apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null labels: controller-tools.k8s.io: "1.0" name: gateways.istio.kubesphere.io spec: group: istio.kubesphere.io names: kind: Gateway plural: gateways scope: Namespaced validation: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: selector: description: One or more labels that indicate a specific set of pods/VMs on which this gateway configuration should be applied. If no selectors are provided, the gateway will be implemented by the default istio-ingress controller. type: object servers: description: 'REQUIRED: A list of server specifications.' items: properties: hosts: description: A list of hosts exposed by this gateway. While typically applicable to HTTP services, it can also be used for TCP services using TLS with SNI. Standard DNS wildcard prefix syntax is permitted. A VirtualService that is bound to a gateway must having a matching host in its default destination. Specifically one of the VirtualService destination hosts is a strict suffix of a gateway host or a gateway host is a suffix of one of the VirtualService hosts. items: type: string type: array port: description: 'REQUIRED: The Port on which the proxy should listen for incoming connections' properties: name: description: Label assigned to the port. type: string number: description: 'REQUIRED: A valid non-negative integer port number.' format: int64 type: integer protocol: description: 'REQUIRED: The protocol exposed on the port. MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP.' type: string required: - number - protocol type: object tls: description: Set of TLS related options that govern the server's behavior. Use these options to control if all http requests should be redirected to https, and the TLS modes to use. properties: caCertificates: description: REQUIRED if mode is "MUTUAL". The path to a file containing certificate authority certificates to use in verifying a presented client side certificate. type: string httpsRedirect: description: If set to true, the load balancer will send a 302 redirect for all http connections, asking the clients to use HTTPS. type: boolean mode: description: 'Optional: Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.' type: string privateKey: description: REQUIRED if mode is "SIMPLE" or "MUTUAL". The path to the file holding the server's private key. type: string serverCertificate: description: REQUIRED if mode is "SIMPLE" or "MUTUAL". The path to the file holding the server-side TLS certificate to use. type: string subjectAltNames: description: A list of alternate names to verify the subject identity in the certificate presented by the client. items: type: string type: array required: - httpsRedirect - serverCertificate - privateKey - caCertificates - subjectAltNames type: object required: - port type: object type: array required: - servers type: object required: - spec version: v1alpha3 status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []