Initial commit

Author: gauravkghildiyal

.gitignore

@@ -0,0 +1,2 @@
+vendor/
+bin/

README.md

@@ -0,0 +1,133 @@
+# gwctl
+
+gwctl is a tool that improves the usability of the Gateway API by providing a better way to view and manage policies ([GEP-713](https://gateway-api.sigs.k8s.io/geps/gep-713)). The aim is to make it available as a standalone binary, a kubectl plugin, and a library.
+
+gwctl allows you to view all Gateway API policy types that are present in a cluster, as well as all "policy bindings" in a namespace (or across all namespaces). It also shows you the attached policies when you view any Gateway resource (like HTTPRoute, Gateway, GatewayClass, etc.)
+
+Please note that gwctl is <b>still under development and may have bugs</b>. There may be changes at various places, including the command-line interface, the output format, and the supported features.
+
+In the future, gwctl may be able to read status from the policy resource to determine if it has been applied correctly.
+
+## Try it out!
+
+```bash
+# Clone the gwctl repository
+git clone https://github.com/gauravkghildiyal/gwctl.git
+
+# Go to the gwctl directory
+cd gwctl
+
+# Ensure vendor depedencies
+go mod tidy
+go mod vendor
+
+# Build the gwctl binary
+go build -o bin/gwctl cmd/gwctl/main.go
+
+# Add binary to PATH
+export PATH=./bin:${PATH}
+
+# OPTIONAL: Create sample resources
+kubectl apply -f samples/crds.yaml
+kubectl apply -f samples/examples.yaml
+
+# Start using!
+gwctl --help
+```
+
+## Examples
+Here are some examples of how gwctl can be used:
+
+```bash
+# List all policies in the cluster. This will also give the resource they bind to.
+gwctl get policies -A
+
+# List all available policy types
+gwctl get policycrds
+
+# Describe all HTTPRoutes in namespace ns2
+gwctl describe httproutes -n ns2
+
+# Describe a single HTTPRoute in default namespace
+gwctl describe httproutes demo-httproute-1
+
+# Describe all Gateways across all namespaces.
+gwctl describe gateways -A
+
+# Describe a single GatewayClass
+gwctl describe gatewayclasses foo-com-external-gateway-class
+```
+
+Here are some commands with their sample output:
+```bash
+❯ gwctl get policies -A
+POLICYNAME                     POLICYKIND               TARGETNAME                      TARGETKIND
+demo-health-check-1            HealthCheckPolicy        demo-gateway-1                  Gateway
+demo-retry-policy-1            RetryOnPolicy            demo-gateway-1                  Gateway
+demo-retry-policy-2            RetryOnPolicy            demo-httproute-2                HTTPRoute
+demo-timeout-policy-1          TimeoutPolicy            foo-com-external-gateway-class  GatewayClass
+demo-tls-min-version-policy-1  TLSMinimumVersionPolicy  demo-httproute-1                HTTPRoute
+demo-tls-min-version-policy-2  TLSMinimumVersionPolicy  demo-gateway-2                  Gateway
+
+❯ gwctl describe httproutes -n ns2
+Name:      demo-httproute-3
+Namespace: ns2
+Hostnames:
+    - example.com
+ParentRefs:
+    - Kind:  Gateway
+      Group: gateway.networking.k8s.io
+      Name:  demo-gateway-2
+DirectlyAttachedPolicies:
+InheritedPolicies:
+    - Kind: TLSMinimumVersionPolicy
+      Group: baz.com
+      Name: demo-tls-min-version-policy-2
+      Target:
+          Kind:   Gateway
+          Group:  gateway.networking.k8s.io
+          Name:   demo-gateway-2
+
+
+Name:      demo-httproute-4
+Namespace: ns2
+Hostnames:
+    - demo.com
+ParentRefs:
+    - Kind:  Gateway
+      Group: gateway.networking.k8s.io
+      Name:  demo-gateway-1
+DirectlyAttachedPolicies:
+InheritedPolicies:
+    - Kind: HealthCheckPolicy
+      Group: foo.com
+      Name: demo-health-check-1
+      Target:
+          Kind:   Gateway
+          Group:  gateway.networking.k8s.io
+          Name:   demo-gateway-1
+    - Kind: RetryOnPolicy
+      Group: foo.com
+      Name: demo-retry-policy-1
+      Target:
+          Kind:   Gateway
+          Group:  gateway.networking.k8s.io
+          Name:   demo-gateway-1
+    - Kind: TimeoutPolicy
+      Group: bar.com
+      Name: demo-timeout-policy-1
+      Target:
+          Kind:   GatewayClass
+          Group:  gateway.networking.k8s.io
+          Name:   foo-com-external-gateway-class
+```
+
+---
+
+## Areas that definitely need some work:
+* Add tests.
+* Add some more tests.
+* Re-evalute the minimum information that we need to print for resource descriptions.
+* Improve/define library interfaces.
+* There's several areas which could be generified instead of being repetitive.
+

cmd/gwctl/main.go

@@ -0,0 +1,57 @@
+package main
+
+import (
+	_ "embed"
+	"fmt"
+	"math/rand"
+	"os"
+	"os/exec"
+	"time"
+
+	"k8s.io/client-go/dynamic"
+	"k8s.io/client-go/tools/clientcmd"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+	gatewayv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1"
+
+	"github.com/gauravkghildiyal/gwctl/pkg/cmd"
+	"github.com/gauravkghildiyal/gwctl/pkg/types"
+	"github.com/spf13/cobra"
+)
+
+func main() {
+	// TODO: Replace proxying with proper authentication through kubeconfig.
+	port := rand.Intn(30000) + 30000
+	if err := exec.Command("kubectl", "proxy", "-p", fmt.Sprintf("%v", port)).Start(); err != nil {
+		panic(err)
+	}
+	time.Sleep(100 * time.Millisecond)
+
+	restConfig, err := clientcmd.BuildConfigFromFlags(fmt.Sprintf("http://localhost:%v", port), "")
+	if err != nil {
+		panic(fmt.Sprintf("Failed to get restConfig from BuildConfigFromFlags: %v", err))
+	}
+
+	client, err := client.New(restConfig, client.Options{})
+	if err != nil {
+		panic(fmt.Sprintf("Error initializing Kubernetes client: %v", err))
+	}
+	gatewayv1alpha2.AddToScheme(client.Scheme())
+	gatewayv1beta1.AddToScheme(client.Scheme())
+
+	dc := dynamic.NewForConfigOrDie(restConfig)
+
+	clients := &types.Clients{
+		Client: client,
+		DC:     dc,
+	}
+
+	rootCmd := &cobra.Command{
+		Use: "gwctl",
+	}
+	rootCmd.AddCommand(cmd.NewGetCommand(clients))
+	rootCmd.AddCommand(cmd.NewDescribeCommand(clients))
+	if err := rootCmd.Execute(); err != nil {
+		os.Exit(1)
+	}
+}

go.mod

@@ -0,0 +1,57 @@
+module github.com/gauravkghildiyal/gwctl
+
+go 1.21
+
+require (
+	github.com/spf13/cobra v1.7.0
+	k8s.io/apiextensions-apiserver v0.27.3
+	k8s.io/apimachinery v0.27.3
+	k8s.io/client-go v0.27.3
+	sigs.k8s.io/controller-runtime v0.14.6
+	sigs.k8s.io/gateway-api v0.7.1
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.1 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/gnostic v0.5.7-v3refs // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/rogpeppe/go-internal v1.11.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/term v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/api v0.27.3 // indirect
+	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
+	k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
+)

go.sum

@@ -0,0 +1,105 @@
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+
+	"github.com/gauravkghildiyal/gwctl/pkg/resources/gatewayclasses"
+	"github.com/gauravkghildiyal/gwctl/pkg/resources/gateways"
+	"github.com/gauravkghildiyal/gwctl/pkg/resources/httproutes"
+	"github.com/gauravkghildiyal/gwctl/pkg/resources/policies"
+	"github.com/gauravkghildiyal/gwctl/pkg/types"
+	"github.com/spf13/cobra"
+)
+
+type describeFlags struct {
+	namespace     string
+	allNamespaces bool
+}
+
+func NewDescribeCommand(clients *types.Clients) *cobra.Command {
+	flags := &describeFlags{}
+
+	cmd := &cobra.Command{
+		Use:   "describe {policies|httproutes|gateways|gatewayclasses} RESOURCE_NAME",
+		Short: "Show details of a specific resource or group of resources",
+		Args:  cobra.RangeArgs(1, 2),
+		Run: func(cmd *cobra.Command, args []string) {
+			runDescribe(args, clients, flags)
+		},
+	}
+	cmd.Flags().StringVarP(&flags.namespace, "namespace", "n", "default", "")
+	cmd.Flags().BoolVarP(&flags.allNamespaces, "all-namespaces", "A", false, "If present, list requested resources from all namespaces.")
+
+	return cmd
+}
+
+func runDescribe(args []string, clients *types.Clients, flags *describeFlags) {
+	kind := args[0]
+	ns := flags.namespace
+	if flags.allNamespaces {
+		ns = ""
+	}
+
+	switch kind {
+	case "policy", "policies":
+		policyList, err := policies.List(context.TODO(), clients, ns)
+		if err != nil {
+			panic(err)
+		}
+		policies.PrintDescribeView(clients, policyList)
+	case "httproute", "httproutes":
+		var httpRoutes []gatewayv1alpha2.HTTPRoute
+		if len(args) == 1 {
+			var err error
+			httpRoutes, err = httproutes.List(context.TODO(), clients, ns)
+			if err != nil {
+				panic(err)
+			}
+		} else {
+			httpRoute, err := httproutes.Get(context.TODO(), clients, ns, args[1])
+			if err != nil {
+				panic(err)
+			}
+			httpRoutes = []gatewayv1alpha2.HTTPRoute{httpRoute}
+		}
+		httproutes.PrintDescribeView(context.TODO(), clients, httpRoutes)
+	case "gateway", "gateways":
+		var gws []gatewayv1alpha2.Gateway
+		if len(args) == 1 {
+			var err error
+			gws, err = gateways.List(context.TODO(), clients, ns)
+			if err != nil {
+				panic(err)
+			}
+		} else {
+			gw, err := gateways.Get(context.TODO(), clients, ns, args[1])
+			if err != nil {
+				panic(err)
+			}
+			gws = []gatewayv1alpha2.Gateway{gw}
+		}
+		gateways.PrintDescribeView(context.TODO(), clients, gws)
+	case "gatewayclass", "gatewayclasses":
+		var gwClasses []gatewayv1alpha2.GatewayClass
+		if len(args) == 1 {
+			var err error
+			gwClasses, err = gatewayclasses.List(context.TODO(), clients)
+			if err != nil {
+				panic(err)
+			}
+		} else {
+			gwc, err := gatewayclasses.Get(context.TODO(), clients, args[1])
+			if err != nil {
+				panic(err)
+			}
+			gwClasses = []gatewayv1alpha2.GatewayClass{gwc}
+		}
+		gatewayclasses.PrintDescribeView(context.TODO(), clients, gwClasses)
+	default:
+		fmt.Fprintf(os.Stderr, "Unrecognized RESOURCE_TYPE\n")
+	}
+}

pkg/cmd/describe.go

@@ -0,0 +1,58 @@
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/gauravkghildiyal/gwctl/pkg/resources/policies"
+	"github.com/gauravkghildiyal/gwctl/pkg/types"
+	"github.com/spf13/cobra"
+)
+
+type getFlags struct {
+	namespace     string
+	allNamespaces bool
+}
+
+func NewGetCommand(clients *types.Clients) *cobra.Command {
+	flags := &getFlags{}
+
+	cmd := &cobra.Command{
+		Use:   "get {policies|policycrds}",
+		Short: "Display one or many resources",
+		Args:  cobra.ExactArgs(1),
+		Run: func(cmd *cobra.Command, args []string) {
+			runGet(args, clients, flags)
+		},
+	}
+	cmd.Flags().StringVarP(&flags.namespace, "namespace", "n", "default", "")
+	cmd.Flags().BoolVarP(&flags.allNamespaces, "all-namespaces", "A", false, "If present, list requested resources from all namespaces.")
+
+	return cmd
+}
+
+func runGet(args []string, clients *types.Clients, flags *getFlags) {
+	kind := args[0]
+	ns := flags.namespace
+	if flags.allNamespaces {
+		ns = ""
+	}
+
+	switch kind {
+	case "policy", "policies":
+		p, err := policies.List(context.TODO(), clients, ns)
+		if err != nil {
+			panic(err)
+		}
+		policies.Print(p)
+	case "policycrds":
+		p, err := policies.ListCRDs(context.TODO(), clients)
+		if err != nil {
+			panic(err)
+		}
+		policies.PrintCRDs(p)
+	default:
+		fmt.Fprintf(os.Stderr, "Unrecognized RESOURCE_TYPE\n")
+	}
+}

pkg/cmd/get.go

@@ -0,0 +1,9 @@
+Name:           {{ .GatewayClass.Name }}
+ControllerName: {{ .GatewayClass.Spec.ControllerName }} 
+Description:    {{ .GatewayClass.Spec.Description }} 
+DirectlyAttachedPolicies:
+    {{- range .DirectlyAttachedPolicies }}
+    - Kind: {{ .GroupVersionKind.Kind }}
+      Group: {{ .GroupVersionKind.Group }}
+      Name: {{ .GetName }}
+    {{- end }}

pkg/resources/gatewayclasses/gatewayclass.tmpl

@@ -0,0 +1,84 @@
+package gatewayclasses
+
+import (
+	"context"
+	_ "embed"
+	"fmt"
+	"html/template"
+	"os"
+
+	"github.com/gauravkghildiyal/gwctl/pkg/resources/policies"
+	"github.com/gauravkghildiyal/gwctl/pkg/types"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	apimachinerytypes "k8s.io/apimachinery/pkg/types"
+	gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+)
+
+func List(ctx context.Context, dc *types.Clients) ([]gatewayv1alpha2.GatewayClass, error) {
+	gwcList := &gatewayv1alpha2.GatewayClassList{}
+	if err := dc.Client.List(ctx, gwcList); err != nil {
+		return []gatewayv1alpha2.GatewayClass{}, nil
+	}
+
+	return gwcList.Items, nil
+}
+
+func Get(ctx context.Context, clients *types.Clients, name string) (gatewayv1alpha2.GatewayClass, error) {
+	gwc := &gatewayv1alpha2.GatewayClass{}
+	nn := apimachinerytypes.NamespacedName{Name: name}
+	if err := clients.Client.Get(ctx, nn, gwc); err != nil {
+		return gatewayv1alpha2.GatewayClass{}, nil
+	}
+
+	return *gwc, nil
+}
+
+func GetAttachedPolicies(ctx context.Context, clients *types.Clients, name string) ([]unstructured.Unstructured, error) {
+	gw := &gatewayv1alpha2.GatewayClass{}
+	gvks, _, err := clients.Client.Scheme().ObjectKinds(gw)
+	if err != nil {
+		return []unstructured.Unstructured{}, nil
+	}
+
+	targetRef := gatewayv1alpha2.PolicyTargetReference{
+		Group: gatewayv1alpha2.Group(gvks[0].Group),
+		Kind:  gatewayv1alpha2.Kind(gvks[0].Kind),
+		Name:  gatewayv1alpha2.ObjectName(name),
+	}
+	return policies.ListAttachedTo(ctx, clients, targetRef)
+}
+
+func GetAllPolicies(ctx context.Context, clients *types.Clients, name string) ([]unstructured.Unstructured, error) {
+	return GetAttachedPolicies(ctx, clients, name)
+}
+
+type describeView struct {
+	GatewayClass             gatewayv1alpha2.GatewayClass
+	DirectlyAttachedPolicies []unstructured.Unstructured
+}
+
+//go:embed gatewayclass.tmpl
+var gatewayClassTmpl string
+
+func PrintDescribeView(ctx context.Context, clients *types.Clients, gwClasses []gatewayv1alpha2.GatewayClass) {
+	for i, gwc := range gwClasses {
+		directlyAttachedPolicies, err := GetAttachedPolicies(ctx, clients, gwc.Name)
+		if err != nil {
+			panic(err)
+		}
+
+		view := &describeView{
+			GatewayClass:             gwc,
+			DirectlyAttachedPolicies: directlyAttachedPolicies,
+		}
+
+		tmpl := template.Must(template.New("").Parse(gatewayClassTmpl))
+		if err := tmpl.Execute(os.Stdout, view); err != nil {
+			fmt.Fprintf(os.Stderr, "failed to execute template: %v", err)
+		}
+
+		if i+1 != len(gwClasses) {
+			fmt.Printf("\n\n")
+		}
+	}
+}

pkg/resources/gatewayclasses/gatewayclasses.go

@@ -0,0 +1,15 @@
+Name:         {{ .Gateway.Name }}
+Namespace:    {{ .Gateway.Namespace }}
+GatewayClass: {{ .Gateway.Spec.GatewayClassName }}
+DirectlyAttachedPolicies:
+    {{- range .DirectlyAttachedPolicies }}
+    - Kind:  {{ .GroupVersionKind.Kind }}
+      Group: {{ .GroupVersionKind.Group }}
+      Name:  {{ .GetName }}
+    {{- end }}
+InheritedPolicies:
+    {{- range .InheritedPolicies }}
+    - Kind:  {{ .GroupVersionKind.Kind }}
+      Group: {{ .GroupVersionKind.Group }}
+      Name:  {{ .GetName }}
+    {{- end }}

pkg/resources/gateways/gateway.tmpl

@@ -0,0 +1,115 @@
+package gateways
+
+import (
+	"context"
+	_ "embed"
+	"fmt"
+	"html/template"
+	"os"
+
+	"github.com/gauravkghildiyal/gwctl/pkg/resources/gatewayclasses"
+	"github.com/gauravkghildiyal/gwctl/pkg/resources/policies"
+	"github.com/gauravkghildiyal/gwctl/pkg/types"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	apimachinerytypes "k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+)
+
+func List(ctx context.Context, dc *types.Clients, namespace string) ([]gatewayv1alpha2.Gateway, error) {
+	gwList := &gatewayv1alpha2.GatewayList{}
+	if err := dc.Client.List(ctx, gwList, client.InNamespace(namespace)); err != nil {
+		return []gatewayv1alpha2.Gateway{}, nil
+	}
+
+	return gwList.Items, nil
+}
+
+func Get(ctx context.Context, clients *types.Clients, namespace, name string) (gatewayv1alpha2.Gateway, error) {
+	gw := &gatewayv1alpha2.Gateway{}
+	nn := apimachinerytypes.NamespacedName{Namespace: namespace, Name: name}
+	if err := clients.Client.Get(ctx, nn, gw); err != nil {
+		return gatewayv1alpha2.Gateway{}, nil
+	}
+
+	return *gw, nil
+}
+
+func GetAttachedPolicies(ctx context.Context, clients *types.Clients, namespace, name string) ([]unstructured.Unstructured, error) {
+	gw := &gatewayv1alpha2.Gateway{}
+	gvks, _, err := clients.Client.Scheme().ObjectKinds(gw)
+	if err != nil {
+		return []unstructured.Unstructured{}, nil
+	}
+
+	ns := gatewayv1alpha2.Namespace(namespace)
+	targetRef := gatewayv1alpha2.PolicyTargetReference{
+		Group:     gatewayv1alpha2.Group(gvks[0].Group),
+		Kind:      gatewayv1alpha2.Kind(gvks[0].Kind),
+		Name:      gatewayv1alpha2.ObjectName(name),
+		Namespace: &ns,
+	}
+	return policies.ListAttachedTo(ctx, clients, targetRef)
+}
+
+func GetInheritedPolicies(ctx context.Context, clients *types.Clients, namespace, name string) ([]unstructured.Unstructured, error) {
+	gw, err := Get(ctx, clients, namespace, name)
+	if err != nil {
+		return []unstructured.Unstructured{}, err
+	}
+
+	return gatewayclasses.GetAllPolicies(ctx, clients, string(gw.Spec.GatewayClassName))
+}
+
+func GetAllPolicies(ctx context.Context, clients *types.Clients, namespace, name string) ([]unstructured.Unstructured, error) {
+	var result []unstructured.Unstructured
+	policies, err := GetAttachedPolicies(ctx, clients, namespace, name)
+	if err != nil {
+		return result, err
+	}
+	result = append(result, policies...)
+
+	policies, err = GetInheritedPolicies(ctx, clients, namespace, name)
+	if err != nil {
+		return result, err
+	}
+	result = append(result, policies...)
+	return result, nil
+}
+
+type describeView struct {
+	Gateway                  gatewayv1alpha2.Gateway
+	DirectlyAttachedPolicies []unstructured.Unstructured
+	InheritedPolicies        []types.GenericPolicy
+}
+
+//go:embed gateway.tmpl
+var gatewayTmpl string
+
+func PrintDescribeView(ctx context.Context, clients *types.Clients, gws []gatewayv1alpha2.Gateway) {
+	for i, gw := range gws {
+		directlyAttachedPolicies, err := GetAttachedPolicies(ctx, clients, gw.Namespace, gw.Name)
+		if err != nil {
+			panic(err)
+		}
+		inheritedPolicies, err := GetInheritedPolicies(ctx, clients, gw.Namespace, gw.Name)
+		if err != nil {
+			panic(err)
+		}
+
+		view := &describeView{
+			Gateway:                  gw,
+			DirectlyAttachedPolicies: directlyAttachedPolicies,
+			InheritedPolicies:        policies.UnstructuredToGeneric(clients, inheritedPolicies),
+		}
+
+		tmpl := template.Must(template.New("").Parse(gatewayTmpl))
+		if err := tmpl.Execute(os.Stdout, view); err != nil {
+			fmt.Fprintf(os.Stderr, "failed to execute template: %v", err)
+		}
+
+		if i+1 != len(gws) {
+			fmt.Printf("\n\n")
+		}
+	}
+}

pkg/resources/gateways/gateways.go

@@ -0,0 +1,31 @@
+Name:      {{ .HTTPRoute.Name }}
+Namespace: {{ .HTTPRoute.Namespace }}
+Hostnames:
+    {{- range .HTTPRoute.Spec.Hostnames }}
+    - {{ . }}
+    {{- end }}
+ParentRefs:
+    {{- range .HTTPRoute.Spec.ParentRefs }}
+    - Kind:  {{ .Kind }}
+      Group: {{ .Group }}
+      Name:  {{ .Name }}
+    {{- end }}
+DirectlyAttachedPolicies:
+    {{- range .DirectlyAttachedPolicies }}
+    - Kind:  {{ .GroupVersionKind.Kind }}
+      Group: {{ .GroupVersionKind.Group }}
+      Name:  {{ .GetName }}
+    {{- end }}
+InheritedPolicies:
+    {{- range .InheritedPolicies }}
+    - Kind: {{ .GroupVersionKind.Kind }}
+      Group: {{ .GroupVersionKind.Group }}
+      Name: {{ .GetName }}
+      Target:
+          Kind:   {{ .Spec.TargetRef.Kind }}
+          Group:  {{ .Spec.TargetRef.Group }}
+          Name:   {{ .Spec.TargetRef.Name }}
+          {{- if .Spec.TargetRef.Namespace }}
+          Namespace: {{ .Spec.TargetRef.Namespace }}
+          {{- end }}
+    {{- end }}

pkg/resources/httproutes/httproute.tmpl

@@ -0,0 +1,112 @@
+package httproutes
+
+import (
+	"context"
+	_ "embed"
+	"fmt"
+	"html/template"
+	"os"
+
+	"github.com/gauravkghildiyal/gwctl/pkg/resources/gateways"
+	"github.com/gauravkghildiyal/gwctl/pkg/resources/policies"
+	"github.com/gauravkghildiyal/gwctl/pkg/types"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	apimachinerytypes "k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+)
+
+func List(ctx context.Context, dc *types.Clients, namespace string) ([]gatewayv1alpha2.HTTPRoute, error) {
+	httpRoutes := &gatewayv1alpha2.HTTPRouteList{}
+	if err := dc.Client.List(ctx, httpRoutes, client.InNamespace(namespace)); err != nil {
+		return []gatewayv1alpha2.HTTPRoute{}, nil
+	}
+
+	return httpRoutes.Items, nil
+}
+
+func Get(ctx context.Context, clients *types.Clients, namespace, name string) (gatewayv1alpha2.HTTPRoute, error) {
+	httpRoute := &gatewayv1alpha2.HTTPRoute{}
+	nn := apimachinerytypes.NamespacedName{Namespace: namespace, Name: name}
+	if err := clients.Client.Get(ctx, nn, httpRoute); err != nil {
+		return gatewayv1alpha2.HTTPRoute{}, nil
+	}
+
+	return *httpRoute, nil
+}
+
+func GetAttachedPolicies(ctx context.Context, clients *types.Clients, namespace, name string) ([]unstructured.Unstructured, error) {
+	httpRoute := &gatewayv1alpha2.HTTPRoute{}
+	gvks, _, err := clients.Client.Scheme().ObjectKinds(httpRoute)
+	if err != nil {
+		return []unstructured.Unstructured{}, nil
+	}
+
+	ns := gatewayv1alpha2.Namespace(namespace)
+	targetRef := gatewayv1alpha2.PolicyTargetReference{
+		Group:     gatewayv1alpha2.Group(gvks[0].Group),
+		Kind:      gatewayv1alpha2.Kind(gvks[0].Kind),
+		Name:      gatewayv1alpha2.ObjectName(name),
+		Namespace: &ns,
+	}
+	return policies.ListAttachedTo(ctx, clients, targetRef)
+}
+
+func GetInheritedPolicies(ctx context.Context, clients *types.Clients, namespace, name string) ([]unstructured.Unstructured, error) {
+	var result []unstructured.Unstructured
+
+	httpRoute, err := Get(ctx, clients, namespace, name)
+	if err != nil {
+		return result, err
+	}
+
+	for _, parentRef := range httpRoute.Spec.ParentRefs {
+		ns := namespace
+		if parentRef.Namespace != nil {
+			ns = string(*parentRef.Namespace)
+		}
+		policies, err := gateways.GetAllPolicies(ctx, clients, string(ns), string(parentRef.Name))
+		if err != nil {
+			return result, err
+		}
+		result = append(result, policies...)
+	}
+	return result, nil
+}
+
+type describeView struct {
+	HTTPRoute                gatewayv1alpha2.HTTPRoute
+	DirectlyAttachedPolicies []unstructured.Unstructured
+	InheritedPolicies        []types.GenericPolicy
+}
+
+//go:embed httproute.tmpl
+var httpRouteTmpl string
+
+func PrintDescribeView(ctx context.Context, clients *types.Clients, httpRoutes []gatewayv1alpha2.HTTPRoute) {
+	for i, httpRoute := range httpRoutes {
+		directlyAttachedPolicies, err := GetAttachedPolicies(ctx, clients, httpRoute.Namespace, httpRoute.Name)
+		if err != nil {
+			panic(err)
+		}
+		inheritedPolicies, err := GetInheritedPolicies(ctx, clients, httpRoute.Namespace, httpRoute.Name)
+		if err != nil {
+			panic(err)
+		}
+
+		view := &describeView{
+			HTTPRoute:                httpRoute,
+			DirectlyAttachedPolicies: directlyAttachedPolicies,
+			InheritedPolicies:        policies.UnstructuredToGeneric(clients, inheritedPolicies),
+		}
+
+		tmpl := template.Must(template.New("").Parse(httpRouteTmpl))
+		if err := tmpl.Execute(os.Stdout, view); err != nil {
+			fmt.Fprintf(os.Stderr, "failed to execute template: %v", err)
+		}
+
+		if i+1 != len(httpRoutes) {
+			fmt.Printf("\n\n")
+		}
+	}
+}

pkg/resources/httproutes/httproutes.go

@@ -0,0 +1,158 @@
+package policies
+
+import (
+	"context"
+	_ "embed"
+	"fmt"
+	"html/template"
+	"os"
+	"strings"
+	"text/tabwriter"
+
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+
+	"github.com/gauravkghildiyal/gwctl/pkg/types"
+)
+
+const (
+	gatewayPolicyLabelKey = "gateway.networking.k8s.io/policy"
+)
+
+func ListCRDs(ctx context.Context, clients *types.Clients) ([]apiextensionsv1.CustomResourceDefinition, error) {
+	gvr := schema.GroupVersionResource{Group: "apiextensions.k8s.io", Version: "v1", Resource: "customresourcedefinitions"}
+	o := metav1.ListOptions{
+		LabelSelector: fmt.Sprintf("%v=true", gatewayPolicyLabelKey),
+	}
+	unstructuredCRDs, err := clients.DC.Resource(gvr).List(ctx, o)
+	if err != nil {
+		return []apiextensionsv1.CustomResourceDefinition{}, fmt.Errorf("failed to list CRDs: %v", err)
+	}
+
+	crds := &apiextensionsv1.CustomResourceDefinitionList{}
+	if err := runtime.DefaultUnstructuredConverter.FromUnstructured(unstructuredCRDs.UnstructuredContent(), crds); err != nil {
+		return []apiextensionsv1.CustomResourceDefinition{}, fmt.Errorf("failed to convert unstructured CRDs to structured: %v", err)
+	}
+
+	return crds.Items, nil
+}
+
+func List(ctx context.Context, clients *types.Clients, namespace string) ([]unstructured.Unstructured, error) {
+	var result []unstructured.Unstructured
+
+	policyCRDs, err := ListCRDs(ctx, clients)
+	if err != nil {
+		return result, err
+	}
+
+	for _, policyCRD := range policyCRDs {
+		gvr := schema.GroupVersionResource{
+			Group:    policyCRD.Spec.Group,
+			Version:  policyCRD.Spec.Versions[0].Name,
+			Resource: policyCRD.Spec.Names.Plural, // CRD Kinds directy map to the Resource.
+		}
+		ns := namespace
+		if policyCRD.Spec.Scope == apiextensionsv1.ClusterScoped {
+			ns = "" // Ignore namespace if the CRD is cluster scoped
+		}
+		policies, err := clients.DC.Resource(gvr).Namespace(ns).List(ctx, metav1.ListOptions{})
+		if err != nil {
+			return result, err
+		}
+
+		result = append(result, policies.Items...)
+	}
+
+	return result, nil
+}
+
+func ListAttachedTo(ctx context.Context, clients *types.Clients, targetRef gatewayv1alpha2.PolicyTargetReference) ([]unstructured.Unstructured, error) {
+	var result []unstructured.Unstructured
+
+	var ns string
+	if targetRef.Namespace != nil {
+		ns = string(*targetRef.Namespace)
+	}
+	policies, err := List(ctx, clients, ns)
+	if err != nil {
+		return result, err
+	}
+
+	for _, policy := range policies {
+		structuredPolicy := &types.GenericPolicy{}
+		if err := runtime.DefaultUnstructuredConverter.FromUnstructured(policy.UnstructuredContent(), structuredPolicy); err != nil {
+			return result, fmt.Errorf("failed to convert unstructured policy resource to structured: %v", err)
+		}
+		if structuredPolicy.IsAttachedTo(targetRef) {
+			result = append(result, policy)
+		}
+	}
+
+	return result, nil
+}
+
+func UnstructuredToGeneric(clients *types.Clients, policies []unstructured.Unstructured) []types.GenericPolicy {
+	var result []types.GenericPolicy
+
+	for _, policy := range policies {
+		structuredPolicy := &types.GenericPolicy{}
+		if err := runtime.DefaultUnstructuredConverter.FromUnstructured(policy.UnstructuredContent(), structuredPolicy); err != nil {
+			structuredPolicy.Spec.TargetRef.Group = "<Unknown>"
+			structuredPolicy.Spec.TargetRef.Kind = "<Unknown>"
+			structuredPolicy.Spec.TargetRef.Name = "<Unknown>"
+		}
+		result = append(result, *structuredPolicy)
+	}
+
+	return result
+}
+
+func Print(policies []unstructured.Unstructured) {
+	tw := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
+	row := []string{"POLICYNAME", "POLICYKIND", "TARGETNAME", "TARGETKIND"}
+	tw.Write([]byte(strings.Join(row, "\t") + "\n"))
+
+	for _, policy := range policies {
+		structuredPolicy := &types.GenericPolicy{}
+		if err := runtime.DefaultUnstructuredConverter.FromUnstructured(policy.UnstructuredContent(), structuredPolicy); err != nil {
+			panic(err)
+		}
+		row := []string{structuredPolicy.Name, structuredPolicy.Kind, string(structuredPolicy.Spec.TargetRef.Name), string(structuredPolicy.Spec.TargetRef.Kind)}
+		tw.Write([]byte(strings.Join(row, "\t") + "\n"))
+	}
+	tw.Flush()
+}
+
+func PrintCRDs(crds []apiextensionsv1.CustomResourceDefinition) {
+	tw := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
+	row := []string{"CRD_NAME", "CRD_GROUP", "CRD_KIND"}
+	tw.Write([]byte(strings.Join(row, "\t") + "\n"))
+
+	for _, crd := range crds {
+		row := []string{crd.Name, crd.Spec.Group, crd.Spec.Names.Kind}
+		tw.Write([]byte(strings.Join(row, "\t") + "\n"))
+	}
+	tw.Flush()
+}
+
+//go:embed policy.tmpl
+var policyTmpl string
+
+func PrintDescribeView(clients *types.Clients, policies []unstructured.Unstructured) {
+	structuredPolicies := UnstructuredToGeneric(clients, policies)
+
+	for i, policy := range structuredPolicies {
+		tmpl := template.Must(template.New("").Parse(policyTmpl))
+		if err := tmpl.Execute(os.Stdout, policy); err != nil {
+			fmt.Fprintf(os.Stderr, "failed to execute template: %v", err)
+		}
+
+		if i+1 != len(policies) {
+			fmt.Printf("\n\n")
+		}
+	}
+}

pkg/resources/policies/policies.go

@@ -0,0 +1,11 @@
+Name:      {{ .Name }}
+Namespace: {{ .Namespace }}
+Group:     {{ .GroupVersionKind.Group }}
+Kind:      {{ .GroupVersionKind.Kind }}
+TargetRef:
+    Group:     {{ .Spec.TargetRef.Group }}
+    Kind:      {{ .Spec.TargetRef.Kind }}
+    Name:      {{ .Spec.TargetRef.Name }}
+    {{- if .Spec.TargetRef.Namespace }}
+    Namespace: {{ .Spec.TargetRef.Namespace }}
+    {{- end }}

pkg/resources/policies/policy.tmpl

@@ -0,0 +1,43 @@
+package types
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/dynamic"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+)
+
+type Clients struct {
+	Client client.Client
+	DC     dynamic.Interface
+}
+
+type GenericPolicy struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              GenericPolicySpec
+}
+
+type GenericPolicySpec struct {
+	TargetRef gatewayv1alpha2.PolicyTargetReference
+}
+
+func (p *GenericPolicy) IsAttachedTo(targetRef gatewayv1alpha2.PolicyTargetReference) bool {
+	if p.Spec.TargetRef.Group != targetRef.Group || p.Spec.TargetRef.Kind != targetRef.Kind || p.Spec.TargetRef.Name != targetRef.Name {
+		return false
+	}
+	if p.Spec.TargetRef.Namespace == targetRef.Namespace {
+		return true
+	}
+	if targetRef.Namespace == nil {
+		return false
+	}
+	ns := p.Namespace
+	if p.Spec.TargetRef.Namespace != nil {
+		ns = string(*p.Spec.TargetRef.Namespace)
+	}
+	if ns != string(*targetRef.Namespace) {
+		return false
+	}
+	return true
+}

pkg/types/types.go

@@ -0,0 +1,348 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    gateway.networking.k8s.io/policy: "true"
+  name: healthcheckpolicies.foo.com
+spec:
+  group: foo.com
+  names:
+    kind: HealthCheckPolicy
+    listKind: HealthCheckPolicyList
+    plural: healthcheckpolicies
+    singular: healthcheckpolicy
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: "healthcheckpolicy"
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec
+            properties:
+              default:
+                description: Default defines default policy configuration for the
+                  targeted resource.
+                properties:
+                  sampleField:
+                    description: sampleField
+                    type: string
+                type: object
+              targetRef:
+                description: TargetRef identifies an API object to apply policy to.
+                properties:
+                  group:
+                    description: Group is the group of the target resource.
+                    maxLength: 253
+                    pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                    type: string
+                  kind:
+                    description: Kind is kind of the target resource.
+                    maxLength: 63
+                    minLength: 1
+                    pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+                    type: string
+                  name:
+                    description: Name is the name of the target resource.
+                    maxLength: 253
+                    minLength: 1
+                    type: string
+                  namespace:
+                    description: Namespace is the namespace of the referent. When
+                      unspecified, the local namespace is inferred. Even when policy
+                      targets a resource in a different namespace, it MUST only apply
+                      to traffic originating from the same namespace as the policy.
+                    maxLength: 63
+                    minLength: 1
+                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                    type: string
+                required:
+                - group
+                - kind
+                - name
+                type: object
+            required:
+            - targetRef
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    gateway.networking.k8s.io/policy: "true"
+  name: timeoutpolicies.bar.com
+spec:
+  group: bar.com
+  names:
+    kind: TimeoutPolicy
+    listKind: TimeoutPolicyList
+    plural: timeoutpolicies
+    singular: timeoutpolicy
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: "timeoutpolicy"
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec
+            properties:
+              default:
+                description: Default defines default policy configuration for the
+                  targeted resource.
+                properties:
+                  sampleField:
+                    description: sampleField
+                    type: string
+                type: object
+              targetRef:
+                description: TargetRef identifies an API object to apply policy to.
+                properties:
+                  group:
+                    description: Group is the group of the target resource.
+                    maxLength: 253
+                    pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                    type: string
+                  kind:
+                    description: Kind is kind of the target resource.
+                    maxLength: 63
+                    minLength: 1
+                    pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+                    type: string
+                  name:
+                    description: Name is the name of the target resource.
+                    maxLength: 253
+                    minLength: 1
+                    type: string
+                  namespace:
+                    description: Namespace is the namespace of the referent. When
+                      unspecified, the local namespace is inferred. Even when policy
+                      targets a resource in a different namespace, it MUST only apply
+                      to traffic originating from the same namespace as the policy.
+                    maxLength: 63
+                    minLength: 1
+                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                    type: string
+                required:
+                - group
+                - kind
+                - name
+                type: object
+            required:
+            - targetRef
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    gateway.networking.k8s.io/policy: "true"
+  name: retryonpolicies.foo.com
+spec:
+  group: foo.com
+  names:
+    kind: RetryOnPolicy
+    listKind: RetryOnPolicyList
+    plural: retryonpolicies
+    singular: retryonpolicy
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: "retryonpolicy"
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec
+            properties:
+              default:
+                description: Default defines default policy configuration for the
+                  targeted resource.
+                properties:
+                  sampleField:
+                    description: sampleField
+                    type: string
+                type: object
+              targetRef:
+                description: TargetRef identifies an API object to apply policy to.
+                properties:
+                  group:
+                    description: Group is the group of the target resource.
+                    maxLength: 253
+                    pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                    type: string
+                  kind:
+                    description: Kind is kind of the target resource.
+                    maxLength: 63
+                    minLength: 1
+                    pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+                    type: string
+                  name:
+                    description: Name is the name of the target resource.
+                    maxLength: 253
+                    minLength: 1
+                    type: string
+                  namespace:
+                    description: Namespace is the namespace of the referent. When
+                      unspecified, the local namespace is inferred. Even when policy
+                      targets a resource in a different namespace, it MUST only apply
+                      to traffic originating from the same namespace as the policy.
+                    maxLength: 63
+                    minLength: 1
+                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                    type: string
+                required:
+                - group
+                - kind
+                - name
+                type: object
+            required:
+            - targetRef
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    gateway.networking.k8s.io/policy: "true"
+  name: tlsminimumversionpolicies.baz.com
+spec:
+  group: baz.com
+  names:
+    kind: TLSMinimumVersionPolicy
+    listKind: TLSMinimumVersionPolicyList
+    plural: tlsminimumversionpolicies
+    singular: tlsminimumversionpolicy
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: "tlsminimumversionpolicy"
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec
+            properties:
+              default:
+                description: Default defines default policy configuration for the
+                  targeted resource.
+                properties:
+                  sampleField:
+                    description: sampleField
+                    type: string
+                type: object
+              targetRef:
+                description: TargetRef identifies an API object to apply policy to.
+                properties:
+                  group:
+                    description: Group is the group of the target resource.
+                    maxLength: 253
+                    pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                    type: string
+                  kind:
+                    description: Kind is kind of the target resource.
+                    maxLength: 63
+                    minLength: 1
+                    pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+                    type: string
+                  name:
+                    description: Name is the name of the target resource.
+                    maxLength: 253
+                    minLength: 1
+                    type: string
+                  namespace:
+                    description: Namespace is the namespace of the referent. When
+                      unspecified, the local namespace is inferred. Even when policy
+                      targets a resource in a different namespace, it MUST only apply
+                      to traffic originating from the same namespace as the policy.
+                    maxLength: 63
+                    minLength: 1
+                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                    type: string
+                required:
+                - group
+                - kind
+                - name
+                type: object
+            required:
+            - targetRef
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---

samples/crds.yaml

@@ -0,0 +1,223 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ns2
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: GatewayClass
+metadata:
+  name: foo-com-external-gateway-class
+spec:
+  controllerName: foo.com/external-gateway-class
+  description: Create an external load balancer
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: GatewayClass
+metadata:
+  name: bar-com-internal-gateway-class
+spec:
+  controllerName: bar.baz/internal-gateway-class
+  description: Create an internal load balancer
+---
+kind: Gateway
+apiVersion: gateway.networking.k8s.io/v1beta1
+metadata:
+  name: demo-gateway-1
+  namespace: default
+spec:
+  gatewayClassName: foo-com-external-gateway-class
+  listeners:
+  - name: http
+    protocol: HTTP
+    port: 80
+---
+kind: Gateway
+apiVersion: gateway.networking.k8s.io/v1beta1
+metadata:
+  name: demo-gateway-2
+  namespace: ns2
+spec:
+  gatewayClassName: bar-com-internal-gateway-class
+  listeners:
+  - name: http
+    protocol: HTTP
+    port: 80
+---
+kind: HTTPRoute
+apiVersion: gateway.networking.k8s.io/v1beta1
+metadata:
+  name: demo-httproute-1
+  namespace: default
+spec:
+  parentRefs:
+  - kind: Gateway
+    name: demo-gateway-1
+  hostnames:
+  - "demo.com"
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /example
+    backendRefs:
+    - name: demo-svc
+      port: 80
+---
+kind: HTTPRoute
+apiVersion: gateway.networking.k8s.io/v1beta1
+metadata:
+  name: demo-httproute-2
+  namespace: default
+spec:
+  parentRefs:
+  - kind: Gateway
+    name: demo-gateway-1
+  hostnames:
+  - "example.com"
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /example
+    backendRefs:
+    - name: demo-svc
+      port: 80
+---
+kind: HTTPRoute
+apiVersion: gateway.networking.k8s.io/v1beta1
+metadata:
+  name: demo-httproute-3
+  namespace: default
+spec:
+  parentRefs:
+  - kind: Gateway
+    name: demo-gateway-1
+  hostnames:
+  - "demo.com"
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /example
+    backendRefs:
+    - name: demo-svc
+      port: 80
+---
+kind: HTTPRoute
+apiVersion: gateway.networking.k8s.io/v1beta1
+metadata:
+  name: demo-httproute-3
+  namespace: ns2
+spec:
+  parentRefs:
+  - kind: Gateway
+    name: demo-gateway-2
+  hostnames:
+  - "example.com"
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /example
+    backendRefs:
+    - name: demo-svc
+      port: 80
+---
+kind: HTTPRoute
+apiVersion: gateway.networking.k8s.io/v1beta1
+metadata:
+  name: demo-httproute-4
+  namespace: ns2
+spec:
+  parentRefs:
+  - kind: Gateway
+    name: demo-gateway-1
+    namespace: default
+  hostnames:
+  - "demo.com"
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /example
+    backendRefs:
+    - name: demo-svc
+      port: 80
+---
+apiVersion: bar.com/v1
+kind: TimeoutPolicy
+metadata:
+  name: demo-timeout-policy-1
+spec:
+  targetRef:
+    group: "gateway.networking.k8s.io"
+    kind: GatewayClass
+    name: foo-com-external-gateway-class
+  default:
+    sampleField: "hello"
+---
+apiVersion: foo.com/v1
+kind: RetryOnPolicy
+metadata:
+  name: demo-retry-policy-1
+  namespace: default
+spec:
+  targetRef:
+    group: "gateway.networking.k8s.io"
+    kind: Gateway
+    name: demo-gateway-1
+  default:
+    sampleField: "hello"
+---
+apiVersion: baz.com/v1
+kind: TLSMinimumVersionPolicy
+metadata:
+  name: demo-tls-min-version-policy-1
+  namespace: default
+spec:
+  targetRef:
+    group: "gateway.networking.k8s.io"
+    kind: HTTPRoute
+    name: demo-httproute-1
+  default:
+    sampleField: "hello"
+---
+apiVersion: foo.com/v1
+kind: RetryOnPolicy
+metadata:
+  name: demo-retry-policy-2
+  namespace: default
+spec:
+  targetRef:
+    group: "gateway.networking.k8s.io"
+    kind: HTTPRoute
+    name: demo-httproute-2
+  default:
+    sampleField: "hello"
+---
+apiVersion: foo.com/v1
+kind: HealthCheckPolicy
+metadata:
+  name: demo-health-check-1
+  namespace: default
+spec:
+  targetRef:
+    group: "gateway.networking.k8s.io"
+    kind: Gateway
+    name: demo-gateway-1
+  default:
+    sampleField: "hello"
+---
+apiVersion: baz.com/v1
+kind: TLSMinimumVersionPolicy
+metadata:
+  name: demo-tls-min-version-policy-2
+  namespace: ns2
+spec:
+  targetRef:
+    group: "gateway.networking.k8s.io"
+    kind: Gateway
+    name: demo-gateway-2
+  default:
+    sampleField: "hello"
+---