envoyproxy · zirain · Sep 29, 2025 · Sep 30, 2025 · Sep 30, 2025 · Sep 30, 2025
@@ -8,7 +8,6 @@ package v1alpha1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
-	gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3"
 )
 
 const (
@@ -196,7 +195,7 @@ type BackendTLSSettings struct {
 	// CACertificateRefs or WellKnownCACertificates may be specified, not both.
 	//
 	// +optional
-	WellKnownCACertificates *gwapiv1a3.WellKnownCACertificatesType `json:"wellKnownCACertificates,omitempty"`
+	WellKnownCACertificates *gwapiv1.WellKnownCACertificatesType `json:"wellKnownCACertificates,omitempty"`
 
 	// InsecureSkipVerify indicates whether the upstream's certificate verification
 	// should be skipped. Defaults to "false".

@@ -8,7 +8,7 @@ package v1alpha1
 import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
 const (
@@ -31,7 +31,7 @@ type BackendTrafficPolicy struct {
 	Spec BackendTrafficPolicySpec `json:"spec"`
 
 	// status defines the current status of BackendTrafficPolicy.
-	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
+	Status gwapiv1.PolicyStatus `json:"status,omitempty"`
 }
 
 // BackendTrafficPolicySpec defines the desired state of BackendTrafficPolicy.

@@ -7,7 +7,7 @@ package v1alpha1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
 const (
@@ -30,17 +30,16 @@ type ClientTrafficPolicy struct {
 	Spec ClientTrafficPolicySpec `json:"spec"`
 
 	// Status defines the current status of ClientTrafficPolicy.
-	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
+	Status gwapiv1.PolicyStatus `json:"status,omitempty"`
 }
 
-// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
+// ClientTrafficPolicySpec defines the desired state of ClientTrafficPolicy.
 //
+// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind == 'Gateway' : true", message="this policy can only have a targetRef.kind of Gateway"
 // +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io"
 // +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind == 'Gateway') : true", message="this policy can only have a targetRefs[*].kind of Gateway"
-//
-// ClientTrafficPolicySpec defines the desired state of ClientTrafficPolicy.
 type ClientTrafficPolicySpec struct {
 	PolicyTargetReferences `json:",inline"`
 

@@ -7,7 +7,7 @@ package v1alpha1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
 const (
@@ -29,7 +29,7 @@ type EnvoyExtensionPolicy struct {
 	Spec EnvoyExtensionPolicySpec `json:"spec"`
 
 	// Status defines the current status of EnvoyExtensionPolicy.
-	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
+	Status gwapiv1.PolicyStatus `json:"status,omitempty"`
 }
 
 // EnvoyExtensionPolicySpec defines the desired state of EnvoyExtensionPolicy.

@@ -8,7 +8,7 @@ package v1alpha1
 import (
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
 const (
@@ -32,7 +32,7 @@ type EnvoyPatchPolicy struct {
 	Spec EnvoyPatchPolicySpec `json:"spec"`
 
 	// Status defines the current status of EnvoyPatchPolicy.
-	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
+	Status gwapiv1.PolicyStatus `json:"status,omitempty"`
 }
 
 // EnvoyPatchPolicySpec defines the desired state of EnvoyPatchPolicy.
@@ -54,7 +54,7 @@ type EnvoyPatchPolicySpec struct {
 	// This Policy and the TargetRef MUST be in the same namespace
 	// for this Policy to have effect and be applied to the Gateway
 	// TargetRef
-	TargetRef gwapiv1a2.LocalPolicyTargetReference `json:"targetRef"`
+	TargetRef gwapiv1.LocalPolicyTargetReference `json:"targetRef"`
 	// Priority of the EnvoyPatchPolicy.
 	// If multiple EnvoyPatchPolicies are applied to the same
 	// TargetRef, they will be applied in the ascending order of
@@ -147,23 +147,23 @@ const (
 	// * "Invalid"
 	// * "ResourceNotFound"
 	//
-	PolicyConditionProgrammed gwapiv1a2.PolicyConditionType = "Programmed"
+	PolicyConditionProgrammed gwapiv1.PolicyConditionType = "Programmed"
 
 	// PolicyReasonProgrammed is used with the "Programmed" condition when the policy
 	// is ready to be programmed into the data plane.
-	PolicyReasonProgrammed gwapiv1a2.PolicyConditionReason = "Programmed"
+	PolicyReasonProgrammed gwapiv1.PolicyConditionReason = "Programmed"
 
 	// PolicyReasonInvalid is used with the "Programmed" condition when the patch
 	// is syntactically or semantically invalid.
-	PolicyReasonInvalid gwapiv1a2.PolicyConditionReason = "Invalid"
+	PolicyReasonInvalid gwapiv1.PolicyConditionReason = "Invalid"
 
 	// PolicyReasonResourceNotFound is used with the "Programmed" condition when the
 	// policy cannot find the resource type to patch to.
-	PolicyReasonResourceNotFound gwapiv1a2.PolicyConditionReason = "ResourceNotFound"
+	PolicyReasonResourceNotFound gwapiv1.PolicyConditionReason = "ResourceNotFound"
 
 	// PolicyReasonDisabled is used with the "Accepted" condition when the policy
 	// feature is disabled by the configuration.
-	PolicyReasonDisabled gwapiv1a2.PolicyConditionReason = "Disabled"
+	PolicyReasonDisabled gwapiv1.PolicyConditionReason = "Disabled"
 )
 
 //+kubebuilder:object:root=true

@@ -8,7 +8,6 @@ package v1alpha1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
-	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
 )
 
 const (
@@ -19,11 +18,11 @@ const (
 	//
 	// * "Aggregated"
 	//
-	PolicyConditionAggregated gwapiv1a2.PolicyConditionType = "Aggregated"
+	PolicyConditionAggregated gwapiv1.PolicyConditionType = "Aggregated"
 
 	// PolicyReasonAggregated is used with the "Aggregated" condition when the policy
 	// is aggregated to satisfy CEL constraints in PolicyAncestorStatus (not exceeding 16).
-	PolicyReasonAggregated gwapiv1a2.PolicyConditionReason = "Aggregated"
+	PolicyReasonAggregated gwapiv1.PolicyConditionReason = "Aggregated"
 )
 
 type PolicyTargetReferences struct {
@@ -32,11 +31,11 @@ type PolicyTargetReferences struct {
 	// Policy to have effect
 	//
 	// Deprecated: use targetRefs/targetSelectors instead
-	TargetRef *gwapiv1a2.LocalPolicyTargetReferenceWithSectionName `json:"targetRef,omitempty"`
+	TargetRef *gwapiv1.LocalPolicyTargetReferenceWithSectionName `json:"targetRef,omitempty"`
 
 	// TargetRefs are the names of the Gateway resources this policy
 	// is being attached to.
-	TargetRefs []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName `json:"targetRefs,omitempty"`
+	TargetRefs []gwapiv1.LocalPolicyTargetReferenceWithSectionName `json:"targetRefs,omitempty"`
 
 	// TargetSelectors allow targeting resources for this policy based on labels
 	TargetSelectors []TargetSelector `json:"targetSelectors,omitempty"`
@@ -63,9 +62,9 @@ type TargetSelector struct {
 	MatchExpressions []metav1.LabelSelectorRequirement `json:"matchExpressions,omitempty"`
 }
 
-func (p PolicyTargetReferences) GetTargetRefs() []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName {
+func (p PolicyTargetReferences) GetTargetRefs() []gwapiv1.LocalPolicyTargetReferenceWithSectionName {
 	if p.TargetRef != nil {
-		return []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{*p.TargetRef}
+		return []gwapiv1.LocalPolicyTargetReferenceWithSectionName{*p.TargetRef}
 	}
 	return p.TargetRefs
 }
@@ -7,7 +7,7 @@ package v1alpha1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
 const (
@@ -30,24 +30,23 @@ type SecurityPolicy struct {
 	Spec SecurityPolicySpec `json:"spec"`
 
 	// Status defines the current status of SecurityPolicy.
-	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
+	Status gwapiv1.PolicyStatus `json:"status,omitempty"`
 }
 
-// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
-//
-// +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
-// +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'TCPRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute"
-// +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true ", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io"
-// +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'TCPRoute']) : true ", message="this policy can only have a targetRefs[*].kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute"
-// +kubebuilder:validation:XValidation:rule="(has(self.authorization) && has(self.authorization.rules) && self.authorization.rules.exists(r, has(r.principal.jwt))) ? has(self.jwt) : true", message="if authorization.rules.principal.jwt is used, jwt must be defined"
-//
 // SecurityPolicySpec defines the desired state of SecurityPolicy.
 //
 // NOTE: SecurityPolicy can target Gateway, HTTPRoute, GRPCRoute, and TCPRoute.
 // When a SecurityPolicy targets a TCPRoute, only client-IP based authorization
 // (Authorization rules that use Principal.ClientCIDRs) is applied. Other
 // authentication/authorization features such as JWT, API Key, Basic Auth,
 // OIDC, or External Authorization are not applicable to TCPRoute targets.
+//
+// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
+// +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
+// +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'TCPRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute"
+// +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true ", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io"
+// +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'TCPRoute']) : true ", message="this policy can only have a targetRefs[*].kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute"
+// +kubebuilder:validation:XValidation:rule="(has(self.authorization) && has(self.authorization.rules) && self.authorization.rules.exists(r, has(r.principal.jwt))) ? has(self.jwt) : true", message="if authorization.rules.principal.jwt is used, jwt must be defined"
 type SecurityPolicySpec struct {
 	PolicyTargetReferences `json:",inline"`
 

@@ -13,7 +13,6 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
-	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
 )
 
 const (
@@ -47,18 +46,18 @@ const (
 	//
 	// * "Overridden"
 	//
-	PolicyConditionOverridden gwapiv1a2.PolicyConditionType = "Overridden"
+	PolicyConditionOverridden gwapiv1.PolicyConditionType = "Overridden"
 
 	// PolicyReasonOverridden is used with the "Overridden" condition when the policy
 	// has been overridden by another policy targeting a section within the same target.
-	PolicyReasonOverridden gwapiv1a2.PolicyConditionReason = "Overridden"
+	PolicyReasonOverridden gwapiv1.PolicyConditionReason = "Overridden"
 
 	// PolicyConditionMerged indicates whether the policy has
 	// been merged with another policy targeting the parent(e.g. Gateway).
-	PolicyConditionMerged gwapiv1a2.PolicyConditionType = "Merged"
+	PolicyConditionMerged gwapiv1.PolicyConditionType = "Merged"
 	// PolicyReasonMerged is used with the "Merged" condition when the policy
 	// has been merged with another policy targeting the parent(e.g. Gateway).
-	PolicyReasonMerged gwapiv1a2.PolicyConditionReason = "Merged"
+	PolicyReasonMerged gwapiv1.PolicyConditionReason = "Merged"
 )
 
 // GroupVersionKind unambiguously identifies a Kind.