Package io.fabric8.kubernetes.api.model.gatewayapi.v1

Class GatewayTLSConfig

  • All Implemented Interfaces:
    io.fabric8.kubernetes.api.builder.Editable<GatewayTLSConfigBuilder>, io.fabric8.kubernetes.api.model.KubernetesResource, Serializable
    @Generated("io.fabric8.kubernetes.schema.generator.model.ModelGenerator")
public class GatewayTLSConfig
extends Object
implements io.fabric8.kubernetes.api.builder.Editable<GatewayTLSConfigBuilder>, io.fabric8.kubernetes.api.model.KubernetesResource
    GatewayTLSConfig describes a TLS configuration.
    See Also:
    Serialized Form

    • Method Detail

      • getCertificateRefs

        public List<SecretObjectReference> getCertificateRefs()
        CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener.


        A single CertificateRef to a Kubernetes Secret has "Core" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific.


        References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the "ResolvedRefs" condition MUST be set to False for this listener with the "RefNotPermitted" reason.


        This field is required to have at least one element when the mode is set to "Terminate" (default) and is optional otherwise.


        CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources.


        Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls


        Support: Implementation-specific (More than one reference or other resource types)

      • setCertificateRefs

        public void setCertificateRefs​(List<SecretObjectReference> certificateRefs)
        CertificateRefs contains a series of references to Kubernetes objects that contains TLS certificates and private keys. These certificates are used to establish a TLS handshake for requests that match the hostname of the associated listener.


        A single CertificateRef to a Kubernetes Secret has "Core" support. Implementations MAY choose to support attaching multiple certificates to a Listener, but this behavior is implementation-specific.


        References to a resource in different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. If a ReferenceGrant does not allow this reference, the "ResolvedRefs" condition MUST be set to False for this listener with the "RefNotPermitted" reason.


        This field is required to have at least one element when the mode is set to "Terminate" (default) and is optional otherwise.


        CertificateRefs can reference to standard Kubernetes resources, i.e. Secret, or implementation-specific custom resources.


        Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls


        Support: Implementation-specific (More than one reference or other resource types)

      • getFrontendValidation

        public FrontendTLSValidation getFrontendValidation()
        GatewayTLSConfig describes a TLS configuration.

      • setFrontendValidation

        public void setFrontendValidation​(FrontendTLSValidation frontendValidation)
        GatewayTLSConfig describes a TLS configuration.

      • getMode

        public String getMode()
        Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes:


        - Terminate: The TLS session between the downstream client and the

        Gateway is terminated at the Gateway. This mode requires certificates

        to be specified in some way, such as populating the certificateRefs

        field.

        - Passthrough: The TLS session is NOT terminated by the Gateway. This

        implies that the Gateway can't decipher the TLS stream except for

        the ClientHello message of the TLS protocol. The certificateRefs field

        is ignored in this mode.


        Support: Core

      • setMode

        public void setMode​(String mode)
        Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes:


        - Terminate: The TLS session between the downstream client and the

        Gateway is terminated at the Gateway. This mode requires certificates

        to be specified in some way, such as populating the certificateRefs

        field.

        - Passthrough: The TLS session is NOT terminated by the Gateway. This

        implies that the Gateway can't decipher the TLS stream except for

        the ClientHello message of the TLS protocol. The certificateRefs field

        is ignored in this mode.


        Support: Core

      • getOptions

        public Map<String,​String> getOptions()
        Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites.


        A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API.


        Support: Implementation-specific

      • setOptions

        public void setOptions​(Map<String,​String> options)
        Options are a list of key/value pairs to enable extended TLS configuration for each implementation. For example, configuring the minimum TLS version or supported cipher suites.


        A set of common keys MAY be defined by the API in the future. To avoid any ambiguity, implementation-specific definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. Un-prefixed names are reserved for key names defined by Gateway API.


        Support: Implementation-specific

      • getAdditionalProperties

        public Map<String,​Object> getAdditionalProperties()

      • setAdditionalProperty

        public void setAdditionalProperty​(String name,
                                  Object value)

      • setAdditionalProperties

        public void setAdditionalProperties​(Map<String,​Object> additionalProperties)