add api changes according to gep-3155

Author: LiorLieberman

apis/applyconfiguration/apis/v1/gatewaybackendtls.go

@@ -229,6 +229,15 @@ type GatewaySpec struct {
 	// <gateway:experimental>
 	// +optional
 	Infrastructure *GatewayInfrastructure `json:"infrastructure,omitempty"`
+
+	// BackendTLS configures TLS settings for when this Gateway is connecting to
+	// backends with TLS.
+	//
+	// Support: Core
+	//
+	// +optional
+	// <gateway:experimental>
+	BackendTLS *GatewayBackendTLS `json:"backendTLS,omitempty"`
 }
 
 // Listener embodies the concept of a logical endpoint where a Gateway accepts
@@ -374,6 +383,29 @@ const (
 	UDPProtocolType ProtocolType = "UDP"
 )
 
+// GatewayBackendTLS describes backend TLS configuration for gateway.
+type GatewayBackendTLS struct {
+	// ClientCertificateRef is a reference to an object that contains a Client
+	// Certificate and the associated private key.
+	//
+	// References to a resource in different namespace are invalid UNLESS there
+	// is a ReferenceGrant in the target namespace that allows the certificate
+	// to be attached. If a ReferenceGrant does not allow this reference, the
+	// "ResolvedRefs" condition MUST be set to False for this listener with the
+	// "RefNotPermitted" reason.
+	//
+	// ClientCertificateRef can reference to standard Kubernetes resources, i.e.
+	// Secret, or implementation-specific custom resources.
+	//
+	// This setting can be overriden on the service level by use of BackendTLSPolicy.
+	//
+	// Support: Core
+	//
+	// +optional
+	// <gateway:experimental>
+	ClientCertificateRef *SecretObjectReference `json:"clientCertificateRef,omitempty"`
+}
+
 // GatewayTLSConfig describes a TLS configuration.
 //
 // +kubebuilder:validation:XValidation:message="certificateRefs or options must be specified when mode is Terminate",rule="self.mode == 'Terminate' ? size(self.certificateRefs) > 0 || size(self.options) > 0 : true"

apis/applyconfiguration/apis/v1/gatewayspec.go

@@ -535,6 +535,19 @@ type Hostname string
 // +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
 type PreciseHostname string
 
+// AbsoluteURI represents a Uniform Resource Identifier (URI) as defined by RFC3986.
+
+// The AbsoluteURI MUST NOT be a relative URI, and it MUST follow the URI syntax and
+// encoding rules specified in RFC3986.  The AbsoluteURI MUST include both a
+// scheme (e.g., "http" or "spiffe") and a scheme-specific-part.  URIs that
+// include an authority MUST include a fully qualified domain name or
+// IP address as the host.
+
+// +kubebuilder:validation:MinLength=1
+// +kubebuilder:validation:MaxLength=253
+// +kubebuilder:validation:Pattern=`^(([^:/?#]+):)(//([^/?#]*))([^?#]*)(\?([^#]*))?(#(.*))?`
+type AbsoluteURI string
+
 // Group refers to a Kubernetes Group. It must either be an empty string or a
 // RFC 1123 subdomain.
 //