From c1abb2b58b33e1350b713f3030325b00f6181c5c Mon Sep 17 00:00:00 2001 From: David Jumani Date: Tue, 28 Oct 2025 11:36:52 -0400 Subject: [PATCH 1/6] Add conformance details to ListenerSets (GEP-1713) --- geps/gep-1713/index.md | 78 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/geps/gep-1713/index.md b/geps/gep-1713/index.md index db9f765159..61c4135870 100644 --- a/geps/gep-1713/index.md +++ b/geps/gep-1713/index.md @@ -969,3 +969,81 @@ Prior Discussions: Gateway Hierarchy Brainstorming: - https://docs.google.com/document/d/1qj7Xog2t2fWRuzOeTsWkabUaVeOF7_2t_7appe8EXwA/edit + +## Conformance Details + +A new Gateway Conformance (Extended) feature will be added +``` + // SupportGatewayListenerSet option indicates support for a Gateway + // with ListenerSets + SupportGatewayListenerSet FeatureName = "GatewayListenerSet" +``` +They will validate the following scenarios : +1. ListenerSet is not allowed on the parent Gateway + - `Gateway.spec.allowedListeners` is not specified (defaults to None) + - `Gateway.spec.allowedListeners.namespaces.from` is set to `None` + In both cases, the ListenerSet is not accepted and the request on the ListenerSet port fails. +1. A listener on the ListenerSet has a protocol conflict with a listener on the Gateway + - The conflicting listener on the Gateway is accepted based on the [Listener Precedence](#listener-precedence) with the appropriate status conditions and messages. + - The conflicting listener on the ListenerSet is not accepted with the appropriate status conditions and messages. + - The request to the conflicting listener on the Gateway succeeds. + - The request to the conflicting listener on the ListenerSet fails. +1. A listener on a ListenerSet has a protocol conflict with a listener on another ListenerSet + - The conflicting listener on the older ListenerSet is accepted based on the [Listener Precedence](#listener-precedence) with the appropriate status conditions and messages. + - The conflicting listener on the newer ListenerSet is not accepted with the appropriate status conditions and messages. + - The request to the conflicting listener on the older ListenerSet succeeds. + - The request to the conflicting listener on the newer ListenerSet fails. +1. A listener on the ListenerSet has a hostname conflict with a listener on the Gateway + - The conflicting listener on the Gateway is accepted based on the [Listener Precedence](#listener-precedence) with the appropriate status conditions and messages. + - The conflicting listener on the ListenerSet is not accepted with the appropriate status conditions and messages. + - The request to the conflicting listener on the Gateway succeeds. + - The request to the conflicting listener on the ListenerSet fails. +1. A listener on a ListenerSet has a hostname conflict with a listener on another ListenerSet + - The conflicting listener on the older ListenerSet is accepted based on the [Listener Precedence](#listener-precedence) with the appropriate status conditions and messages. + - The conflicting listener on the newer ListenerSet is not accepted with the appropriate status conditions and messages. + - The request to the conflicting listener on the older ListenerSet succeeds. + - The request to the conflicting listener on the newer ListenerSet fails. +1. ListenerSets are allowed only from the same namespace as the parent Gateway (Validates `Gateway.spec.allowedListeners.namespaces.from`) + - `Gateway.spec.allowedListeners.namespaces.from` is set to `Same` + - The ListenerSet in the same namespace as the parent gateway is accepted. + - The request to the listener on the accepted ListenerSet succeeds. + - A ListenerSet in a different namespace is not accepted with the appropriate status. + - The request to the listener on the rejected ListenerSet fails. +1. ListenerSets are allowed from namespaces that have the appropriate labels + - `Gateway.spec.allowedListeners.namespaces.selector` is set to match a specific namespace's labels + - The ListenerSet in the namespace matched by the selector is accepted. + - The request to the listener on the accepted ListenerSet succeeds. + - A ListenerSet in the namespace not matched by the selector is not accepted with the appropriate status. + - The request to the listener on the rejected ListenerSet fails. +1. A listener on a ListenerSet without a defined port + - The listener must have the appropriate status set depending on whether the implementation supports dynamic port assignment. + - If the implementation supports dynamic port assignment, the request to the listener must succeed. +1. A listener on a ListenerSet with a missing ReferenceGrant + - The listener on the ListenerSet references a secret without a ReferenceGrant. + - The listener must not be accepted with the appropriate status. + - The request to the listener on the rejected ListenerSet fails. +1. A listener on a ListenerSet with a ReferenceGrant for the parent Gateway + - The listener on the ListenerSet references a secret the parent Gateway has access to. + - The listener on the ListenerSet must not be accepted with the appropriate status. + - The request to the listener on the rejected ListenerSet fails. +1. A listener on a ListenerSet allows routes from the same namespace as the ListenerSet + - The route in the same namespace as the ListenerSet is accepted. + - The request to the accepted route succeeds. + - The route in a different namespace as the ListenerSet is rejected. + - The request to the rejected route fails. +1. A listener on a ListenerSet allows routes from namespaces that have the appropriate labels + - The route in the namespace that matches the given labels is accepted. + - The request to the accepted route succeeds. + - The route in the namespace that does not match the given labels is rejected. + - The request to the rejected route fails. +1. A listener on a ListenerSet allows only specific route kinds + - The route that belongs to the list of specified RouteGroupKind is accepted. + - The request to the accepted route succeeds. + - The route that does not belong to the list of specified RouteGroupKind is rejected. + - The request to the rejected route fails. +1. Valid ListenerSet attached to a Gateway that allows it + - The gateway allows attaching ListenerSets. + - The ListenerSet is valid and allows routes. + - The ListenerSet is accepted and has the appropriate status and `attachedRoutes` count. + - The request to the listener on the ListenerSet succeeds. + From b4bc6e832753bb620d7a17b2f4919d76c5dd454c Mon Sep 17 00:00:00 2001 From: David Jumani Date: Wed, 29 Oct 2025 10:30:57 -0400 Subject: [PATCH 2/6] add conditions --- geps/gep-1713/index.md | 312 ++++++++++++++++++++++++++++++++++------- 1 file changed, 262 insertions(+), 50 deletions(-) diff --git a/geps/gep-1713/index.md b/geps/gep-1713/index.md index 61c4135870..073b58db52 100644 --- a/geps/gep-1713/index.md +++ b/geps/gep-1713/index.md @@ -49,7 +49,7 @@ The feature will be part of the experimental channel, which implementations can This proposal introduces a new `ListenerSet` resource that has the ability to attach a set of listeners to multiple parent `Gateways`. -**Note**: While this API is experimental, its `Kind` will be `XListenerSet` and +**Note**: While this API is experimental, its `Kind` will be `XListenerSet` and once the API is gratuated to stable it will be renamed to `ListenerSet`. ### Go @@ -121,15 +121,15 @@ type ListenerSetSpec struct { // // Regarding Conflict Management, Listeners in a ListenerSet follow the same // rules of Listeners on a Gateway resource. - // - // Listener validation should happen within all of the ListenerSets attached to a - // Gateway, and the precedence of "parent Gateway" -> "oldest first" -> + // + // Listener validation should happen within all of the ListenerSets attached to a + // Gateway, and the precedence of "parent Gateway" -> "oldest first" -> // "alphabetically ordered" should be respected. - // - // ListenerSets containing conflicting Listeners MUST set the Conflicted + // + // ListenerSets containing conflicting Listeners MUST set the Conflicted // Condition to true and clearly indicate which Listeners are conflicted. // - // + // // +listType=map // +listMapKey=name // +kubebuilder:validation:MinItems=1 @@ -345,7 +345,7 @@ type ParentGatewayReference struct { ### YAML -The following example shows a `Gateway` with an HTTP listener and two child HTTPS `ListenerSets` with unique hostnames and certificates. +The following example shows a `Gateway` with an HTTP listener and two child HTTPS `ListenerSets` with unique hostnames and certificates. Only `ListenerSets` from the same namespace of the `Gateway` will be accepted: ```yaml @@ -536,9 +536,9 @@ spec: #### Gateway parents and sectionName -If a `sectionName` in a Route's `parentRef` is not set then the Route MUST attach to only the listeners in the referenced parent. As an example given a `Gateway` and it's child `ListenerSets` a route attaching to the `Gateway` with an empty `sectionName` shall only attach to the listeners in the `Gateways` immediate `spec.listeners` list. +If a `sectionName` in a Route's `parentRef` is not set then the Route MUST attach to only the listeners in the referenced parent. As an example given a `Gateway` and it's child `ListenerSets` a route attaching to the `Gateway` with an empty `sectionName` shall only attach to the listeners in the `Gateways` immediate `spec.listeners` list. -In other words, the Route MUST attach just to the Gateway listeners specified on `.spec.listeners` and MUST NOT not attach to any listeners in the child `ListenerSets` +In other words, the Route MUST attach just to the Gateway listeners specified on `.spec.listeners` and MUST NOT not attach to any listeners in the child `ListenerSets` of the `Gateway`. This is necessary because, for UX reasons, the `name` field does not have to be unique across all Listeners merged into a Gateway (see the section below for details). @@ -587,7 +587,7 @@ metadata: spec: parentRefs: # No SectionName is set on this parentRef - - name: some-workload-listeners + - name: some-workload-listeners kind: Gateway ``` @@ -688,15 +688,15 @@ Conflicts are covered in the section [Listener and ListenerSet conflicts](#liste ListenerSet conflicts should be managed similarly to [Gateway resource conflict](https://github.com/kubernetes-sigs/gateway-api/blob/372a5b06624cff12117f41dcd26c08cb1def22e7/apis/v1/gateway_types.go#L76) management. -With ListenerSet this validation should happen within the same ListenerSet resource, -but MUST be validated also within a Gateway scope and all of the attached Listeners/ListenerSets. -The SectionName field is an exception for this validation, and while it should +With ListenerSet this validation should happen within the same ListenerSet resource, +but MUST be validated also within a Gateway scope and all of the attached Listeners/ListenerSets. +The SectionName field is an exception for this validation, and while it should not conflict within the same ListenerSet, it can be duplicated between different ListenerSets. -This means that the validation should happen now between distinct ListenerSets -attached to the same Gateway, and in case of a conflict, the [Listener Precedence](#listener-precedence) -should be respected, so the first Listener on the precedence list MUST be accepted, -and should not have a `Conflicted` condition, while the conflicting listeners +This means that the validation should happen now between distinct ListenerSets +attached to the same Gateway, and in case of a conflict, the [Listener Precedence](#listener-precedence) +should be respected, so the first Listener on the precedence list MUST be accepted, +and should not have a `Conflicted` condition, while the conflicting listeners MUST have a `Conflicted` condition set to True and with an explicit reason on its message. Following are some examples of a conflict situation: @@ -752,7 +752,7 @@ spec: The ListenerSet `user-listenerset` should be marked as Conflicted, as the `parent-gateway` has a listener definition called `foo` that conflicts with the ListenetSet definition -called `myapp`. The conflict happens because hostname is the same on both `ListenerSet` +called `myapp`. The conflict happens because hostname is the same on both `ListenerSet` but they use different termination TLS certificates: ```yaml @@ -783,7 +783,7 @@ status: The following example represents a conflict between two ListenerSets on distinct namespaces. The controller should avoid setting any Condition that exposes information -from other users, but still provide meaningful information of why a ListenerSet +from other users, but still provide meaningful information of why a ListenerSet was not accepted @@ -835,9 +835,9 @@ spec: name: other-app-cert ``` -In this case, there's a conflict as both users are setting the same hostname and -port on distinct Listeners. In this case, because the ListenerSet `user02/listenerset2` -is older, it will be accepted while `user01/listenerset1` should not be accepted, +In this case, there's a conflict as both users are setting the same hostname and +port on distinct Listeners. In this case, because the ListenerSet `user02/listenerset2` +is older, it will be accepted while `user01/listenerset1` should not be accepted, and receive a `Conflicted=True` condition. The status of ListenerSets can be defined as the following: @@ -982,68 +982,280 @@ They will validate the following scenarios : 1. ListenerSet is not allowed on the parent Gateway - `Gateway.spec.allowedListeners` is not specified (defaults to None) - `Gateway.spec.allowedListeners.namespaces.from` is set to `None` - In both cases, the ListenerSet is not accepted and the request on the ListenerSet port fails. + + In both cases, the ListenerSet is not accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | False | NotAllowed | + + The parent gateway has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | AttachedListenerSets | False | ListenerSetsNotAllowed | + | AttachedListeners | 0 | | + + The request on the ListenerSet port fails. + 1. A listener on the ListenerSet has a protocol conflict with a listener on the Gateway - - The conflicting listener on the Gateway is accepted based on the [Listener Precedence](#listener-precedence) with the appropriate status conditions and messages. - - The conflicting listener on the ListenerSet is not accepted with the appropriate status conditions and messages. + - The conflicting listener on the Gateway is accepted based on the [Listener Precedence](#listener-precedence) with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Conflicted | False | NoConflicts | + + - The parent gateway has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | AttachedListenerSets | True | ListenerSetsAttached | + | AttachedListeners | // total number of child listenerSets // | | + + - The conflicting listener on the ListenerSet is not accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Conflicted | True | ProtocolConflict | + + - The ListenerSet has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | True | ListenersNotValid | + - The request to the conflicting listener on the Gateway succeeds. - The request to the conflicting listener on the ListenerSet fails. + 1. A listener on a ListenerSet has a protocol conflict with a listener on another ListenerSet - - The conflicting listener on the older ListenerSet is accepted based on the [Listener Precedence](#listener-precedence) with the appropriate status conditions and messages. - - The conflicting listener on the newer ListenerSet is not accepted with the appropriate status conditions and messages. + - The conflicting listener on the older ListenerSet is accepted based on the [Listener Precedence](#listener-precedence) with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Conflicted | False | NoConflicts | + + - The older ListenerSet has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | True | // any reason // | + + - The conflicting listener on the newer ListenerSet is not accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Conflicted | True | ProtocolConflict | + + - The newer ListenerSet has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | True | ListenersNotValid | + + - The parent gateway has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | AttachedListenerSets | True | ListenerSetsAttached | + | AttachedListeners | // total number of child listenerSets // | | + - The request to the conflicting listener on the older ListenerSet succeeds. - The request to the conflicting listener on the newer ListenerSet fails. + 1. A listener on the ListenerSet has a hostname conflict with a listener on the Gateway - - The conflicting listener on the Gateway is accepted based on the [Listener Precedence](#listener-precedence) with the appropriate status conditions and messages. - - The conflicting listener on the ListenerSet is not accepted with the appropriate status conditions and messages. + - The conflicting listener on the Gateway is accepted based on the [Listener Precedence](#listener-precedence) with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Conflicted | False | NoConflicts | + + - The conflicting listener on the ListenerSet is not accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Conflicted | True | HostnameConflict | + + - The ListenerSet has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | True | ListenersNotValid | + + - The parent gateway has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | AttachedListenerSets | True | ListenerSetsAttached | + | AttachedListeners | // total number of child listenerSets // | | + - The request to the conflicting listener on the Gateway succeeds. - The request to the conflicting listener on the ListenerSet fails. + 1. A listener on a ListenerSet has a hostname conflict with a listener on another ListenerSet - - The conflicting listener on the older ListenerSet is accepted based on the [Listener Precedence](#listener-precedence) with the appropriate status conditions and messages. - - The conflicting listener on the newer ListenerSet is not accepted with the appropriate status conditions and messages. + - The conflicting listener on the older ListenerSet is accepted based on the [Listener Precedence](#listener-precedence) with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Conflicted | False | NoConflicts | + + - The older ListenerSet has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | True | // any reason // | + + - The conflicting listener on the newer ListenerSet is not accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Conflicted | True | HostnameConflict | + + - The newer ListenerSet has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | True | ListenersNotValid | + + - The parent gateway has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | AttachedListenerSets | True | ListenerSetsAttached | + | AttachedListeners | // total number of child listenerSets // | | + - The request to the conflicting listener on the older ListenerSet succeeds. - The request to the conflicting listener on the newer ListenerSet fails. + 1. ListenerSets are allowed only from the same namespace as the parent Gateway (Validates `Gateway.spec.allowedListeners.namespaces.from`) - `Gateway.spec.allowedListeners.namespaces.from` is set to `Same` - - The ListenerSet in the same namespace as the parent gateway is accepted. + - The ListenerSet in the same namespace as the parent gateway is accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | True | // any reason // | + + - A ListenerSet in a different namespace is not accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | False | NotAllowed | + + - The parent gateway has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | AttachedListenerSets | True | ListenerSetsAttached | + | AttachedListeners | 1 | | + - The request to the listener on the accepted ListenerSet succeeds. - - A ListenerSet in a different namespace is not accepted with the appropriate status. - The request to the listener on the rejected ListenerSet fails. + 1. ListenerSets are allowed from namespaces that have the appropriate labels - `Gateway.spec.allowedListeners.namespaces.selector` is set to match a specific namespace's labels - - The ListenerSet in the namespace matched by the selector is accepted. + - The ListenerSet in the namespace matched by the selector is accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | True | // any reason // | + + - A ListenerSet in the namespace not matched by the selector is not accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | False | NotAllowed | + + - The parent gateway has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | AttachedListenerSets | True | ListenerSetsAttached | + | AttachedListeners | 1 | | + - The request to the listener on the accepted ListenerSet succeeds. - - A ListenerSet in the namespace not matched by the selector is not accepted with the appropriate status. - The request to the listener on the rejected ListenerSet fails. + 1. A listener on a ListenerSet without a defined port - - The listener must have the appropriate status set depending on whether the implementation supports dynamic port assignment. - - If the implementation supports dynamic port assignment, the request to the listener must succeed. + - If the implementation supports dynamic port assignment : + - The listener must have the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Port | // unique port value // | | + | Accepted | True | // any reason // | + + - The parent gateway has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | AttachedListenerSets | True | ListenerSetsAttached | + | AttachedListeners | 1 | | + + - The request to the ListenerSet port must succeed. + + - If the implementation does not support dynamic port assignment : + - The listener must have the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | False | UnsupportedPort | + + - The parent gateway has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | AttachedListenerSets | True | ListenerSetsAttached | + | AttachedListeners | 1 | | + + - The request to the ListenerSet port must not succeed. + 1. A listener on a ListenerSet with a missing ReferenceGrant - The listener on the ListenerSet references a secret without a ReferenceGrant. - - The listener must not be accepted with the appropriate status. - - The request to the listener on the rejected ListenerSet fails. + + - The listener must not be accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | ResolvedRefs | False | RefNotPermitted | + + - The request to the listener on the ListenerSet fails. + 1. A listener on a ListenerSet with a ReferenceGrant for the parent Gateway - The listener on the ListenerSet references a secret the parent Gateway has access to. - - The listener on the ListenerSet must not be accepted with the appropriate status. - - The request to the listener on the rejected ListenerSet fails. + + - The listener must not be accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | ResolvedRefs | False | RefNotPermitted | + + - The request to the listener on the ListenerSet fails. + 1. A listener on a ListenerSet allows routes from the same namespace as the ListenerSet - - The route in the same namespace as the ListenerSet is accepted. + - The route in the same namespace as the ListenerSet is accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | True | // any reason // | + - The request to the accepted route succeeds. - - The route in a different namespace as the ListenerSet is rejected. + + - The route in a different namespace as the ListenerSet is rejected with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | False | NotAllowedByListeners | + - The request to the rejected route fails. + 1. A listener on a ListenerSet allows routes from namespaces that have the appropriate labels - - The route in the namespace that matches the given labels is accepted. + - The route in the namespace that matches the given labels is accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | True | // any reason // | + - The request to the accepted route succeeds. - - The route in the namespace that does not match the given labels is rejected. + + - The route in the namespace that does not match the given labels is rejected with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | False | NotAllowedByListeners | + - The request to the rejected route fails. + 1. A listener on a ListenerSet allows only specific route kinds - - The route that belongs to the list of specified RouteGroupKind is accepted. + - The route that belongs to the list of specified RouteGroupKind is accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | True | // any reason // | + - The request to the accepted route succeeds. - - The route that does not belong to the list of specified RouteGroupKind is rejected. + - The route that does not belong to the list of specified RouteGroupKind is rejected with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | False | NotAllowedByListeners | + - The request to the rejected route fails. + 1. Valid ListenerSet attached to a Gateway that allows it - The gateway allows attaching ListenerSets. - The ListenerSet is valid and allows routes. - - The ListenerSet is accepted and has the appropriate status and `attachedRoutes` count. - - The request to the listener on the ListenerSet succeeds. + - The ListenerSet is accepted and has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | True | // any reason // | + | AttachedRoutes | // total number of attached routes //| | + + - The parent gateway has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | AttachedListenerSets | True | ListenerSetsAttached | + | AttachedListeners | 1 | | + + - The request to the listener on the ListenerSet succeeds. From d7a814377e2cec4d2b043442ea63911ffd02e883 Mon Sep 17 00:00:00 2001 From: David Jumani Date: Wed, 29 Oct 2025 10:50:30 -0400 Subject: [PATCH 3/6] update api --- apis/v1/gateway_types.go | 18 ++++++++++++ geps/gep-1713/index.md | 60 ++++++++++++++++++++++++++++++---------- 2 files changed, 63 insertions(+), 15 deletions(-) diff --git a/apis/v1/gateway_types.go b/apis/v1/gateway_types.go index 3b856a1567..5e47c9f7c5 100644 --- a/apis/v1/gateway_types.go +++ b/apis/v1/gateway_types.go @@ -998,6 +998,24 @@ type GatewayStatus struct { // +listMapKey=name // +kubebuilder:validation:MaxItems=64 Listeners []ListenerStatus `json:"listeners,omitempty"` + + // AttachedListeners represents the total number of ListenerSets that have been + // successfully attached to this Gateway. + // + // Successful attachment of a ListenerSets to a Gateway is based solely on the + // combination of the AllowedListeners field on the Gateway + // and the ListenerSets's ParentRefs field. A ListenerSets is successfully attached to + // a Gateway when it is selected by the ListenerSets's AllowedListeners field + // AND the ListenerSets has a valid ParentRef selecting the Gateway + // resource as a parent resource. ListenerSets status does not impact + // successful attachment, i.e. the AttachedListeners field count MUST be set + // for ListenerSets with condition Accepted: false and MUST count successfully + // attached AttachedListeners that may themselves have Accepted: false conditions. + // + // Uses for this field include troubleshooting AttachedListeners attachment and + // measuring blast radius/impact of changes to a Gateway. + // +required + AttachedListeners int32 `json:"attachedListeners"` } // GatewayInfrastructure defines infrastructure level attributes about a Gateway instance. diff --git a/geps/gep-1713/index.md b/geps/gep-1713/index.md index 073b58db52..83e0ac2e5f 100644 --- a/geps/gep-1713/index.md +++ b/geps/gep-1713/index.md @@ -893,6 +893,8 @@ The condition's `Status` has the following values: Parent `Gateways` MUST NOT have `ListenerSet` listeners in their `status.listeners` conditions list. +Implementations MUST support a new `Gateway` status field `AttachedListeners` that specifies the count of ListenerSets attached to the Gateway. + ### ListenerSet Conditions `ListenerSets` have a top-level `Accepted` and `Programmed` conditions. @@ -979,22 +981,38 @@ A new Gateway Conformance (Extended) feature will be added SupportGatewayListenerSet FeatureName = "GatewayListenerSet" ``` They will validate the following scenarios : -1. ListenerSet is not allowed on the parent Gateway + +1. AllowedListeners is not specified on the parent Gateway - `Gateway.spec.allowedListeners` is not specified (defaults to None) + + - The ListenerSet is not accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | False | NotAllowed | + + - The parent gateway has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | AttachedListenerSets | Unknown | // any reason // | + | AttachedListeners | 0 | | + + - The request on the ListenerSet port fails. + +1. ListenerSets are not allowed on the parent Gateway - `Gateway.spec.allowedListeners.namespaces.from` is set to `None` - In both cases, the ListenerSet is not accepted with the following status : - | Type | Status | Reason | - | -------- | ------- | ------- | - | Accepted | False | NotAllowed | + - The ListenerSet is not accepted with the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | Accepted | False | NotAllowed | - The parent gateway has the following status : - | Type | Status | Reason | - | -------- | ------- | ------- | - | AttachedListenerSets | False | ListenerSetsNotAllowed | - | AttachedListeners | 0 | | + - The parent gateway has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | AttachedListenerSets | False | ListenerSetsNotAllowed | + | AttachedListeners | 0 | | - The request on the ListenerSet port fails. + - The request on the ListenerSet port fails. 1. A listener on the ListenerSet has a protocol conflict with a listener on the Gateway - The conflicting listener on the Gateway is accepted based on the [Listener Precedence](#listener-precedence) with the following status : @@ -1005,7 +1023,7 @@ They will validate the following scenarios : - The parent gateway has the following status : | Type | Status | Reason | | -------- | ------- | ------- | - | AttachedListenerSets | True | ListenerSetsAttached | + | AttachedListenerSets | // depends on whether there are any other valid listeners in the attached ListenerSets // | ListenerSetsAttached | | AttachedListeners | // total number of child listenerSets // | | - The conflicting listener on the ListenerSet is not accepted with the following status : @@ -1070,7 +1088,7 @@ They will validate the following scenarios : - The parent gateway has the following status : | Type | Status | Reason | | -------- | ------- | ------- | - | AttachedListenerSets | True | ListenerSetsAttached | + | AttachedListenerSets | // depends on whether there are any other valid listeners in the attached ListenerSets // | ListenerSetsAttached | | AttachedListeners | // total number of child listenerSets // | | - The request to the conflicting listener on the Gateway succeeds. @@ -1159,7 +1177,7 @@ They will validate the following scenarios : - The parent gateway has the following status : | Type | Status | Reason | | -------- | ------- | ------- | - | AttachedListenerSets | True | ListenerSetsAttached | + | AttachedListenerSets | // depends on whether there are any other valid listeners in the attached ListenerSets // | ListenerSetsAttached | | AttachedListeners | 1 | | - The request to the ListenerSet port must succeed. @@ -1173,7 +1191,7 @@ They will validate the following scenarios : - The parent gateway has the following status : | Type | Status | Reason | | -------- | ------- | ------- | - | AttachedListenerSets | True | ListenerSetsAttached | + | AttachedListenerSets | // depends on whether there are any other valid listeners in the ListenerSets // | ListenerSetsAttached | | AttachedListeners | 1 | | - The request to the ListenerSet port must not succeed. @@ -1186,6 +1204,12 @@ They will validate the following scenarios : | -------- | ------- | ------- | | ResolvedRefs | False | RefNotPermitted | + - The parent gateway has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | AttachedListenerSets | // depends on whether there are any other valid listeners in the ListenerSets // | ListenerSetsAttached | + | AttachedListeners | 1 | | + - The request to the listener on the ListenerSet fails. 1. A listener on a ListenerSet with a ReferenceGrant for the parent Gateway @@ -1196,6 +1220,12 @@ They will validate the following scenarios : | -------- | ------- | ------- | | ResolvedRefs | False | RefNotPermitted | + - The parent gateway has the following status : + | Type | Status | Reason | + | -------- | ------- | ------- | + | AttachedListenerSets | // depends on whether there are any other valid listeners in the ListenerSets // | ListenerSetsAttached | + | AttachedListeners | 1 | | + - The request to the listener on the ListenerSet fails. 1. A listener on a ListenerSet allows routes from the same namespace as the ListenerSet From 83344dee4cd50abbabc434f421a92c990c27ebf6 Mon Sep 17 00:00:00 2001 From: David Jumani Date: Wed, 29 Oct 2025 11:03:19 -0400 Subject: [PATCH 4/6] codegen --- applyconfiguration/apis/v1/gatewaystatus.go | 15 +++++-- applyconfiguration/internal/internal.go | 4 ++ .../gateway.networking.k8s.io_gateways.yaml | 42 +++++++++++++++++++ .../gateway.networking.k8s.io_gateways.yaml | 42 +++++++++++++++++++ pkg/generated/openapi/zz_generated.openapi.go | 9 ++++ 5 files changed, 109 insertions(+), 3 deletions(-) diff --git a/applyconfiguration/apis/v1/gatewaystatus.go b/applyconfiguration/apis/v1/gatewaystatus.go index 3e96cd2907..3cf8e2f006 100644 --- a/applyconfiguration/apis/v1/gatewaystatus.go +++ b/applyconfiguration/apis/v1/gatewaystatus.go @@ -25,9 +25,10 @@ import ( // GatewayStatusApplyConfiguration represents a declarative configuration of the GatewayStatus type for use // with apply. type GatewayStatusApplyConfiguration struct { - Addresses []GatewayStatusAddressApplyConfiguration `json:"addresses,omitempty"` - Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"` - Listeners []ListenerStatusApplyConfiguration `json:"listeners,omitempty"` + Addresses []GatewayStatusAddressApplyConfiguration `json:"addresses,omitempty"` + Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"` + Listeners []ListenerStatusApplyConfiguration `json:"listeners,omitempty"` + AttachedListeners *int32 `json:"attachedListeners,omitempty"` } // GatewayStatusApplyConfiguration constructs a declarative configuration of the GatewayStatus type for use with @@ -74,3 +75,11 @@ func (b *GatewayStatusApplyConfiguration) WithListeners(values ...*ListenerStatu } return b } + +// WithAttachedListeners sets the AttachedListeners field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AttachedListeners field is set to the value of the last call. +func (b *GatewayStatusApplyConfiguration) WithAttachedListeners(value int32) *GatewayStatusApplyConfiguration { + b.AttachedListeners = &value + return b +} diff --git a/applyconfiguration/internal/internal.go b/applyconfiguration/internal/internal.go index 5fa65d155a..607245a0bb 100644 --- a/applyconfiguration/internal/internal.go +++ b/applyconfiguration/internal/internal.go @@ -716,6 +716,10 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: io.k8s.sigs.gateway-api.apis.v1.GatewayStatusAddress elementRelationship: atomic + - name: attachedListeners + type: + scalar: numeric + default: 0 - name: conditions type: list: diff --git a/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml b/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml index 1d27104859..e70bd300c9 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml @@ -1363,6 +1363,25 @@ spec: maxItems: 16 type: array x-kubernetes-list-type: atomic + attachedListeners: + description: |- + AttachedListeners represents the total number of ListenerSets that have been + successfully attached to this Gateway. + + Successful attachment of a ListenerSets to a Gateway is based solely on the + combination of the AllowedListeners field on the Gateway + and the ListenerSets's ParentRefs field. A ListenerSets is successfully attached to + a Gateway when it is selected by the ListenerSets's AllowedListeners field + AND the ListenerSets has a valid ParentRef selecting the Gateway + resource as a parent resource. ListenerSets status does not impact + successful attachment, i.e. the AttachedListeners field count MUST be set + for ListenerSets with condition Accepted: false and MUST count successfully + attached AttachedListeners that may themselves have Accepted: false conditions. + + Uses for this field include troubleshooting AttachedListeners attachment and + measuring blast radius/impact of changes to a Gateway. + format: int32 + type: integer conditions: default: - lastTransitionTime: "1970-01-01T00:00:00Z" @@ -1588,6 +1607,8 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + required: + - attachedListeners type: object required: - spec @@ -2940,6 +2961,25 @@ spec: maxItems: 16 type: array x-kubernetes-list-type: atomic + attachedListeners: + description: |- + AttachedListeners represents the total number of ListenerSets that have been + successfully attached to this Gateway. + + Successful attachment of a ListenerSets to a Gateway is based solely on the + combination of the AllowedListeners field on the Gateway + and the ListenerSets's ParentRefs field. A ListenerSets is successfully attached to + a Gateway when it is selected by the ListenerSets's AllowedListeners field + AND the ListenerSets has a valid ParentRef selecting the Gateway + resource as a parent resource. ListenerSets status does not impact + successful attachment, i.e. the AttachedListeners field count MUST be set + for ListenerSets with condition Accepted: false and MUST count successfully + attached AttachedListeners that may themselves have Accepted: false conditions. + + Uses for this field include troubleshooting AttachedListeners attachment and + measuring blast radius/impact of changes to a Gateway. + format: int32 + type: integer conditions: default: - lastTransitionTime: "1970-01-01T00:00:00Z" @@ -3165,6 +3205,8 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + required: + - attachedListeners type: object required: - spec diff --git a/config/crd/standard/gateway.networking.k8s.io_gateways.yaml b/config/crd/standard/gateway.networking.k8s.io_gateways.yaml index 0930cff5a9..b1da7f5cf0 100644 --- a/config/crd/standard/gateway.networking.k8s.io_gateways.yaml +++ b/config/crd/standard/gateway.networking.k8s.io_gateways.yaml @@ -899,6 +899,25 @@ spec: maxItems: 16 type: array x-kubernetes-list-type: atomic + attachedListeners: + description: |- + AttachedListeners represents the total number of ListenerSets that have been + successfully attached to this Gateway. + + Successful attachment of a ListenerSets to a Gateway is based solely on the + combination of the AllowedListeners field on the Gateway + and the ListenerSets's ParentRefs field. A ListenerSets is successfully attached to + a Gateway when it is selected by the ListenerSets's AllowedListeners field + AND the ListenerSets has a valid ParentRef selecting the Gateway + resource as a parent resource. ListenerSets status does not impact + successful attachment, i.e. the AttachedListeners field count MUST be set + for ListenerSets with condition Accepted: false and MUST count successfully + attached AttachedListeners that may themselves have Accepted: false conditions. + + Uses for this field include troubleshooting AttachedListeners attachment and + measuring blast radius/impact of changes to a Gateway. + format: int32 + type: integer conditions: default: - lastTransitionTime: "1970-01-01T00:00:00Z" @@ -1124,6 +1143,8 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + required: + - attachedListeners type: object required: - spec @@ -2012,6 +2033,25 @@ spec: maxItems: 16 type: array x-kubernetes-list-type: atomic + attachedListeners: + description: |- + AttachedListeners represents the total number of ListenerSets that have been + successfully attached to this Gateway. + + Successful attachment of a ListenerSets to a Gateway is based solely on the + combination of the AllowedListeners field on the Gateway + and the ListenerSets's ParentRefs field. A ListenerSets is successfully attached to + a Gateway when it is selected by the ListenerSets's AllowedListeners field + AND the ListenerSets has a valid ParentRef selecting the Gateway + resource as a parent resource. ListenerSets status does not impact + successful attachment, i.e. the AttachedListeners field count MUST be set + for ListenerSets with condition Accepted: false and MUST count successfully + attached AttachedListeners that may themselves have Accepted: false conditions. + + Uses for this field include troubleshooting AttachedListeners attachment and + measuring blast radius/impact of changes to a Gateway. + format: int32 + type: integer conditions: default: - lastTransitionTime: "1970-01-01T00:00:00Z" @@ -2237,6 +2277,8 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + required: + - attachedListeners type: object required: - spec diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index 0968ead79a..75fdb91ab3 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -4567,7 +4567,16 @@ func schema_sigsk8sio_gateway_api_apis_v1_GatewayStatus(ref common.ReferenceCall }, }, }, + "attachedListeners": { + SchemaProps: spec.SchemaProps{ + Description: "AttachedListeners represents the total number of ListenerSets that have been successfully attached to this Gateway.\n\nSuccessful attachment of a ListenerSets to a Gateway is based solely on the combination of the AllowedListeners field on the Gateway and the ListenerSets's ParentRefs field. A ListenerSets is successfully attached to a Gateway when it is selected by the ListenerSets's AllowedListeners field AND the ListenerSets has a valid ParentRef selecting the Gateway resource as a parent resource. ListenerSets status does not impact successful attachment, i.e. the AttachedListeners field count MUST be set for ListenerSets with condition Accepted: false and MUST count successfully attached AttachedListeners that may themselves have Accepted: false conditions.\n\nUses for this field include troubleshooting AttachedListeners attachment and measuring blast radius/impact of changes to a Gateway.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, }, + Required: []string{"attachedListeners"}, }, }, Dependencies: []string{ From 7e1143369cbb61caa04f243200dae425a86cabc7 Mon Sep 17 00:00:00 2001 From: David Jumani Date: Wed, 29 Oct 2025 11:13:43 -0400 Subject: [PATCH 5/6] make attachedListeners optional --- apis/v1/gateway_types.go | 2 +- .../crd/experimental/gateway.networking.k8s.io_gateways.yaml | 4 ---- config/crd/standard/gateway.networking.k8s.io_gateways.yaml | 4 ---- pkg/generated/openapi/zz_generated.openapi.go | 1 - 4 files changed, 1 insertion(+), 10 deletions(-) diff --git a/apis/v1/gateway_types.go b/apis/v1/gateway_types.go index 5e47c9f7c5..143bad34de 100644 --- a/apis/v1/gateway_types.go +++ b/apis/v1/gateway_types.go @@ -1014,7 +1014,7 @@ type GatewayStatus struct { // // Uses for this field include troubleshooting AttachedListeners attachment and // measuring blast radius/impact of changes to a Gateway. - // +required + // +optional AttachedListeners int32 `json:"attachedListeners"` } diff --git a/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml b/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml index e70bd300c9..468aa90ccd 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml @@ -1607,8 +1607,6 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map - required: - - attachedListeners type: object required: - spec @@ -3205,8 +3203,6 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map - required: - - attachedListeners type: object required: - spec diff --git a/config/crd/standard/gateway.networking.k8s.io_gateways.yaml b/config/crd/standard/gateway.networking.k8s.io_gateways.yaml index b1da7f5cf0..4f01ed6935 100644 --- a/config/crd/standard/gateway.networking.k8s.io_gateways.yaml +++ b/config/crd/standard/gateway.networking.k8s.io_gateways.yaml @@ -1143,8 +1143,6 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map - required: - - attachedListeners type: object required: - spec @@ -2277,8 +2275,6 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map - required: - - attachedListeners type: object required: - spec diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index 75fdb91ab3..d7804ffff5 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -4576,7 +4576,6 @@ func schema_sigsk8sio_gateway_api_apis_v1_GatewayStatus(ref common.ReferenceCall }, }, }, - Required: []string{"attachedListeners"}, }, }, Dependencies: []string{ From fe7a3f120e6c6a1323a0ae787499cff064500a25 Mon Sep 17 00:00:00 2001 From: David Jumani Date: Thu, 30 Oct 2025 11:11:55 -0400 Subject: [PATCH 6/6] remove api changes --- apis/v1/gateway_types.go | 18 --------- applyconfiguration/apis/v1/gatewaystatus.go | 15 ++------ applyconfiguration/internal/internal.go | 4 -- .../gateway.networking.k8s.io_gateways.yaml | 38 ------------------- .../gateway.networking.k8s.io_gateways.yaml | 38 ------------------- pkg/generated/openapi/zz_generated.openapi.go | 8 ---- 6 files changed, 3 insertions(+), 118 deletions(-) diff --git a/apis/v1/gateway_types.go b/apis/v1/gateway_types.go index 143bad34de..3b856a1567 100644 --- a/apis/v1/gateway_types.go +++ b/apis/v1/gateway_types.go @@ -998,24 +998,6 @@ type GatewayStatus struct { // +listMapKey=name // +kubebuilder:validation:MaxItems=64 Listeners []ListenerStatus `json:"listeners,omitempty"` - - // AttachedListeners represents the total number of ListenerSets that have been - // successfully attached to this Gateway. - // - // Successful attachment of a ListenerSets to a Gateway is based solely on the - // combination of the AllowedListeners field on the Gateway - // and the ListenerSets's ParentRefs field. A ListenerSets is successfully attached to - // a Gateway when it is selected by the ListenerSets's AllowedListeners field - // AND the ListenerSets has a valid ParentRef selecting the Gateway - // resource as a parent resource. ListenerSets status does not impact - // successful attachment, i.e. the AttachedListeners field count MUST be set - // for ListenerSets with condition Accepted: false and MUST count successfully - // attached AttachedListeners that may themselves have Accepted: false conditions. - // - // Uses for this field include troubleshooting AttachedListeners attachment and - // measuring blast radius/impact of changes to a Gateway. - // +optional - AttachedListeners int32 `json:"attachedListeners"` } // GatewayInfrastructure defines infrastructure level attributes about a Gateway instance. diff --git a/applyconfiguration/apis/v1/gatewaystatus.go b/applyconfiguration/apis/v1/gatewaystatus.go index 3cf8e2f006..3e96cd2907 100644 --- a/applyconfiguration/apis/v1/gatewaystatus.go +++ b/applyconfiguration/apis/v1/gatewaystatus.go @@ -25,10 +25,9 @@ import ( // GatewayStatusApplyConfiguration represents a declarative configuration of the GatewayStatus type for use // with apply. type GatewayStatusApplyConfiguration struct { - Addresses []GatewayStatusAddressApplyConfiguration `json:"addresses,omitempty"` - Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"` - Listeners []ListenerStatusApplyConfiguration `json:"listeners,omitempty"` - AttachedListeners *int32 `json:"attachedListeners,omitempty"` + Addresses []GatewayStatusAddressApplyConfiguration `json:"addresses,omitempty"` + Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"` + Listeners []ListenerStatusApplyConfiguration `json:"listeners,omitempty"` } // GatewayStatusApplyConfiguration constructs a declarative configuration of the GatewayStatus type for use with @@ -75,11 +74,3 @@ func (b *GatewayStatusApplyConfiguration) WithListeners(values ...*ListenerStatu } return b } - -// WithAttachedListeners sets the AttachedListeners field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the AttachedListeners field is set to the value of the last call. -func (b *GatewayStatusApplyConfiguration) WithAttachedListeners(value int32) *GatewayStatusApplyConfiguration { - b.AttachedListeners = &value - return b -} diff --git a/applyconfiguration/internal/internal.go b/applyconfiguration/internal/internal.go index 607245a0bb..5fa65d155a 100644 --- a/applyconfiguration/internal/internal.go +++ b/applyconfiguration/internal/internal.go @@ -716,10 +716,6 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: io.k8s.sigs.gateway-api.apis.v1.GatewayStatusAddress elementRelationship: atomic - - name: attachedListeners - type: - scalar: numeric - default: 0 - name: conditions type: list: diff --git a/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml b/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml index 468aa90ccd..1d27104859 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml @@ -1363,25 +1363,6 @@ spec: maxItems: 16 type: array x-kubernetes-list-type: atomic - attachedListeners: - description: |- - AttachedListeners represents the total number of ListenerSets that have been - successfully attached to this Gateway. - - Successful attachment of a ListenerSets to a Gateway is based solely on the - combination of the AllowedListeners field on the Gateway - and the ListenerSets's ParentRefs field. A ListenerSets is successfully attached to - a Gateway when it is selected by the ListenerSets's AllowedListeners field - AND the ListenerSets has a valid ParentRef selecting the Gateway - resource as a parent resource. ListenerSets status does not impact - successful attachment, i.e. the AttachedListeners field count MUST be set - for ListenerSets with condition Accepted: false and MUST count successfully - attached AttachedListeners that may themselves have Accepted: false conditions. - - Uses for this field include troubleshooting AttachedListeners attachment and - measuring blast radius/impact of changes to a Gateway. - format: int32 - type: integer conditions: default: - lastTransitionTime: "1970-01-01T00:00:00Z" @@ -2959,25 +2940,6 @@ spec: maxItems: 16 type: array x-kubernetes-list-type: atomic - attachedListeners: - description: |- - AttachedListeners represents the total number of ListenerSets that have been - successfully attached to this Gateway. - - Successful attachment of a ListenerSets to a Gateway is based solely on the - combination of the AllowedListeners field on the Gateway - and the ListenerSets's ParentRefs field. A ListenerSets is successfully attached to - a Gateway when it is selected by the ListenerSets's AllowedListeners field - AND the ListenerSets has a valid ParentRef selecting the Gateway - resource as a parent resource. ListenerSets status does not impact - successful attachment, i.e. the AttachedListeners field count MUST be set - for ListenerSets with condition Accepted: false and MUST count successfully - attached AttachedListeners that may themselves have Accepted: false conditions. - - Uses for this field include troubleshooting AttachedListeners attachment and - measuring blast radius/impact of changes to a Gateway. - format: int32 - type: integer conditions: default: - lastTransitionTime: "1970-01-01T00:00:00Z" diff --git a/config/crd/standard/gateway.networking.k8s.io_gateways.yaml b/config/crd/standard/gateway.networking.k8s.io_gateways.yaml index 4f01ed6935..0930cff5a9 100644 --- a/config/crd/standard/gateway.networking.k8s.io_gateways.yaml +++ b/config/crd/standard/gateway.networking.k8s.io_gateways.yaml @@ -899,25 +899,6 @@ spec: maxItems: 16 type: array x-kubernetes-list-type: atomic - attachedListeners: - description: |- - AttachedListeners represents the total number of ListenerSets that have been - successfully attached to this Gateway. - - Successful attachment of a ListenerSets to a Gateway is based solely on the - combination of the AllowedListeners field on the Gateway - and the ListenerSets's ParentRefs field. A ListenerSets is successfully attached to - a Gateway when it is selected by the ListenerSets's AllowedListeners field - AND the ListenerSets has a valid ParentRef selecting the Gateway - resource as a parent resource. ListenerSets status does not impact - successful attachment, i.e. the AttachedListeners field count MUST be set - for ListenerSets with condition Accepted: false and MUST count successfully - attached AttachedListeners that may themselves have Accepted: false conditions. - - Uses for this field include troubleshooting AttachedListeners attachment and - measuring blast radius/impact of changes to a Gateway. - format: int32 - type: integer conditions: default: - lastTransitionTime: "1970-01-01T00:00:00Z" @@ -2031,25 +2012,6 @@ spec: maxItems: 16 type: array x-kubernetes-list-type: atomic - attachedListeners: - description: |- - AttachedListeners represents the total number of ListenerSets that have been - successfully attached to this Gateway. - - Successful attachment of a ListenerSets to a Gateway is based solely on the - combination of the AllowedListeners field on the Gateway - and the ListenerSets's ParentRefs field. A ListenerSets is successfully attached to - a Gateway when it is selected by the ListenerSets's AllowedListeners field - AND the ListenerSets has a valid ParentRef selecting the Gateway - resource as a parent resource. ListenerSets status does not impact - successful attachment, i.e. the AttachedListeners field count MUST be set - for ListenerSets with condition Accepted: false and MUST count successfully - attached AttachedListeners that may themselves have Accepted: false conditions. - - Uses for this field include troubleshooting AttachedListeners attachment and - measuring blast radius/impact of changes to a Gateway. - format: int32 - type: integer conditions: default: - lastTransitionTime: "1970-01-01T00:00:00Z" diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index d7804ffff5..0968ead79a 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -4567,14 +4567,6 @@ func schema_sigsk8sio_gateway_api_apis_v1_GatewayStatus(ref common.ReferenceCall }, }, }, - "attachedListeners": { - SchemaProps: spec.SchemaProps{ - Description: "AttachedListeners represents the total number of ListenerSets that have been successfully attached to this Gateway.\n\nSuccessful attachment of a ListenerSets to a Gateway is based solely on the combination of the AllowedListeners field on the Gateway and the ListenerSets's ParentRefs field. A ListenerSets is successfully attached to a Gateway when it is selected by the ListenerSets's AllowedListeners field AND the ListenerSets has a valid ParentRef selecting the Gateway resource as a parent resource. ListenerSets status does not impact successful attachment, i.e. the AttachedListeners field count MUST be set for ListenerSets with condition Accepted: false and MUST count successfully attached AttachedListeners that may themselves have Accepted: false conditions.\n\nUses for this field include troubleshooting AttachedListeners attachment and measuring blast radius/impact of changes to a Gateway.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", - }, - }, }, }, },