Package io.fabric8.kubernetes.api.model.gatewayapi.v1alpha3

Class BackendTLSPolicyValidation

    • Constructor Detail

      • BackendTLSPolicyValidation

        public BackendTLSPolicyValidation()
        No args constructor for use in serialization

    • Method Detail

      • getCaCertificateRefs

        public List<LocalObjectReference> getCaCertificateRefs()
        CACertificateRefs contains one or more references to Kubernetes objects that contain a PEM-encoded TLS CA certificate bundle, which is used to validate a TLS handshake between the Gateway and backend Pod.


        If CACertificateRefs is empty or unspecified, then WellKnownCACertificates must be specified. Only one of CACertificateRefs or WellKnownCACertificates may be specified, not both. If CACertifcateRefs is empty or unspecified, the configuration for WellKnownCACertificates MUST be honored instead if supported by the implementation.


        References to a resource in a different namespace are invalid for the moment, although we will revisit this in the future.


        A single CACertificateRef to a Kubernetes ConfigMap kind has "Core" support. Implementations MAY choose to support attaching multiple certificates to a backend, but this behavior is implementation-specific.


        Support: Core - An optional single reference to a Kubernetes ConfigMap, with the CA certificate in a key named `ca.crt`.


        Support: Implementation-specific (More than one reference, or other kinds of resources).

      • setCaCertificateRefs

        public void setCaCertificateRefs​(List<LocalObjectReference> caCertificateRefs)
        CACertificateRefs contains one or more references to Kubernetes objects that contain a PEM-encoded TLS CA certificate bundle, which is used to validate a TLS handshake between the Gateway and backend Pod.


        If CACertificateRefs is empty or unspecified, then WellKnownCACertificates must be specified. Only one of CACertificateRefs or WellKnownCACertificates may be specified, not both. If CACertifcateRefs is empty or unspecified, the configuration for WellKnownCACertificates MUST be honored instead if supported by the implementation.


        References to a resource in a different namespace are invalid for the moment, although we will revisit this in the future.


        A single CACertificateRef to a Kubernetes ConfigMap kind has "Core" support. Implementations MAY choose to support attaching multiple certificates to a backend, but this behavior is implementation-specific.


        Support: Core - An optional single reference to a Kubernetes ConfigMap, with the CA certificate in a key named `ca.crt`.


        Support: Implementation-specific (More than one reference, or other kinds of resources).

      • getHostname

        public String getHostname()
        Hostname is used for two purposes in the connection between Gateways and backends:


        1. Hostname MUST be used as the SNI to connect to the backend (RFC 6066). 2. If SubjectAltNames is not specified, Hostname MUST be used for

        authentication and MUST match the certificate served by the matching

        backend.


        Support: Core

      • setHostname

        public void setHostname​(String hostname)
        Hostname is used for two purposes in the connection between Gateways and backends:


        1. Hostname MUST be used as the SNI to connect to the backend (RFC 6066). 2. If SubjectAltNames is not specified, Hostname MUST be used for

        authentication and MUST match the certificate served by the matching

        backend.


        Support: Core

      • getSubjectAltNames

        public List<SubjectAltName> getSubjectAltNames()
        SubjectAltNames contains one or more Subject Alternative Names. When specified, the certificate served from the backend MUST have at least one Subject Alternate Name matching one of the specified SubjectAltNames.


        Support: Core

      • setSubjectAltNames

        public void setSubjectAltNames​(List<SubjectAltName> subjectAltNames)
        SubjectAltNames contains one or more Subject Alternative Names. When specified, the certificate served from the backend MUST have at least one Subject Alternate Name matching one of the specified SubjectAltNames.


        Support: Core

      • getWellKnownCACertificates

        public String getWellKnownCACertificates()
        WellKnownCACertificates specifies whether system CA certificates may be used in the TLS handshake between the gateway and backend pod.


        If WellKnownCACertificates is unspecified or empty (""), then CACertificateRefs must be specified with at least one entry for a valid configuration. Only one of CACertificateRefs or WellKnownCACertificates may be specified, not both. If an implementation does not support the WellKnownCACertificates field or the value supplied is not supported, the Status Conditions on the Policy MUST be updated to include an Accepted: False Condition with Reason: Invalid.


        Support: Implementation-specific

      • setWellKnownCACertificates

        public void setWellKnownCACertificates​(String wellKnownCACertificates)
        WellKnownCACertificates specifies whether system CA certificates may be used in the TLS handshake between the gateway and backend pod.


        If WellKnownCACertificates is unspecified or empty (""), then CACertificateRefs must be specified with at least one entry for a valid configuration. Only one of CACertificateRefs or WellKnownCACertificates may be specified, not both. If an implementation does not support the WellKnownCACertificates field or the value supplied is not supported, the Status Conditions on the Policy MUST be updated to include an Accepted: False Condition with Reason: Invalid.


        Support: Implementation-specific

      • getAdditionalProperties

        public Map<String,​Object> getAdditionalProperties()

      • setAdditionalProperty

        public void setAdditionalProperty​(String name,
                                  Object value)

      • setAdditionalProperties

        public void setAdditionalProperties​(Map<String,​Object> additionalProperties)