gateway-api icon indicating copy to clipboard operation
gateway-api copied to clipboard
verified publisher icon kubernetes-sigs

parentRefs for TCPRoute undocumented

Open Javex opened this issue 5 months ago • 4 comments

What would you like to be added:

The parentRefs field for TCPRoute under TCPRouteSpec is not documented on the page, but the CRD describes it as follows:

ParentRefs references the resources (usually Gateways) that a Route wants
to be attached to. Note that the referenced parent resource needs to
allow this for the attachment to be complete. For Gateways, that means
the Gateway needs to allow attachment from Routes of this kind and
namespace. For Services, that means the Service must either be in the same
namespace for a "producer" route, or the mesh implementation must support
and allow "consumer" routes for the referenced Service. ReferenceGrant is
not applicable for governing ParentRefs to Services - it is not possible to
create a "producer" route for a Service in a different namespace from the
Route.

There are two kinds of parent resources with "Core" support:

* Gateway (Gateway conformance profile)
* Service (Mesh conformance profile, ClusterIP Services only)

This API may be extended in the future to support additional kinds of parent
resources.

ParentRefs must be _distinct_. This means either that:

* They select different objects.  If this is the case, then parentRef
  entries are distinct. In terms of fields, this means that the
  multi-part key defined by `group`, `kind`, `namespace`, and `name` must
  be unique across all parentRef entries in the Route.
* They do not select different objects, but for each optional field used,
  each ParentRef that selects the same object must set the same set of
  optional fields to different values. If one ParentRef sets a
  combination of optional fields, all must set the same combination.

Some examples:

* If one ParentRef sets `sectionName`, all ParentRefs referencing the
  same object must also set `sectionName`.
* If one ParentRef sets `port`, all ParentRefs referencing the same
  object must also set `port`.
* If one ParentRef sets `sectionName` and `port`, all ParentRefs
  referencing the same object must also set `sectionName` and `port`.

It is possible to separately reference multiple distinct objects that may
be collapsed by an implementation. For example, some implementations may
choose to merge compatible Gateway Listeners together. If that is the
case, the list of routes attached to those resources should also be
merged.

Note that for ParentRefs that cross namespace boundaries, there are specific
rules. Cross-namespace references are only valid if they are explicitly
allowed by something in the namespace they are referring to. For example,
Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable other kinds of cross-namespace reference.


ParentRefs from a Route to a Service in the same namespace are "producer"
routes, which apply default routing rules to inbound connections from
any namespace to the Service.

ParentRefs from a Route to a Service in a different namespace are
"consumer" routes, and these routing rules are only applied to outbound
connections originating from the same namespace as the Route, for which
the intended destination of the connections are a Service targeted as a
ParentRef of the Route.

Why this is needed: Without this it is not clear how a TCPRoute is supposed to connect to a gateway listener.

Javex avatar Jul 29 '25 11:07 Javex

Indeed, not only TCPRoute, but also UDPRoute and TLSRoute are undocumented.

bzp2010 avatar Aug 30 '25 17:08 bzp2010

It seems like since we changed the tool we use for generating that docs page from the Go types, it no longer includes the docs for inlined types correctly. The parentRefs stanza is inlined into the spec of each Route type via the CommonRouteSpec Go struct, which is where that godoc above lives.

This seems like a problem with the generator tool, thanks for pointing it out!

youngnick avatar Sep 01 '25 04:09 youngnick

To be clear, parentRefs works the same across all Route types, but HTTPRoute is the only Route type that accepts a Service parent. All other Route types must have a Gateway parent.

In particular, TCPRoute, UDPRoute, and TLSRoute only support Gateway parents, but aside from that the parenting behavior is as listed above in that godoc.

youngnick avatar Sep 01 '25 04:09 youngnick

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Nov 30 '25 05:11 k8s-triage-robot