resources

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 28, 2026 License: MIT Imports: 15 Imported by: 0

Documentation

Overview

Package resources defines the structures representing AGIC and AGC resources.

Index

Constants

View Source 
const IngressClassAnnotation = "kubernetes.io/ingress.class"
View Source 
const (

	// Standard annotations
	LastAppliedConfiguration = "kubectl.kubernetes.io/last-applied-configuration"
)

nolint: revive

View Source 
const RecommendationPleaseReviewTheErrorMessage = "Please review the error message on the related AGIC resources in the Migration Report."

Variables

View Source 
var IssueLibrary = map[IssueCode]IssueLibraryEntry{
	IssueUnsupportBackendProtocol: {
		Code:           IssueUnsupportBackendProtocol,
		Level:          IssueLevelNotSupported,
		Description:    "The specified backend protocol is not supported for migration.",
		Recommendation: RecommendationPleaseReviewTheErrorMessage,
	},
	IssueFrontendTLSPolicyProfileConflict: {
		Code:           IssueFrontendTLSPolicyProfileConflict,
		Level:          IssueLevelError,
		Description:    "There are conflicting FrontendTLSPolicy SSL profiles targeting the same listener.",
		Recommendation: "Review the generated FrontendTLSPolicies and ensure they are appropriate.",
	},
	IssueCreatingBackendTLSPolicy: {
		Code:  IssueCreatingBackendTLSPolicy,
		Level: IssueLevelError,

		Description:    "There was an error creating a BackendTLSPolicy",
		Recommendation: RecommendationPleaseReviewTheErrorMessage,
	},
	IssueAppGWTrustedRootCertificatesNotSupported: {
		Code:        IssueAppGWTrustedRootCertificatesNotSupported,
		Level:       IssueLevelNotSupported,
		Description: "Application Gateway trusted root certificates are not supported for migration.",
		Recommendation: "To setup a trusted root certificate to be used by the Gateway to verify the backends TLS " +
			"certificate, you will need to create a Secret in the cluster containing the trusted root certificate " +
			"and configure it on a BackendTLSPolicy's caCertificateRef field manually.",
	},
	IssueInvalidAnnotationValue: {
		Code:           IssueInvalidAnnotationValue,
		Level:          IssueLevelError,
		Description:    "The annotation has an invalid value.",
		Recommendation: "Review the annotations value to ensure it is valid.",
	},
	IssueHealthCheckConflict: {
		Code:           IssueHealthCheckConflict,
		Level:          IssueLevelError,
		Description:    "There are conflicting health probe settings targeting the same backend service.",
		Recommendation: "Review the generated HealthCheckPolicies and ensure they are appropriate.",
	},
	IssueNoGateway: {
		Code:           IssueNoGateway,
		Level:          IssueLevelError,
		Description:    "No Gateway was generated during migration.",
		Recommendation: "Ensure that the Ingress(es) were correctly configured and given to the migration tool.",
	},
	IssueCouldNotFindRoute: {
		Code:           IssueCouldNotFindRoute,
		Level:          IssueLevelError,
		Description:    "Could not find converted HTTPRoute when processing WAF policy annotation.",
		Recommendation: "This may indicate a bug with the migration tool, please review the tool logs for errors.",
	},
	IssueCouldNotFindAppGWRewriteCustomResource: {
		Code:        IssueCouldNotFindAppGWRewriteCustomResource,
		Level:       IssueLevelError,
		Description: "Could not find AzureApplicationGatewayRewrite object when processing rewrite rule set annotation.",
		Recommendation: "Ensure that the referenced AzureApplicationGatewayRewrite custom resource exists " +
			"and that it was given to the migration tool.",
	},
	IssueRewriteRuleSetHasErrors: {
		Code:           IssueRewriteRuleSetHasErrors,
		Level:          IssueLevelError,
		Description:    "The referenced AzureApplicationGatewayRewrite object has errors.",
		Recommendation: RecommendationPleaseReviewTheErrorMessage,
	},
	IssueRewriteRuleSetRuleSequenceNotSupported: {
		Code:        IssueRewriteRuleSetRuleSequenceNotSupported,
		Level:       IssueLevelError,
		Description: "Rewrite rule sequences are not supported in Application Gateway for Containers.",
		Recommendation: "Rewrite rules will not be applied in a specific order, please review the  " +
			"on the generated Application Gateway for Containers resources to ensure they meet your requirements.",
	},
	IssueRewriteRuleSetConditionsNotSupported: {
		Code:        IssueRewriteRuleSetConditionsNotSupported,
		Level:       IssueLevelWarning,
		Description: "Rewrite rule conditions are not supported in Application Gateway for Containers.",
		Recommendation: "Rewrite rules will be applied without conditions, please review the Filters on the generated " +
			"HTTPRoutes to ensure they meet your requirements.",
	},
	IssueRewriteRuleSetRerouteNotSupported: {
		Code:        IssueRewriteRuleSetRerouteNotSupported,
		Level:       IssueLevelWarning,
		Description: "URL reroute on rewrite rules is not supported in Application Gateway for Containers.",
		Recommendation: "Path rewrites will be applied but requests will not be rerouted to a different backend. " +
			"Please review the generated HTTPRoutes to ensure they meet your requirements.",
	},
	IssueFrontendTLSPolicyProfileCipherWarning: {
		Code:        IssueFrontendTLSPolicyProfileCipherWarning,
		Level:       IssueLevelWarning,
		Description: "AGC SSL profiles are not exact matches for Application Gateway SSL profiles.",
		Recommendation: "Review the SSL Profile on the FrontendTLSPolicy and ensure it aligns with your requirements. " +
			"Read more at https://learn.microsoft.com/en-us/azure/application-gateway/for-containers/tls-policy?tabs=tls-policy-gateway-api#predefined-tls-policy",
	},
	IssueNoHTTPSListenersForSSLProfile: {
		Code:        IssueNoHTTPSListenersForSSLProfile,
		Level:       IssueLevelError,
		Description: "No HTTPS listeners were found for the Ingress's SSL profile annotation.",
		Recommendation: "Ensure that the Ingress is correctly configured with a TLS section " +
			"to use the SSL profile annotation.",
	},
	IssueUnsupportedAnnotationGeneric: {
		Code:        IssueUnsupportedAnnotationGeneric,
		Level:       IssueLevelNotSupported,
		Description: "The annotation is not supported for migration.",
		Recommendation: "Please review the annotation and its value to determine if manual changes to the migrated " +
			"Application Gateway for Containers resources are required.",
	},
	IssueHostnameExtensionsNotSupportedForHTTPS: {
		Code:        IssueHostnameExtensionsNotSupportedForHTTPS,
		Level:       IssueLevelNotSupported,
		Description: "The hostname extension annotation is not supported for migration with HTTPS listeners.",
		Recommendation: "Review the Gateway HTTPS listener(s) and related HTTPRoutes are correct, and make modifications as necessary; you may consider using a wildcard " +
			"hostname on the Gateway.",
	},
	IssueWAFPotentialIncompatibility: {
		Code:  IssueWAFPotentialIncompatibility,
		Level: IssueLevelWarning,
		Description: "Application Gateway and Application Gateway for Containers has different support for WAF policy Rule Sets. " +
			"This tool does not have access to your WAF policy to verify if its Rule Sets are supported.",
		Recommendation: "AGC supports WAF policies using Default Rule Sets 2.1 and Bot Manager Rulesets 1.0 or greater. " +
			"Please verify your WAF policy rulesets in the Azure Portal under your WAF policy resource. " +
			"Read more at https://aka.ms/agc/waf.",
	},
}

Functions

This section is empty.

Types

type AGCResourceGraph 

type AGCResourceGraph struct {
	ApplicationLoadBalancer *albcontrollerapi_v1.ApplicationLoadBalancer                               `yaml:"applicationLoadBalancer"`
	Gateway                 *gatewayapi_v1.Gateway                                                     `yaml:"gateway"`
	HTTPRoutes              map[types.NamespacedName]*gatewayapi_v1.HTTPRoute                          `yaml:"httpRoutes"`
	ReferenceGrants         map[types.NamespacedName]*gatewayapi_v1beta1.ReferenceGrant                `yaml:"referenceGrants"`
	BackendTLSPolicies      map[types.NamespacedName]*albcontrollerapi_v1.BackendTLSPolicy             `yaml:"backendTLSPolicies"`
	FrontendTLSPolicies     map[types.NamespacedName]*albcontrollerapi_v1.FrontendTLSPolicy            `yaml:"frontendTLSPolicies"`
	HealthCheckPolicies     map[types.NamespacedName]*albcontrollerapi_v1.HealthCheckPolicy            `yaml:"healthCheckPolicies"`
	RoutePolicies           map[types.NamespacedName]*albcontrollerapi_v1.RoutePolicy                  `yaml:"routePolicies"`
	WAFPolicies             map[types.NamespacedName]*albcontrollerapi_v1.WebApplicationFirewallPolicy `yaml:"wafPolicies"`
}

AGCResourceGraph represents the output result of the conversion process.

func NewAGCResourceGraph 

func NewAGCResourceGraph() AGCResourceGraph

func (*AGCResourceGraph) GetOrCreateBackendTLSPolicy 

func (a *AGCResourceGraph) GetOrCreateBackendTLSPolicy(serviceName types.NamespacedName) *albcontrollerapi_v1.BackendTLSPolicy

func (*AGCResourceGraph) GetOrCreateFrontendTLSPolicy 

func (a *AGCResourceGraph) GetOrCreateFrontendTLSPolicy(gatewayName types.NamespacedName, listener gatewayapi_v1.SectionName) *albcontrollerapi_v1.FrontendTLSPolicy

func (*AGCResourceGraph) GetOrCreateHealthCheckPolicy 

func (a *AGCResourceGraph) GetOrCreateHealthCheckPolicy(serviceName types.NamespacedName) *albcontrollerapi_v1.HealthCheckPolicy

func (*AGCResourceGraph) GetOrCreateReferenceGrantForGWSecret 

func (a *AGCResourceGraph) GetOrCreateReferenceGrantForGWSecret(gatewayNamespace, secretNamespace string) *gatewayapi_v1beta1.ReferenceGrant

func (*AGCResourceGraph) GetOrCreateRoutePolicy 

func (a *AGCResourceGraph) GetOrCreateRoutePolicy(routeName types.NamespacedName) *albcontrollerapi_v1.RoutePolicy

func (*AGCResourceGraph) GetOrCreateWAFPolicyForGateway 

func (a *AGCResourceGraph) GetOrCreateWAFPolicyForGateway(gateway types.NamespacedName) *albcontrollerapi_v1.WebApplicationFirewallPolicy

func (*AGCResourceGraph) GetOrCreateWAFPolicyForRoute 

func (a *AGCResourceGraph) GetOrCreateWAFPolicyForRoute(route types.NamespacedName) *albcontrollerapi_v1.WebApplicationFirewallPolicy

type AGICResources 

type AGICResources struct {
	IngressContexts map[types.NamespacedName]*IngressContext
	Services        map[types.NamespacedName]*ServiceContext
	AppGWRewrites   map[types.NamespacedName]*AppGWRewriteContext
	WAFPolicyID     string
}

AGICResources covers all AGIC resources in scope for migration

func NewAGICResources 

func NewAGICResources(ingresses []networking_v1.Ingress, rewrites []appgwrewrite.AzureApplicationGatewayRewrite) AGICResources

func (AGICResources) Ingresses 

func (a AGICResources) Ingresses() []networking_v1.Ingress

type AppGWRewriteContext 

type AppGWRewriteContext struct {
	Object appgwrewrite.AzureApplicationGatewayRewrite
}

func NewAppGWRewriteContext 

func NewAppGWRewriteContext(rewrite appgwrewrite.AzureApplicationGatewayRewrite) *AppGWRewriteContext

type IngressAnnotationContext 

type IngressAnnotationContext struct {
	Key   string
	Value string

	DestinationResources sets.Set[K8sResourceID]
	Issues               []Issue
	// contains filtered or unexported fields
}

IngressAnnotationContext tracks the migration status of a single Ingress annotation

func NewIngressAnnotationContext 

func NewIngressAnnotationContext(key, value string) *IngressAnnotationContext

func (*IngressAnnotationContext) AddDestination 

func (iac *IngressAnnotationContext) AddDestination(resource K8sResourceID)

func (*IngressAnnotationContext) RegisterIssue 

func (iac *IngressAnnotationContext) RegisterIssue(issue Issue)

func (*IngressAnnotationContext) SetStatus 

func (iac *IngressAnnotationContext) SetStatus(newStatus MigrationStatus)

SetStatus updates the context status. Note that the status cannot be set to Completed once it has been set to Warning or Error.

func (IngressAnnotationContext) Status 

func (iac IngressAnnotationContext) Status() MigrationStatus

func (IngressAnnotationContext) ValueInt32 

func (iac IngressAnnotationContext) ValueInt32() (int32, error)

type IngressContext 

type IngressContext struct {
	Ingress     network_v1.Ingress
	Status      MigrationStatus
	HTTPRoutes  []types.NamespacedName
	Annotations map[string]*IngressAnnotationContext
	Metadata    map[string]string // Additional metadata for cross-annotation processing
}

IngressContext tracks the migration of a single Ingress and its annotations

func NewIngressContext 

func NewIngressContext(ingress network_v1.Ingress) *IngressContext

func (*IngressContext) MigrationComplete 

func (ic *IngressContext) MigrationComplete(errors error)

MigrationComplete marks the ingress migration as complete or failed. If errors is non-nil, the status is set to Error and the error details will be included in the migration report for this ingress.

type Issue 

type Issue struct {
	Code  IssueCode
	Error error
}

func NewIssue 

func NewIssue(code IssueCode, err error) Issue

func (Issue) Entry 

func (i Issue) Entry() IssueLibraryEntry

func (Issue) MigrationStatus 

func (i Issue) MigrationStatus() MigrationStatus

type IssueCode 

type IssueCode int
const (
	IssueUnsupportBackendProtocol IssueCode = iota
	IssueCreatingBackendTLSPolicy
	IssueAppGWTrustedRootCertificatesNotSupported
	IssueInvalidAnnotationValue
	IssueHealthCheckConflict
	IssueNoGateway
	IssueCouldNotFindRoute
	IssueCouldNotFindAppGWRewriteCustomResource
	IssueRewriteRuleSetHasErrors
	IssueRewriteRuleSetRuleSequenceNotSupported
	IssueRewriteRuleSetConditionsNotSupported
	IssueRewriteRuleSetRerouteNotSupported
	IssueFrontendTLSPolicyProfileConflict
	IssueFrontendTLSPolicyProfileCipherWarning
	IssueNoHTTPSListenersForSSLProfile
	IssueUnsupportedAnnotationGeneric
	IssueHostnameExtensionsNotSupportedForHTTPS
	IssueWAFPotentialIncompatibility
)

revive:disable:exported 

const (
	// NGINX-specific issues
	IssueNGINXAuthTLSNotFullySupported IssueCode = 1000 + iota
	IssueNGINXAffinityTypeNotSupported
	IssueNGINXAffinityModeNotSupported
	IssueNGINXAffinityCanaryBehaviorNotSupported
	IssueNGINXUseRegexLimitedSupport
	IssueNGINXConfigurationSnippetNotSupported
	IssueNGINXServerSnippetNotSupported
	IssueNGINXModSecurityConversion
	IssueNGINXSSLPolicyConversion
	IssueNGINXDefaultBackendNotSupported
	IssueNGINXProxySettingsPartialSupport
	IssueNGINXLoadBalanceNotSupported
	IssueNGINXRedirectURLInvalid
	IssueNGINXRedirectCodeInvalid
	IssueNGINXFromToWWWRedirectNoHost
	IssueNGINXFromToWWWRedirectPartial
	IssueNGINXCanaryWeightRequiresManualMerge
	IssueNGINXCanaryHeaderApproximated
	IssueNGINXCanaryByCookieNotSupported
	IssueNGINXModSecurityTransactionID
	IssueNGINXRewriteTargetCaptureGroups
	IssueGRPCNotSupportedByTool
)

TODO: this needs to be made part of the provider interface

type IssueLevel 

type IssueLevel string
const (
	IssueLevelNotSupported IssueLevel = "NotSupported"
	IssueLevelWarning      IssueLevel = "Warning"
	IssueLevelError        IssueLevel = "Error"
)

func (IssueLevel) MigrationStatus 

func (l IssueLevel) MigrationStatus() MigrationStatus

type IssueLibraryEntry 

type IssueLibraryEntry struct {
	Code           IssueCode
	Level          IssueLevel
	Description    string
	Recommendation string
}

type K8sResourceID 

type K8sResourceID struct {
	schema.GroupVersionKind
	types.NamespacedName
}

K8sResourceID uniquely identifies a Kubernetes resource.

func NewK8sResourceID 

func NewK8sResourceID(obj Object) K8sResourceID

type MigrationStatus 

type MigrationStatus string
const (
	MigrationStatusNotStarted   MigrationStatus = "NotStarted"
	MigrationStatusNotSupported MigrationStatus = "NotSupported"
	MigrationStatusIgnored      MigrationStatus = "Ignored"
	MigrationStatusCompleted    MigrationStatus = "Completed"
	MigrationStatusError        MigrationStatus = "Error"
	MigrationStatusWarning      MigrationStatus = "Warning"
)

Possible values for MigrationStatus

type Object 

type Object interface {
	GetObjectKind() schema.ObjectKind
	GetName() string
	GetNamespace() string
}

type ServiceContext 

type ServiceContext struct {
	core_v1.Service
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.