×

Specification

Property Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

.spec

Description

spec holds user settable values for configuration

Type

object

Property Type Description

appsDomain

string

appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate.

componentRoutes

array

componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list. To determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes.

componentRoutes[]

object

ComponentRouteSpec allows for configuration of a route’s hostname and serving certificate.

domain

string

domain is used to generate a default host name for a route when the route’s host name is empty. The generated host name will follow this pattern: "<route-name>.<route-namespace>.<domain>". It is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: "*.<domain>". Once set, changing domain is not currently supported.

requiredHSTSPolicies

array

requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission. A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: "haproxy.router.openshift.io/hsts_header" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route’s admission status. - If the candidate route doesn’t match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation. The HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.

requiredHSTSPolicies[]

object

.spec.componentRoutes

Description

componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list. To determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes.

Type

array

.spec.componentRoutes[]

Description

ComponentRouteSpec allows for configuration of a route’s hostname and serving certificate.

Type

object

Required
  • hostname

  • name

  • namespace

Property Type Description

hostname

string

hostname is the hostname that should be used by the route.

name

string

name is the logical name of the route to customize. The namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.

namespace

string

namespace is the namespace of the route to customize. The namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.

servingCertKeyPairSecret

object

servingCertKeyPairSecret is a reference to a secret of type kubernetes.io/tls in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.

.spec.componentRoutes[].servingCertKeyPairSecret

Description

servingCertKeyPairSecret is a reference to a secret of type kubernetes.io/tls in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.

Type

object

Required
  • name

Property Type Description

name

string

name is the metadata.name of the referenced secret

.spec.requiredHSTSPolicies

Description

requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission. A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: "haproxy.router.openshift.io/hsts_header" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route’s admission status. - If the candidate route doesn’t match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation. The HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.

Type

array

.spec.requiredHSTSPolicies[]

Description
Type

object

Required
  • domainPatterns

Property Type Description

domainPatterns

array (string)

domainPatterns is a list of domains for which the desired HSTS annotations are required. If domainPatterns is specified and a route is created with a spec.host matching one of the domains, the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy. The use of wildcards is allowed like this: .foo.com matches everything under foo.com. foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both.

includeSubDomainsPolicy

string

includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host’s domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com

maxAge

object

maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client.

namespaceSelector

object

namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.

preloadPolicy

string

preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent).

.spec.requiredHSTSPolicies[].maxAge

Description

maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client.

Type

object

Property Type Description

largestMaxAge

integer

The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age This value can be left unspecified, in which case no upper limit is enforced.

smallestMaxAge

integer

The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary tool for administrators to quickly correct mistakes. This value can be left unspecified, in which case no lower limit is enforced.

.spec.requiredHSTSPolicies[].namespaceSelector

Description

namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.

Type

object

Property Type Description

matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchExpressions[]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

matchLabels

object (string)

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

.spec.requiredHSTSPolicies[].namespaceSelector.matchExpressions

Description

matchExpressions is a list of label selector requirements. The requirements are ANDed.

Type

array

.spec.requiredHSTSPolicies[].namespaceSelector.matchExpressions[]

Description

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Type

object

Required
  • key

  • operator

Property Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

array (string)

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

.status

Description

status holds observed values from the cluster. They may not be overridden.

Type

object

Property Type Description

componentRoutes

array

componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.

componentRoutes[]

object

ComponentRouteStatus contains information allowing configuration of a route’s hostname and serving certificate.

defaultPlacement

string

defaultPlacement is set at installation time to control which nodes will host the ingress router pods by default. The options are control-plane nodes or worker nodes. This field works by dictating how the Cluster Ingress Operator will consider unset replicas and nodePlacement fields in IngressController resources when creating the corresponding Deployments. See the documentation for the IngressController replicas and nodePlacement fields for more information. When omitted, the default value is Workers

.status.componentRoutes

Description

componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.

Type

array

.status.componentRoutes[]

Description

ComponentRouteStatus contains information allowing configuration of a route’s hostname and serving certificate.

Type

object

Required
  • defaultHostname

  • name

  • namespace

  • relatedObjects

Property Type Description

conditions

array

conditions are used to communicate the state of the componentRoutes entry. Supported conditions include Available, Degraded and Progressing. If available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured. If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect. If Progressing is true, that means the component is taking some action related to the componentRoutes entry.

conditions[]

object

Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo’s current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions" // other fields }

consumingUsers

array (string)

consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret.

currentHostnames

array (string)

currentHostnames is the list of current names used by the route. Typically, this list should consist of a single hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list.

defaultHostname

string

defaultHostname is the hostname of this route prior to customization.

name

string

name is the logical name of the route to customize. It does not have to be the actual name of a route resource but it cannot be renamed. The namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.

namespace

string

namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace ensures that no two components will conflict and the same component can be installed multiple times. The namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.

relatedObjects

array

relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied.

relatedObjects[]

object

ObjectReference contains enough information to let you inspect or modify the referred object.

.status.componentRoutes[].conditions

Description