{ "description": "Route is the Schema for the routes API", "properties": { "apiVersion": { "type": "string", "description": "Must be \"gateway.cp.ei.telekom.de/v1\".", "const": "gateway.cp.ei.telekom.de/v1" }, "kind": { "type": "string", "description": "Must be \"Route\".", "const": "Route" }, "metadata": { "type": "object", "description": "Standard Kubernetes object metadata. See https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/", "properties": { "name": { "type": "string", "description": "Name must be unique within a namespace. Is required when creating resources." }, "namespace": { "type": "string", "description": "Namespace defines the space within which each name must be unique." }, "labels": { "type": "object", "description": "Map of string keys and values that can be used to organize and categorize objects.", "additionalProperties": { "type": "string" } }, "annotations": { "type": "object", "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools.", "additionalProperties": { "type": "string" } }, "generateName": { "type": "string", "description": "GenerateName is an optional prefix, used by the server, to generate a unique name only if the Name field has not been provided." } } }, "spec": { "description": "RouteSpec defines the desired state of Route", "properties": { "buffering": { "description": "Buffering configures Kong request/response body buffering for this route", "properties": { "disableRequestBuffering": { "default": false, "description": "DisableRequestBuffering disables Kong request body buffering.\nWhen true, the request body is streamed directly to the upstream\nwithout being buffered first. Useful for large uploads or chunked transfers.", "type": "boolean" }, "disableResponseBuffering": { "default": false, "description": "DisableResponseBuffering disables Kong response body buffering.\nWhen true, the response body is streamed directly to the client\nwithout being buffered first. Useful for SSE or large downloads.", "type": "boolean" } }, "type": "object" }, "downstreams": { "items": { "properties": { "host": { "type": "string" }, "issuerUrl": { "type": "string" }, "path": { "type": "string" }, "port": { "type": "integer" } }, "required": [ "host", "path", "port" ], "type": "object" }, "minItems": 1, "type": "array" }, "passThrough": { "default": false, "description": "PassThrough is a flag to pass through the request to the upstream without authentication", "type": "boolean" }, "realm": { "description": "ObjectRef is a reference to a Kubernetes object\nIt is similar to types.NamespacedName but has the required json tags for serialization", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" }, "uid": { "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", "type": "string" } }, "required": [ "name", "namespace" ], "type": "object" }, "security": { "description": "Security is the security configuration for the route", "properties": { "defaultConsumers": { "description": "DefaultConsumers defines a list of default consumers that are allowed to access this route without being explicitly added as a consumer", "items": { "type": "string" }, "type": "array" }, "disableAccessControl": { "default": false, "description": "DisableAccessControl disable the ACL mechanism for this route", "type": "boolean" }, "m2m": { "description": "M2M defines machine-to-machine authentication configuration", "properties": { "basic": { "description": "Basic defines basic authentication configuration", "properties": { "password": { "description": "Password for basic authentication", "minLength": 1, "type": "string" }, "username": { "description": "Username for basic authentication", "minLength": 1, "type": "string" } }, "required": [ "password", "username" ], "type": "object" }, "externalIDP": { "description": "ExternalIDP defines external identity provider configuration", "properties": { "basic": { "description": "Basic defines basic auth credentials for the OAuth2 token request", "properties": { "password": { "description": "Password for basic authentication", "minLength": 1, "type": "string" }, "username": { "description": "Username for basic authentication", "minLength": 1, "type": "string" } }, "required": [ "password", "username" ], "type": "object" }, "client": { "description": "Client defines client credentials for the OAuth2 token request", "properties": { "clientId": { "description": "ClientId identifies the client for OAuth2 client credentials flow", "minLength": 1, "type": "string" }, "clientKey": { "description": "clientKey is the private key associated with the client ID", "type": "string" }, "clientSecret": { "description": "ClientSecret is the secret associated with the client ID", "type": "string" } }, "required": [ "clientId" ], "type": "object", "x-kubernetes-validations": [ { "message": "ClientSecret and ClientKey cannot be used together", "rule": "self == null || (has(self.clientKey) ? (!has(self.clientSecret)) : true)" }, { "message": "At least one of clientSecret or clientKey must be provided", "rule": "self == null || has(self.clientSecret) || has(self.clientKey)" } ] }, "grantType": { "description": "GrantType is the grant type for the external IDP authentication", "enum": [ "client_credentials", "authorization_code", "password" ], "type": "string" }, "tokenEndpoint": { "description": "TokenEndpoint is the URL for the OAuth2 token endpoint", "format": "uri", "type": "string" }, "tokenRequest": { "description": "TokenRequest is the type of token request, \"body\" or \"header\"", "enum": [ "body", "header" ], "type": "string" } }, "required": [ "tokenEndpoint" ], "type": "object", "x-kubernetes-validations": [ { "message": "Only one of basic or client credentials can be provided (XOR relationship)", "rule": "self == null || !has(self.basic) || !has(self.client)" } ] }, "scopes": { "description": "Scopes defines additional OAuth2 scopes that are added to the LMS token", "items": { "type": "string" }, "maxItems": 10, "type": "array" } }, "type": "object", "x-kubernetes-validations": [ { "message": "ExternalIDP and basic authentication cannot be used together", "rule": "self == null || (has(self.externalIDP) ? (!has(self.basic)) : true)" }, { "message": "Scopes and basic authentication cannot be used together", "rule": "self == null || (has(self.scopes) ? (!has(self.basic)) : true)" }, { "message": "At least one of externalIDP, basic, or scopes must be provided", "rule": "self == null || has(self.externalIDP) || has(self.basic) || has(self.scopes)" } ] } }, "type": "object" }, "traffic": { "properties": { "circuitBreaker": { "properties": { "enabled": { "description": "CircuitBreaker flags if the Kong circuit breaker feature should be used", "type": "boolean" } }, "type": "object" }, "dynamicUpstream": { "description": "DynamicUpstream configures runtime upstream URL resolution.\nWhen set, the gateway resolves the actual upstream target from a\nrequest query parameter instead of using the static upstream.", "properties": { "queryParameter": { "description": "QueryParameter is the name of the query parameter containing the target URL.\nThe parameter will be removed from the forwarded request.", "minLength": 1, "pattern": "^[a-zA-Z0-9_-]+$", "type": "string" } }, "required": [ "queryParameter" ], "type": "object" }, "failover": { "properties": { "security": { "properties": { "defaultConsumers": { "description": "DefaultConsumers defines a list of default consumers that are allowed to access this route without being explicitly added as a consumer", "items": { "type": "string" }, "type": "array" }, "disableAccessControl": { "default": false, "description": "DisableAccessControl disable the ACL mechanism for this route", "type": "boolean" }, "m2m": { "description": "M2M defines machine-to-machine authentication configuration", "properties": { "basic": { "description": "Basic defines basic authentication configuration", "properties": { "password": { "description": "Password for basic authentication", "minLength": 1, "type": "string" }, "username": { "description": "Username for basic authentication", "minLength": 1, "type": "string" } }, "required": [ "password", "username" ], "type": "object" }, "externalIDP": { "description": "ExternalIDP defines external identity provider configuration", "properties": { "basic": { "description": "Basic defines basic auth credentials for the OAuth2 token request", "properties": { "password": { "description": "Password for basic authentication", "minLength": 1, "type": "string" }, "username": { "description": "Username for basic authentication", "minLength": 1, "type": "string" } }, "required": [ "password", "username" ], "type": "object" }, "client": { "description": "Client defines client credentials for the OAuth2 token request", "properties": { "clientId": { "description": "ClientId identifies the client for OAuth2 client credentials flow", "minLength": 1, "type": "string" }, "clientKey": { "description": "clientKey is the private key associated with the client ID", "type": "string" }, "clientSecret": { "description": "ClientSecret is the secret associated with the client ID", "type": "string" } }, "required": [ "clientId" ], "type": "object", "x-kubernetes-validations": [ { "message": "ClientSecret and ClientKey cannot be used together", "rule": "self == null || (has(self.clientKey) ? (!has(self.clientSecret)) : true)" }, { "message": "At least one of clientSecret or clientKey must be provided", "rule": "self == null || has(self.clientSecret) || has(self.clientKey)" } ] }, "grantType": { "description": "GrantType is the grant type for the external IDP authentication", "enum": [ "client_credentials", "authorization_code", "password" ], "type": "string" }, "tokenEndpoint": { "description": "TokenEndpoint is the URL for the OAuth2 token endpoint", "format": "uri", "type": "string" }, "tokenRequest": { "description": "TokenRequest is the type of token request, \"body\" or \"header\"", "enum": [ "body", "header" ], "type": "string" } }, "required": [ "tokenEndpoint" ], "type": "object", "x-kubernetes-validations": [ { "message": "Only one of basic or client credentials can be provided (XOR relationship)", "rule": "self == null || !has(self.basic) || !has(self.client)" } ] }, "scopes": { "description": "Scopes defines additional OAuth2 scopes that are added to the LMS token", "items": { "type": "string" }, "maxItems": 10, "type": "array" } }, "type": "object", "x-kubernetes-validations": [ { "message": "ExternalIDP and basic authentication cannot be used together", "rule": "self == null || (has(self.externalIDP) ? (!has(self.basic)) : true)" }, { "message": "Scopes and basic authentication cannot be used together", "rule": "self == null || (has(self.scopes) ? (!has(self.basic)) : true)" }, { "message": "At least one of externalIDP, basic, or scopes must be provided", "rule": "self == null || has(self.externalIDP) || has(self.basic) || has(self.scopes)" } ] } }, "type": "object" }, "targetZoneName": { "type": "string" }, "upstreams": { "items": { "properties": { "clientId": { "type": "string" }, "clientSecret": { "type": "string" }, "host": { "type": "string" }, "issuerUrl": { "type": "string" }, "path": { "type": "string" }, "port": { "type": "integer" }, "scheme": { "type": "string" }, "weight": { "type": "integer" } }, "required": [ "host", "path", "port", "scheme" ], "type": "object" }, "type": "array" } }, "required": [ "targetZoneName", "upstreams" ], "type": "object" }, "rateLimit": { "description": "RateLimit defines rate limits for different time windows", "properties": { "limits": { "description": "Limits defines the actual rate limit values for different time windows", "properties": { "hour": { "description": "Hour defines the maximum number of requests allowed per hour", "minimum": 0, "type": "integer" }, "minute": { "description": "Minute defines the maximum number of requests allowed per minute", "minimum": 0, "type": "integer" }, "second": { "description": "Second defines the maximum number of requests allowed per second", "minimum": 0, "type": "integer" } }, "type": "object" }, "options": { "description": "Options defines additional configuration options for rate limiting", "properties": { "faultTolerant": { "default": true, "description": "FaultTolerant defines if the rate limit plugin should be fault tolerant, if gateway is not able to access the config store", "type": "boolean" }, "hideClientHeaders": { "default": false, "description": "HideClientHeaders hides additional client headers which give information about the rate-limit, reset and remaining requests for consumers if set to true.", "type": "boolean" } }, "type": "object" } }, "required": [ "limits" ], "type": "object" } }, "type": "object" }, "transformation": { "description": "Transformation defines optional request/response transformations for this API", "properties": { "request": { "description": "Request defines transformations applied to incoming API requests", "properties": { "headers": { "description": "Headers defines HTTP header modifications for requests", "properties": { "add": { "description": "Add is a list of HTTP headers to add to the request/response", "items": { "type": "string" }, "maxItems": 5, "minItems": 1, "type": "array" }, "remove": { "description": "Remove is a list of HTTP header names to remove", "items": { "type": "string" }, "maxItems": 5, "minItems": 1, "type": "array" } }, "type": "object" } }, "type": "object" } }, "type": "object" }, "upstreams": { "items": { "properties": { "clientId": { "type": "string" }, "clientSecret": { "type": "string" }, "host": { "type": "string" }, "issuerUrl": { "type": "string" }, "path": { "type": "string" }, "port": { "type": "integer" }, "scheme": { "type": "string" }, "weight": { "type": "integer" } }, "required": [ "host", "path", "port", "scheme" ], "type": "object" }, "minItems": 1, "type": "array" } }, "required": [ "downstreams", "passThrough", "realm", "traffic", "upstreams" ], "type": "object" }, "status": { "description": "RouteStatus defines the observed state of Route", "properties": { "conditions": { "items": { "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { "lastTransitionTime": { "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", "maxLength": 32768, "type": "string" }, "observedGeneration": { "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "minimum": 0, "type": "integer" }, "reason": { "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { "description": "status of the condition, one of True, False, Unknown.", "enum": [ "True", "False", "Unknown" ], "type": "string" }, "type": { "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ "lastTransitionTime", "message", "reason", "status", "type" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "consumers": { "items": { "type": "string" }, "type": "array" }, "properties": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object" } }, "type": "object", "$schema": "http://json-schema.org/draft-07/schema#", "$id": "https://telekom.github.io/controlplane/schemas/gateway.cp.ei.telekom.de/route_v1.json", "title": "Route", "required": [ "apiVersion", "kind", "metadata" ] }