Merge pull request #899 from robscott/tls-options-docs

Clarifying docs around TLS options
kubernetes-sigs · Oct 12, 2021 · 24ffffc · 24ffffc
2 parents dfd24e4 + 9b1a930
commit 24ffffc
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 13 deletions.
diff --git a/apis/v1alpha2/gateway_types.go b/apis/v1alpha2/gateway_types.go
@@ -328,13 +328,14 @@ type GatewayTLSConfig struct {
 	// +kubebuilder:validation:MaxItems=64
 	CertificateRefs []*SecretObjectReference `json:"certificateRefs,omitempty"`
 
-	// Options are a list of key/value pairs to give extended options
-	// to the provider.
-	//
-	// There variation among providers as to how ciphersuites are
-	// expressed. If there is a common subset for expressing ciphers
-	// then it will make sense to loft that as a core API
-	// construct.
+	// Options are a list of key/value pairs to enable extended TLS
+	// configuration for each implementation. For example, configuring the
+	// minimum TLS version or supported cipher suites.
+	//
+	// A set of common keys MAY be defined by the API in the future. To avoid
+	// any ambiguity, implementation-specific definitions MUST use
+	// domain-prefixed names, such as `example.com/my-custom-option`.
+	// Un-prefixed names are reserved for key names defined by Gateway API.
 	//
 	// Support: Implementation-specific
 	//

diff --git a/config/crd/v1alpha2/gateway.networking.k8s.io_gateways.yaml b/config/crd/v1alpha2/gateway.networking.k8s.io_gateways.yaml