openapi: 3.1.0 info: title: Kubernetes Services Kubernetes Gateway API description: >- The Kubernetes Gateway API is a role-oriented, extensible API for managing ingress and mesh traffic routing in Kubernetes clusters. It introduces the GatewayClass, Gateway, HTTPRoute, and GRPCRoute resources that collectively provide advanced traffic management features including header-based routing, traffic weighting, cross-namespace routing, and multi-protocol support as a successor to the Ingress API. version: v1.2.0 contact: name: Kubernetes Gateway API SIG Network url: https://gateway-api.sigs.k8s.io/ termsOfService: https://www.apache.org/licenses/LICENSE-2.0 externalDocs: description: Kubernetes Gateway API Documentation url: https://kubernetes.io/docs/concepts/services-networking/gateway/ servers: - url: https://kubernetes.default.svc description: In-cluster Kubernetes API Server tags: - name: Gateway description: >- Gateway resources instantiating traffic-handling infrastructure such as cloud load balancers or in-cluster proxies, with listeners for each protocol. - name: GatewayClass description: >- GatewayClass resources defining a class of gateway implementations. Cluster-scoped resources that link to a specific ingress or mesh controller. - name: GRPCRoute description: >- GRPCRoute resources defining gRPC routing rules from Gateway listeners to backend services with service and method name matching. - name: HTTPRoute description: >- HTTPRoute resources defining HTTP and HTTPS routing rules from Gateway listeners to backend services with support for path, header, and query parameter matching. security: - bearerAuth: [] - clientCertificate: [] paths: /apis/gateway.networking.k8s.io/v1/gatewayclasses: get: operationId: listGatewayClasses summary: Kubernetes Services List GatewayClasses description: >- Returns a list of all GatewayClass resources in the cluster. GatewayClasses are cluster-scoped and identify gateway controller implementations available for use by Gateway resources. tags: - GatewayClass parameters: - $ref: '#/components/parameters/LabelSelector' - $ref: '#/components/parameters/Limit' - $ref: '#/components/parameters/Watch' responses: '200': description: List of GatewayClass resources content: application/json: schema: $ref: '#/components/schemas/GatewayClassList' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createGatewayClass summary: Kubernetes Services Create a GatewayClass description: >- Creates a new GatewayClass resource. GatewayClasses are typically managed by infrastructure providers and installed when a gateway controller is deployed in the cluster. tags: - GatewayClass requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/GatewayClass' responses: '201': description: GatewayClass created content: application/json: schema: $ref: '#/components/schemas/GatewayClass' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' /apis/gateway.networking.k8s.io/v1/gatewayclasses/{name}: get: operationId: getGatewayClass summary: Kubernetes Services Get a GatewayClass description: >- Returns the specified GatewayClass including the controller name, parameters reference, and the current Accepted condition. tags: - GatewayClass parameters: - $ref: '#/components/parameters/NameParam' responses: '200': description: GatewayClass details content: application/json: schema: $ref: '#/components/schemas/GatewayClass' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteGatewayClass summary: Kubernetes Services Delete a GatewayClass description: >- Deletes the specified GatewayClass. Gateways referencing this class will lose their controller association. tags: - GatewayClass parameters: - $ref: '#/components/parameters/NameParam' responses: '200': description: GatewayClass deleted content: application/json: schema: $ref: '#/components/schemas/GatewayClass' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /apis/gateway.networking.k8s.io/v1/namespaces/{namespace}/gateways: get: operationId: listNamespacedGateways summary: Kubernetes Services List Gateways in a namespace description: >- Returns a list of all Gateway resources in the specified namespace. Each Gateway represents an instance of traffic-handling infrastructure provisioned by the referenced GatewayClass controller. tags: - Gateway parameters: - $ref: '#/components/parameters/NamespaceParam' - $ref: '#/components/parameters/LabelSelector' - $ref: '#/components/parameters/Limit' - $ref: '#/components/parameters/Watch' responses: '200': description: List of Gateway resources content: application/json: schema: $ref: '#/components/schemas/GatewayList' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createNamespacedGateway summary: Kubernetes Services Create a Gateway description: >- Creates a new Gateway in the specified namespace. The Gateway references a GatewayClass and defines one or more listeners with their protocol, port, and allowed routes configuration. tags: - Gateway parameters: - $ref: '#/components/parameters/NamespaceParam' - $ref: '#/components/parameters/DryRun' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Gateway' responses: '201': description: Gateway created content: application/json: schema: $ref: '#/components/schemas/Gateway' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' /apis/gateway.networking.k8s.io/v1/namespaces/{namespace}/gateways/{name}: get: operationId: getNamespacedGateway summary: Kubernetes Services Get a Gateway description: >- Returns the specified Gateway including its GatewayClass reference, listener configurations, and current conditions reported by the gateway controller. tags: - Gateway parameters: - $ref: '#/components/parameters/NamespaceParam' - $ref: '#/components/parameters/NameParam' responses: '200': description: Gateway details content: application/json: schema: $ref: '#/components/schemas/Gateway' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' put: operationId: replaceNamespacedGateway summary: Kubernetes Services Replace a Gateway description: >- Replaces the full specification of the specified Gateway, triggering the gateway controller to reconcile listeners and attached routes. tags: - Gateway parameters: - $ref: '#/components/parameters/NamespaceParam' - $ref: '#/components/parameters/NameParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Gateway' responses: '200': description: Gateway updated content: application/json: schema: $ref: '#/components/schemas/Gateway' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteNamespacedGateway summary: Kubernetes Services Delete a Gateway description: >- Deletes the specified Gateway and triggers the controller to deprovision the associated traffic-handling infrastructure. tags: - Gateway parameters: - $ref: '#/components/parameters/NamespaceParam' - $ref: '#/components/parameters/NameParam' responses: '200': description: Gateway deleted content: application/json: schema: $ref: '#/components/schemas/Gateway' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /apis/gateway.networking.k8s.io/v1/namespaces/{namespace}/httproutes: get: operationId: listNamespacedHTTPRoutes summary: Kubernetes Services List HTTPRoutes in a namespace description: >- Returns a list of all HTTPRoute resources in the specified namespace. HTTPRoutes define HTTP request routing rules from Gateway listeners to backend services with support for path, header, query parameter, and method matching. tags: - HTTPRoute parameters: - $ref: '#/components/parameters/NamespaceParam' - $ref: '#/components/parameters/LabelSelector' - $ref: '#/components/parameters/Limit' - $ref: '#/components/parameters/Watch' responses: '200': description: List of HTTPRoute resources content: application/json: schema: $ref: '#/components/schemas/HTTPRouteList' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createNamespacedHTTPRoute summary: Kubernetes Services Create an HTTPRoute description: >- Creates a new HTTPRoute in the specified namespace. The HTTPRoute attaches to a Gateway listener and defines how matched HTTP requests are forwarded to backend services, with optional request/response filters. tags: - HTTPRoute parameters: - $ref: '#/components/parameters/NamespaceParam' - $ref: '#/components/parameters/DryRun' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/HTTPRoute' responses: '201': description: HTTPRoute created content: application/json: schema: $ref: '#/components/schemas/HTTPRoute' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' /apis/gateway.networking.k8s.io/v1/namespaces/{namespace}/httproutes/{name}: get: operationId: getNamespacedHTTPRoute summary: Kubernetes Services Get an HTTPRoute description: >- Returns the specified HTTPRoute including its Gateway parent references, hostname matchers, routing rules, and backend references. tags: - HTTPRoute parameters: - $ref: '#/components/parameters/NamespaceParam' - $ref: '#/components/parameters/NameParam' responses: '200': description: HTTPRoute details content: application/json: schema: $ref: '#/components/schemas/HTTPRoute' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' put: operationId: replaceNamespacedHTTPRoute summary: Kubernetes Services Replace an HTTPRoute description: >- Replaces the full specification of the specified HTTPRoute, updating all routing rules and backend references. tags: - HTTPRoute parameters: - $ref: '#/components/parameters/NamespaceParam' - $ref: '#/components/parameters/NameParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/HTTPRoute' responses: '200': description: HTTPRoute updated content: application/json: schema: $ref: '#/components/schemas/HTTPRoute' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteNamespacedHTTPRoute summary: Kubernetes Services Delete an HTTPRoute description: >- Deletes the specified HTTPRoute. The gateway controller removes the corresponding routing rules from the gateway's proxy configuration. tags: - HTTPRoute parameters: - $ref: '#/components/parameters/NamespaceParam' - $ref: '#/components/parameters/NameParam' responses: '200': description: HTTPRoute deleted content: application/json: schema: $ref: '#/components/schemas/HTTPRoute' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /apis/gateway.networking.k8s.io/v1/namespaces/{namespace}/grpcroutes: get: operationId: listNamespacedGRPCRoutes summary: Kubernetes Services List GRPCRoutes in a namespace description: >- Returns a list of all GRPCRoute resources in the specified namespace. GRPCRoutes define gRPC routing rules matching on service and method names. tags: - GRPCRoute parameters: - $ref: '#/components/parameters/NamespaceParam' - $ref: '#/components/parameters/LabelSelector' - $ref: '#/components/parameters/Limit' - $ref: '#/components/parameters/Watch' responses: '200': description: List of GRPCRoute resources content: application/json: schema: $ref: '#/components/schemas/GRPCRouteList' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createNamespacedGRPCRoute summary: Kubernetes Services Create a GRPCRoute description: >- Creates a new GRPCRoute in the specified namespace for routing gRPC traffic from a Gateway listener to backend services based on gRPC service and method names. tags: - GRPCRoute parameters: - $ref: '#/components/parameters/NamespaceParam' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/GRPCRoute' responses: '201': description: GRPCRoute created content: application/json: schema: $ref: '#/components/schemas/GRPCRoute' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' components: securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: Kubernetes service account or user bearer token. clientCertificate: type: mutualTLS description: Client TLS certificate signed by the cluster CA. parameters: NamespaceParam: name: namespace in: path required: true description: Namespace name to scope the request. schema: type: string NameParam: name: name in: path required: true description: Name of the resource. schema: type: string LabelSelector: name: labelSelector in: query description: Label selector to filter resources. schema: type: string Limit: name: limit in: query description: Maximum number of items to return. schema: type: integer minimum: 1 Watch: name: watch in: query description: If true, stream watch events. schema: type: boolean DryRun: name: dryRun in: query description: If 'All', validates without persisting. schema: type: string enum: - All responses: BadRequest: description: Bad request content: application/json: schema: $ref: '#/components/schemas/Status' Unauthorized: description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' NotFound: description: Not found content: application/json: schema: $ref: '#/components/schemas/Status' schemas: GatewayClass: type: object description: >- A GatewayClass is a cluster-scoped resource that defines a class of gateway implementations, linking to a specific gateway controller via the controllerName field. Infrastructure providers create GatewayClasses when deploying their gateway controller. properties: apiVersion: type: string const: gateway.networking.k8s.io/v1 kind: type: string const: GatewayClass metadata: $ref: '#/components/schemas/ObjectMeta' spec: type: object description: GatewayClass specification. required: - controllerName properties: controllerName: type: string description: >- Domain-prefixed path identifying the gateway controller implementing this class. Example: gateway.nginx.org/nginx-gateway. parametersRef: type: object description: >- Reference to a provider-specific resource containing controller configuration parameters. properties: group: type: string kind: type: string name: type: string namespace: type: string status: type: object description: Current status of the GatewayClass. properties: conditions: type: array items: $ref: '#/components/schemas/Condition' GatewayClassList: type: object description: A list of GatewayClass resources. required: - items properties: apiVersion: type: string kind: type: string const: GatewayClassList metadata: $ref: '#/components/schemas/ListMeta' items: type: array items: $ref: '#/components/schemas/GatewayClass' GatewayListener: type: object description: >- A listener on a Gateway defining the protocol, port, optional hostname, and which routes are allowed to attach. required: - name - protocol - port properties: name: type: string description: Unique name for this listener within the Gateway. protocol: type: string enum: - HTTP - HTTPS - TLS - TCP - UDP description: Network protocol this listener accepts. port: type: integer minimum: 1 maximum: 65535 description: Port number the listener accepts traffic on. hostname: type: string description: >- Hostname this listener matches. Supports wildcard prefix like *.example.com. Empty matches all hostnames. tls: type: object description: TLS configuration for HTTPS and TLS listeners. properties: mode: type: string enum: - Terminate - Passthrough description: >- TLS mode. Terminate decrypts traffic at the gateway; Passthrough forwards encrypted traffic to the backend. certificateRefs: type: array description: References to TLS certificate Secrets. items: type: object properties: name: type: string namespace: type: string allowedRoutes: type: object description: Defines which routes can attach to this listener. properties: namespaces: type: object properties: from: type: string enum: - All - Same - Selector description: >- Namespaces from which routes may attach. Same means only the Gateway's namespace; All means any namespace. Gateway: type: object description: >- A Gateway represents an instance of traffic-handling infrastructure, such as a cloud load balancer or in-cluster proxy. It listens on one or more ports and delegates routing decisions to attached Route resources. properties: apiVersion: type: string const: gateway.networking.k8s.io/v1 kind: type: string const: Gateway metadata: $ref: '#/components/schemas/ObjectMeta' spec: type: object description: Gateway specification. required: - gatewayClassName - listeners properties: gatewayClassName: type: string description: Name of the GatewayClass this Gateway implements. listeners: type: array description: List of listeners for this Gateway. minItems: 1 items: $ref: '#/components/schemas/GatewayListener' status: type: object description: Current status of the Gateway. properties: conditions: type: array items: $ref: '#/components/schemas/Condition' addresses: type: array description: Addresses assigned to this Gateway by the controller. items: type: object properties: type: type: string enum: - IPAddress - Hostname value: type: string GatewayList: type: object description: A list of Gateway resources. required: - items properties: apiVersion: type: string kind: type: string const: GatewayList metadata: $ref: '#/components/schemas/ListMeta' items: type: array items: $ref: '#/components/schemas/Gateway' HTTPRouteMatch: type: object description: >- Conditions for matching an incoming HTTP request. Multiple matches within a rule are OR'd; conditions within a match are AND'd. properties: path: type: object description: Path match conditions. properties: type: type: string enum: - Exact - PathPrefix - RegularExpression description: Path match type. value: type: string description: Path value to match. headers: type: array description: Header match conditions. All conditions must match. items: type: object properties: name: type: string description: Header name to match. value: type: string description: Header value to match. type: type: string enum: - Exact - RegularExpression queryParams: type: array description: Query parameter match conditions. items: type: object properties: name: type: string value: type: string type: type: string enum: - Exact - RegularExpression method: type: string enum: - GET - POST - PUT - PATCH - DELETE - HEAD - OPTIONS - CONNECT - TRACE description: HTTP method to match. HTTPBackendRef: type: object description: >- Reference to a backend service in an HTTPRoute rule, with an optional traffic weight for proportional routing. required: - name - port properties: name: type: string description: Name of the referenced Service. namespace: type: string description: Namespace of the Service. Defaults to the HTTPRoute's namespace. port: type: integer minimum: 1 maximum: 65535 description: Port number on the referenced Service. weight: type: integer minimum: 0 maximum: 1000000 description: >- Relative weight for traffic distribution. Requests are proportioned by weight across backendRefs in the same rule. HTTPRoute: type: object description: >- An HTTPRoute defines HTTP routing rules from one or more Gateway listeners to backend services. Rules support rich matching on path, headers, query parameters, and HTTP method, and can apply request and response filters. properties: apiVersion: type: string const: gateway.networking.k8s.io/v1 kind: type: string const: HTTPRoute metadata: $ref: '#/components/schemas/ObjectMeta' spec: type: object description: HTTPRoute specification. properties: parentRefs: type: array description: >- Gateway listeners this route attaches to. Routes must be accepted by the Gateway to receive traffic. items: type: object properties: name: type: string description: Name of the parent Gateway. namespace: type: string description: Namespace of the parent Gateway. sectionName: type: string description: Listener name on the Gateway to attach to. hostnames: type: array description: >- Hostnames that should match to route traffic to this route. Supports wildcard prefixes. items: type: string rules: type: array description: >- Routing rules. Each rule consists of match conditions and backend references. Rules are evaluated in order. items: type: object properties: matches: type: array description: Match conditions for this rule. Rules are OR'd. items: $ref: '#/components/schemas/HTTPRouteMatch' backendRefs: type: array description: Backends to forward matched requests to. items: $ref: '#/components/schemas/HTTPBackendRef' status: type: object properties: parents: type: array description: Status per parent Gateway this route is attached to. items: type: object properties: parentRef: type: object conditions: type: array items: $ref: '#/components/schemas/Condition' HTTPRouteList: type: object description: A list of HTTPRoute resources. required: - items properties: apiVersion: type: string kind: type: string const: HTTPRouteList metadata: $ref: '#/components/schemas/ListMeta' items: type: array items: $ref: '#/components/schemas/HTTPRoute' GRPCRoute: type: object description: >- A GRPCRoute defines gRPC routing rules from Gateway listeners to backend services, matching on gRPC service and method names for targeted traffic distribution. properties: apiVersion: type: string const: gateway.networking.k8s.io/v1 kind: type: string const: GRPCRoute metadata: $ref: '#/components/schemas/ObjectMeta' spec: type: object properties: parentRefs: type: array description: Gateway listeners this route attaches to. items: type: object properties: name: type: string namespace: type: string hostnames: type: array description: Hostnames that should match for this route. items: type: string rules: type: array description: gRPC routing rules. items: type: object properties: matches: type: array items: type: object properties: method: type: object properties: service: type: string description: gRPC service name to match. method: type: string description: gRPC method name to match. type: type: string enum: - Exact - RegularExpression backendRefs: type: array items: type: object properties: name: type: string namespace: type: string port: type: integer weight: type: integer GRPCRouteList: type: object description: A list of GRPCRoute resources. required: - items properties: apiVersion: type: string kind: type: string const: GRPCRouteList metadata: $ref: '#/components/schemas/ListMeta' items: type: array items: $ref: '#/components/schemas/GRPCRoute' ObjectMeta: type: object description: Standard Kubernetes object metadata. properties: name: type: string description: Name of the object. namespace: type: string description: Namespace of the object. uid: type: string description: Unique server-assigned identifier. resourceVersion: type: string description: Internal version string. creationTimestamp: type: string format: date-time description: Creation timestamp. labels: type: object additionalProperties: type: string description: Label key-value pairs. annotations: type: object additionalProperties: type: string description: Non-identifying metadata. ListMeta: type: object description: Metadata for list responses. properties: resourceVersion: type: string continue: type: string remainingItemCount: type: integer Condition: type: object description: A condition expressing an aspect of current resource state. required: - type - status properties: type: type: string description: Type of condition. status: type: string enum: - 'True' - 'False' - Unknown reason: type: string description: Machine-readable reason for the condition. message: type: string description: Human-readable condition details. lastTransitionTime: type: string format: date-time Status: type: object description: Error or result status. properties: code: type: integer message: type: string reason: type: string status: type: string enum: - Success - Failure