \n Support: Core" + maxLength: 253 + minLength: 1 + type: string + required: + - value + type: object + type: array + sourceAddresses: + description: "SourceAddresses indicates the originating + (source) network addresses which are valid for routing + traffic. \n Support: Core" + items: + description: AddressMatch defines matching rules for + network addresses by type. + properties: + type: + description: "Type of the address, either IPAddress + or NamedAddress. \n If NamedAddress is used this + is a custom and specific value for each implementation + to handle (and add validation for) according to + their own needs. \n For IPAddress the implementor + may expect either IPv4 or IPv6. \n Support: Core + (IPAddress) Support: Custom (NamedAddress)" + enum: + - IPAddress + - NamedAddress + type: string + value: + description: "Value of the address. The validity + of the values will depend on the type and support + by the controller. \n If implementations support + proxy-protocol (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) + they must respect the connection metadata from + proxy-protocol in the match logic implemented + for these address values. \n Examples: `1.2.3.4`, + `128::1`, `my-named-address`. \n Support: Core" + maxLength: 253 + minLength: 1 + type: string + required: + - value + type: object + type: array + required: + - destinationAddresses + - sourceAddresses + type: object + maxItems: 16 + type: array type: object maxItems: 16 minItems: 1 diff --git a/config/crd/experimental/gateway.networking.k8s.io_udproutes.yaml b/config/crd/experimental/gateway.networking.k8s.io_udproutes.yaml index 0002ffb062..174cb63e30 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_udproutes.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_udproutes.yaml @@ -221,83 +221,89 @@ spec: matches: description: Matches add rules for filtering traffic to backends based on addresses. - properties: - destinationAddresses: - description: "DestinationAddresses indicates the destination - network addresses which are valid for routing traffic. - \n Support: Core" - items: - description: AddressMatch defines matching rules for network - addresses by type. - properties: - type: - description: "Type of the address, either IPAddress - or NamedAddress. \n If NamedAddress is used this - is a custom and specific value for each implementation - to handle (and add validation for) according to - their own needs. \n For IPAddress the implementor - may expect either IPv4 or IPv6. \n Support: Core - (IPAddress) Support: Custom (NamedAddress)" - enum: - - IPAddress - - NamedAddress - type: string - value: - description: "Value of the address. The validity of - the values will depend on the type and support by - the controller. \n If implementations support proxy-protocol - (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) - they must respect the connection metadata from proxy-protocol - in the match logic implemented for these address - values. \n Examples: `1.2.3.4`, `128::1`, `my-named-address`. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - required: - - value - type: object - type: array - sourceAddresses: - description: "SourceAddresses indicates the originating - (source) network addresses which are valid for routing - traffic. \n Support: Core" - items: - description: AddressMatch defines matching rules for network - addresses by type. - properties: - type: - description: "Type of the address, either IPAddress - or NamedAddress. \n If NamedAddress is used this - is a custom and specific value for each implementation - to handle (and add validation for) according to - their own needs. \n For IPAddress the implementor - may expect either IPv4 or IPv6. \n Support: Core - (IPAddress) Support: Custom (NamedAddress)" - enum: - - IPAddress - - NamedAddress - type: string - value: - description: "Value of the address. The validity of - the values will depend on the type and support by - the controller. \n If implementations support proxy-protocol - (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) - they must respect the connection metadata from proxy-protocol - in the match logic implemented for these address - values. \n Examples: `1.2.3.4`, `128::1`, `my-named-address`. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - required: - - value - type: object - type: array - required: - - destinationAddresses - - sourceAddresses - type: object + items: + description: AddressRouteMatches defines AddressMatch rules + for inbound traffic according to source and/or destination + address of a packet or connection. + properties: + destinationAddresses: + description: "DestinationAddresses indicates the destination + network addresses which are valid for routing traffic. + \n Support: Core" + items: + description: AddressMatch defines matching rules for + network addresses by type. + properties: + type: + description: "Type of the address, either IPAddress + or NamedAddress. \n If NamedAddress is used this + is a custom and specific value for each implementation + to handle (and add validation for) according to + their own needs. \n For IPAddress the implementor + may expect either IPv4 or IPv6. \n Support: Core + (IPAddress) Support: Custom (NamedAddress)" + enum: + - IPAddress + - NamedAddress + type: string + value: + description: "Value of the address. The validity + of the values will depend on the type and support + by the controller. \n If implementations support + proxy-protocol (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) + they must respect the connection metadata from + proxy-protocol in the match logic implemented + for these address values. \n Examples: `1.2.3.4`, + `128::1`, `my-named-address`. \n Support: Core" + maxLength: 253 + minLength: 1 + type: string + required: + - value + type: object + type: array + sourceAddresses: + description: "SourceAddresses indicates the originating + (source) network addresses which are valid for routing + traffic. \n Support: Core" + items: + description: AddressMatch defines matching rules for + network addresses by type. + properties: + type: + description: "Type of the address, either IPAddress + or NamedAddress. \n If NamedAddress is used this + is a custom and specific value for each implementation + to handle (and add validation for) according to + their own needs. \n For IPAddress the implementor + may expect either IPv4 or IPv6. \n Support: Core + (IPAddress) Support: Custom (NamedAddress)" + enum: + - IPAddress + - NamedAddress + type: string + value: + description: "Value of the address. The validity + of the values will depend on the type and support + by the controller. \n If implementations support + proxy-protocol (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) + they must respect the connection metadata from + proxy-protocol in the match logic implemented + for these address values. \n Examples: `1.2.3.4`, + `128::1`, `my-named-address`. \n Support: Core" + maxLength: 253 + minLength: 1 + type: string + required: + - value + type: object + type: array + required: + - destinationAddresses + - sourceAddresses + type: object + maxItems: 16 + type: array type: object maxItems: 16 minItems: 1 diff --git a/config/crd/stable/gateway.networking.k8s.io_tcproutes.yaml b/config/crd/stable/gateway.networking.k8s.io_tcproutes.yaml index 6f743aea57..910b662f39 100644 --- a/config/crd/stable/gateway.networking.k8s.io_tcproutes.yaml +++ b/config/crd/stable/gateway.networking.k8s.io_tcproutes.yaml @@ -221,83 +221,89 @@ spec: matches: description: Matches are rules for routing traffic to backends based on addresses. - properties: - destinationAddresses: - description: "DestinationAddresses indicates the destination - network addresses which are valid for routing traffic. - \n Support: Core" - items: - description: AddressMatch defines matching rules for network - addresses by type. - properties: - type: - description: "Type of the address, either IPAddress - or NamedAddress. \n If NamedAddress is used this - is a custom and specific value for each implementation - to handle (and add validation for) according to - their own needs. \n For IPAddress the implementor - may expect either IPv4 or IPv6. \n Support: Core - (IPAddress) Support: Custom (NamedAddress)" - enum: - - IPAddress - - NamedAddress - type: string - value: - description: "Value of the address. The validity of - the values will depend on the type and support by - the controller. \n If implementations support proxy-protocol - (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) - they must respect the connection metadata from proxy-protocol - in the match logic implemented for these address - values. \n Examples: `1.2.3.4`, `128::1`, `my-named-address`. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - required: - - value - type: object - type: array - sourceAddresses: - description: "SourceAddresses indicates the originating - (source) network addresses which are valid for routing - traffic. \n Support: Core" - items: - description: AddressMatch defines matching rules for network - addresses by type. - properties: - type: - description: "Type of the address, either IPAddress - or NamedAddress. \n If NamedAddress is used this - is a custom and specific value for each implementation - to handle (and add validation for) according to - their own needs. \n For IPAddress the implementor - may expect either IPv4 or IPv6. \n Support: Core - (IPAddress) Support: Custom (NamedAddress)" - enum: - - IPAddress - - NamedAddress - type: string - value: - description: "Value of the address. The validity of - the values will depend on the type and support by - the controller. \n If implementations support proxy-protocol - (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) - they must respect the connection metadata from proxy-protocol - in the match logic implemented for these address - values. \n Examples: `1.2.3.4`, `128::1`, `my-named-address`. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - required: - - value - type: object - type: array - required: - - destinationAddresses - - sourceAddresses - type: object + items: + description: AddressRouteMatches defines AddressMatch rules + for inbound traffic according to source and/or destination + address of a packet or connection. + properties: + destinationAddresses: + description: "DestinationAddresses indicates the destination + network addresses which are valid for routing traffic. + \n Support: Core" + items: + description: AddressMatch defines matching rules for + network addresses by type. + properties: + type: + description: "Type of the address, either IPAddress + or NamedAddress. \n If NamedAddress is used this + is a custom and specific value for each implementation + to handle (and add validation for) according to + their own needs. \n For IPAddress the implementor + may expect either IPv4 or IPv6. \n Support: Core + (IPAddress) Support: Custom (NamedAddress)" + enum: + - IPAddress + - NamedAddress + type: string + value: + description: "Value of the address. The validity + of the values will depend on the type and support + by the controller. \n If implementations support + proxy-protocol (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) + they must respect the connection metadata from + proxy-protocol in the match logic implemented + for these address values. \n Examples: `1.2.3.4`, + `128::1`, `my-named-address`. \n Support: Core" + maxLength: 253 + minLength: 1 + type: string + required: + - value + type: object + type: array + sourceAddresses: + description: "SourceAddresses indicates the originating + (source) network addresses which are valid for routing + traffic. \n Support: Core" + items: + description: AddressMatch defines matching rules for + network addresses by type. + properties: + type: + description: "Type of the address, either IPAddress + or NamedAddress. \n If NamedAddress is used this + is a custom and specific value for each implementation + to handle (and add validation for) according to + their own needs. \n For IPAddress the implementor + may expect either IPv4 or IPv6. \n Support: Core + (IPAddress) Support: Custom (NamedAddress)" + enum: + - IPAddress + - NamedAddress + type: string + value: + description: "Value of the address. The validity + of the values will depend on the type and support + by the controller. \n If implementations support + proxy-protocol (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) + they must respect the connection metadata from + proxy-protocol in the match logic implemented + for these address values. \n Examples: `1.2.3.4`, + `128::1`, `my-named-address`. \n Support: Core" + maxLength: 253 + minLength: 1 + type: string + required: + - value + type: object + type: array + required: + - destinationAddresses + - sourceAddresses + type: object + maxItems: 16 + type: array type: object maxItems: 16 minItems: 1 diff --git a/config/crd/stable/gateway.networking.k8s.io_udproutes.yaml b/config/crd/stable/gateway.networking.k8s.io_udproutes.yaml index 814e3cbed0..f06970684b 100644 --- a/config/crd/stable/gateway.networking.k8s.io_udproutes.yaml +++ b/config/crd/stable/gateway.networking.k8s.io_udproutes.yaml @@ -221,83 +221,89 @@ spec: matches: description: Matches add rules for filtering traffic to backends based on addresses. - properties: - destinationAddresses: - description: "DestinationAddresses indicates the destination - network addresses which are valid for routing traffic. - \n Support: Core" - items: - description: AddressMatch defines matching rules for network - addresses by type. - properties: - type: - description: "Type of the address, either IPAddress - or NamedAddress. \n If NamedAddress is used this - is a custom and specific value for each implementation - to handle (and add validation for) according to - their own needs. \n For IPAddress the implementor - may expect either IPv4 or IPv6. \n Support: Core - (IPAddress) Support: Custom (NamedAddress)" - enum: - - IPAddress - - NamedAddress - type: string - value: - description: "Value of the address. The validity of - the values will depend on the type and support by - the controller. \n If implementations support proxy-protocol - (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) - they must respect the connection metadata from proxy-protocol - in the match logic implemented for these address - values. \n Examples: `1.2.3.4`, `128::1`, `my-named-address`. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - required: - - value - type: object - type: array - sourceAddresses: - description: "SourceAddresses indicates the originating - (source) network addresses which are valid for routing - traffic. \n Support: Core" - items: - description: AddressMatch defines matching rules for network - addresses by type. - properties: - type: - description: "Type of the address, either IPAddress - or NamedAddress. \n If NamedAddress is used this - is a custom and specific value for each implementation - to handle (and add validation for) according to - their own needs. \n For IPAddress the implementor - may expect either IPv4 or IPv6. \n Support: Core - (IPAddress) Support: Custom (NamedAddress)" - enum: - - IPAddress - - NamedAddress - type: string - value: - description: "Value of the address. The validity of - the values will depend on the type and support by - the controller. \n If implementations support proxy-protocol - (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) - they must respect the connection metadata from proxy-protocol - in the match logic implemented for these address - values. \n Examples: `1.2.3.4`, `128::1`, `my-named-address`. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - required: - - value - type: object - type: array - required: - - destinationAddresses - - sourceAddresses - type: object + items: + description: AddressRouteMatches defines AddressMatch rules + for inbound traffic according to source and/or destination + address of a packet or connection. + properties: + destinationAddresses: + description: "DestinationAddresses indicates the destination + network addresses which are valid for routing traffic. + \n Support: Core" + items: + description: AddressMatch defines matching rules for + network addresses by type. + properties: + type: + description: "Type of the address, either IPAddress + or NamedAddress. \n If NamedAddress is used this + is a custom and specific value for each implementation + to handle (and add validation for) according to + their own needs. \n For IPAddress the implementor + may expect either IPv4 or IPv6. \n Support: Core + (IPAddress) Support: Custom (NamedAddress)" + enum: + - IPAddress + - NamedAddress + type: string + value: + description: "Value of the address. The validity + of the values will depend on the type and support + by the controller. \n If implementations support + proxy-protocol (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) + they must respect the connection metadata from + proxy-protocol in the match logic implemented + for these address values. \n Examples: `1.2.3.4`, + `128::1`, `my-named-address`. \n Support: Core" + maxLength: 253 + minLength: 1 + type: string + required: + - value + type: object + type: array + sourceAddresses: + description: "SourceAddresses indicates the originating + (source) network addresses which are valid for routing + traffic. \n Support: Core" + items: + description: AddressMatch defines matching rules for + network addresses by type. + properties: + type: + description: "Type of the address, either IPAddress + or NamedAddress. \n If NamedAddress is used this + is a custom and specific value for each implementation + to handle (and add validation for) according to + their own needs. \n For IPAddress the implementor + may expect either IPv4 or IPv6. \n Support: Core + (IPAddress) Support: Custom (NamedAddress)" + enum: + - IPAddress + - NamedAddress + type: string + value: + description: "Value of the address. The validity + of the values will depend on the type and support + by the controller. \n If implementations support + proxy-protocol (see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) + they must respect the connection metadata from + proxy-protocol in the match logic implemented + for these address values. \n Examples: `1.2.3.4`, + `128::1`, `my-named-address`. \n Support: Core" + maxLength: 253 + minLength: 1 + type: string + required: + - value + type: object + type: array + required: + - destinationAddresses + - sourceAddresses + type: object + maxItems: 16 + type: array type: object maxItems: 16 minItems: 1 diff --git a/examples/v1alpha2/traffic-matching-tcp.yaml b/examples/v1alpha2/traffic-matching-tcp.yaml index 72b4986c60..0d5095640a 100644 --- a/examples/v1alpha2/traffic-matching-tcp.yaml +++ b/examples/v1alpha2/traffic-matching-tcp.yaml @@ -5,7 +5,7 @@ metadata: spec: rules: - matches: - sourceAddresses: + - sourceAddresses: - value: "192.168.1.1" - value: "FE80::0202:B3FF:FE1E:8329" destinationAddresses: diff --git a/site-src/geps/gep-735.md b/site-src/geps/gep-735.md index 81bb1fa847..63693fb7bc 100644 --- a/site-src/geps/gep-735.md +++ b/site-src/geps/gep-735.md @@ -125,7 +125,7 @@ metadata: spec: rules: - matches: - sourceAddresses: + - sourceAddresses: - value: "192.168.1.1" - value: "FE80::0202:B3FF:FE1E:8329" - type: NamedAddress