v1beta1

package
v0.0.0-...-607a5b3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2020 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Overview

Copyright The Voyager Authors.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright The Voyager Authors.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

+k8s:deepcopy-gen=package,register +k8s:conversion-gen=github.com/appscode/voyager/apis/voyager +k8s:openapi-gen=true +k8s:defaulter-gen=TypeMeta +groupName=voyager.appscode.com

Copyright The Voyager Authors.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright The Voyager Authors.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	EngressKey = "ingress.appscode.com"

	APISchema        = EngressKey + "/" + "api-schema" // APISchema = {APIGroup}/{APIVersion}
	APISchemaEngress = voyager.GroupName + "/v1beta1"
	APISchemaIngress = "extensions/v1beta1"

	VoyagerPrefix = "voyager-"

	// LB stats options
	StatsOn          = EngressKey + "/" + "stats"
	StatsPort        = EngressKey + "/" + "stats-port"
	StatsSecret      = EngressKey + "/" + "stats-secret-name"
	StatsServiceName = EngressKey + "/" + "stats-service-name"
	DefaultStatsPort = 56789

	LBTypeHostPort     = "HostPort"
	LBTypeNodePort     = "NodePort"
	LBTypeLoadBalancer = "LoadBalancer" // default
	LBTypeInternal     = "Internal"
	LBType             = EngressKey + "/" + "type"

	// Replicas specify # of HAProxy pods run (default 1)
	Replicas = EngressKey + "/" + "replicas"

	// IP to be assigned to cloud load balancer
	LoadBalancerIP = EngressKey + "/" + "load-balancer-ip" // IP or empty

	// BackendWeight is the weight value of a Pod that was
	// addressed by the Endpoint, this weight will be added to server backend.
	// Traffic will be forwarded according to there weight.
	BackendWeight = EngressKey + "/" + "backend-weight"

	// https://github.com/appscode/voyager/issues/103
	// ServiceAnnotations is user provided annotations map that will be
	// applied to the service of that LoadBalancer.
	// ex: "ingress.appscode.com/annotations-service": {"key": "val"}
	ServiceAnnotations        = EngressKey + "/" + "annotations-service"
	LastAppliedAnnotationKeys = EngressKey + "/" + "last-applied-annotation-keys"

	// PodAnnotations is user provided annotations map that will be
	// applied to the Pods (Deployment/ DaemonSet) of that LoadBalancer.
	// ex: "ingress.appscode.com/annotations-pod": {"key": "val"}
	PodAnnotations = EngressKey + "/" + "annotations-pod"

	// Preserves source IP for LoadBalancer type ingresses. The actual configuration
	// generated depends on the underlying cloud provider.
	//
	// - gce, gke, azure: Sets "ExternalTrafficPolicy" to "Local" for HAProxy services.
	// Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
	//
	// - aws: Enables accept-proxy.
	// Enforces the use of the PROXY protocol over any connection accepted by any of
	// the sockets declared on the same line. Versions 1 and 2 of the PROXY protocol
	// are supported and correctly detected. The PROXY protocol dictates the layer
	// 3/4 addresses of the incoming connection to be used everywhere an address is
	// used, with the only exception of "tcp-request connection" rules which will
	// only see the real connection address. Logs will reflect the addresses
	// indicated in the protocol, unless it is violated, in which case the real
	// address will still be used.  This keyword combined with support from external
	// components can be used as an efficient and reliable alternative to the
	// X-Forwarded-For mechanism which is not always reliable and not even always
	// usable. See also "tcp-request connection expect-proxy" for a finer-grained
	// setting of which client is allowed to use the protocol.
	// Ref: https://github.com/kubernetes/kubernetes/blob/release-1.5/pkg/cloudprovider/providers/aws/aws.go#L79
	KeepSourceIP = EngressKey + "/" + "keep-source-ip"

	// https://github.com/appscode/voyager/issues/1128
	HealthCheckNodeport = EngressKey + "/" + "health-check-nodeport"

	// Enforces the use of the PROXY protocol over any connection accepted by HAProxy.
	AcceptProxy = EngressKey + "/" + "accept-proxy"

	// Enforces use of the PROXY protocol over any connection established to this server.
	// Possible values are "v1", "v2", "v2-ssl" and "v2-ssl-cn"
	SendProxy = EngressKey + "/" + "send-proxy"

	// Annotations applied to resources offshoot from an ingress
	OriginAPISchema = EngressKey + "/" + "origin-api-schema" // APISchema = {APIGroup}/{APIVersion}
	OriginName      = EngressKey + "/" + "origin-name"

	// https://github.com/appscode/voyager/issues/280
	// Supports all valid timeout option for defaults section of HAProxy
	// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-timeout%20check
	// expects a json encoded map
	// ie: "ingress.appscode.com/default-timeout": {"client": "5s"}
	//
	// If the annotation is not set default values used to config defaults section will be:
	//
	// timeout  connect         5s
	// timeout  client          50s
	// timeout  client-fin      50s
	// timeout  server          50s
	// timeout  tunnel          50s
	DefaultsTimeOut = EngressKey + "/" + "default-timeout"

	// Defines the maximum time allowed to perform a clean soft-stop.
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#hard-stop-after
	HardStopAfter        = EngressKey + "/" + "hard-stop-after"
	DefaultHardStopAfter = "30s"

	// https://github.com/appscode/voyager/issues/343
	// Supports all valid options for defaults section of HAProxy config
	// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-option%20abortonclose
	// from the list from here
	// expects a json encoded map
	// ie: "ingress.appscode.com/default-option": '{"http-keep-alive": "true", "dontlognull": "true", "clitcpka": "false"}'
	// This will be appended in the defaults section of HAProxy as
	//
	//   option http-keep-alive
	//   option dontlognull
	//   no option clitcpka
	//
	DefaultsOption = EngressKey + "/" + "default-option"

	// Available Options:
	//
	// ssl: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.2-ssl
	// 		Creates a TLS/SSL socket when connecting to this server in order to cipher/decipher the traffic.
	//   	If verify not set the following error may occurred:
	//    		[/etc/haproxy/haproxy.cfg:49] verify is enabled by default but no CA file specified.
	//    		If you're running on a LAN where you're certain to trust the server's certificate,
	//    		please set an explicit 'verify none' statement on the 'server' line, or use
	//    		'ssl-server-verify none' in the global section to disable server-side verifications by default.
	//
	// verify [none|required]: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.2-verify
	//   	Sets HAProxy‘s behavior regarding the certificated presented by the server:
	//     		- none : Doesn’t verify the certificate of the server
	//     		- required (default value) : TLS handshake is aborted if the validation of the certificate presented by the server returns an error.
	//
	// verifyhost <hostname>: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.2-verifyhost
	//    	Sets a <hostname> to look for in the Subject and SubjectAlternateNames fields provided in the
	//    	certificate sent by the server. If <hostname> can’t be found, then the TLS handshake is aborted.
	//    	This only applies when verify required is configured.
	//
	// Example: ingress.appscode.com/backend-tls: "ssl verify none"
	//
	// If this annotation is not set HAProxy will connect to backend as http.
	// This value should not be set if the backend do not support https resolution.
	BackendTLSOptions = EngressKey + "/backend-tls"

	// Specify a method to stick clients to origins across requests.
	// Only supported value is "cookie".
	// Annotations could  be applied to either Ingress or backend Service
	// If applied to Ingress, all the backend connections would be sticky
	// If applied to Service and Ingress do not have this annotation only
	// connection to that backend service will be sticky.
	IngressAffinity = EngressKey + "/affinity"
	// When affinity is set to "cookie", the name of the cookie to use.
	IngressAffinitySessionCookieName = EngressKey + "/session-cookie-name"
	// When affinity is set to "cookie", the hash algorithm used: md5, sha, index.
	IngressAffinitySessionCookieHash = EngressKey + "/session-cookie-hash"

	// Basic Auth: Follows ingress controller standard
	// https://github.com/kubernetes/ingress/tree/master/examples/auth/basic/haproxy
	// HAProxy Ingress read user and password from auth file stored on secrets, one
	// user and password per line.
	// Each line of the auth file should have:
	// user and insecure password separated with a pair of colons: <username>::<plain-text-passwd>; or
	// user and an encrypted password separated with colons: <username>:<encrypted-passwd>
	// Secret name, realm and type are configured with annotations in the ingress
	// Auth can only be applied to HTTP backends.
	// Only supported type is basic
	AuthType = EngressKey + "/auth-type"

	// an optional string with authentication realm
	AuthRealm = EngressKey + "/auth-realm"

	// name of the auth secret
	AuthSecret = EngressKey + "/auth-secret"

	// Name of secret for TLS client certification validation.
	AuthTLSSecret = EngressKey + "/auth-tls-secret"

	// The page that user should be redirected in case of Auth error
	AuthTLSErrorPage = EngressKey + "/auth-tls-error-page"

	// Enables verification of client certificates.
	AuthTLSVerifyClient = EngressKey + "/auth-tls-verify-client"

	// Enables CORS headers in response.
	// Setting this annotations in ingress will add CORS headers to all HTTP
	// frontend. If we need to add cors headers only on specific frontend we can also
	// configure this using FrontendRules for specific frontend.
	// http://blog.nasrulhazim.com/2017/07/haproxy-setting-up-cors/
	CORSEnabled          = EngressKey + "/enable-cors"
	CORSAllowedMethods   = EngressKey + "/cors-allow-methods"
	CORSAllowedHeaders   = EngressKey + "/cors-allow-headers"
	CORSAllowedOrigin    = EngressKey + "/cors-allow-origin"
	CORSAllowCredentials = EngressKey + "/cors-allow-credentials"

	// Maximum http request body size. This returns the advertised length of the HTTP request's body in bytes. It
	// will represent the advertised Content-Length header
	// http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7.3.6-req.body_size
	//
	ProxyBodySize = EngressKey + "/proxy-body-size"

	// Pass TLS connections directly to backend; do not offload.
	SSLPassthrough = EngressKey + "/ssl-passthrough"

	EnableHSTS = EngressKey + "/hsts"
	// This specifies the time (in seconds) the browser should connect to the server using the HTTPS connection.
	// https://blog.stackpath.com/glossary/hsts/
	HSTSMaxAge  = EngressKey + "/hsts-max-age"
	HSTSPreload = EngressKey + "/hsts-preload"
	// If specified, this HSTS rule applies to all of the site's subdomains as well.
	HSTSIncludeSubDomains = EngressKey + "/hsts-include-subdomains"

	WhitelistSourceRange = EngressKey + "/whitelist-source-range"
	MaxConnections       = EngressKey + "/max-connections"

	// https://github.com/appscode/voyager/issues/552
	UseNodePort      = EngressKey + "/use-node-port"
	SSLRedirect      = EngressKey + "/ssl-redirect"
	ForceSSLRedirect = EngressKey + "/force-ssl-redirect"

	// https://github.com/appscode/voyager/issues/525
	ErrorFiles = EngressKey + "/errorfiles"

	// Limit requests per second per IP address
	// http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.3-sc_conn_rate
	// https://serverfault.com/a/679172/349346
	// https://discourse.haproxy.org/t/solved-how-to-configure-basic-ddos-protection-when-behind-aws-elb-x-forwarded-for/932
	// https://www.haproxy.com/blog/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
	LimitRPS = EngressKey + "/limit-rps"
	// Limit requests per minute per IP address
	LimitRPM = EngressKey + "/limit-rpm"

	// http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.3-src_conn_cur
	// https://www.haproxy.com/blog/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
	LimitConnection = EngressKey + "/limit-connection"

	// https://github.com/appscode/voyager/issues/683
	// https://www.haproxy.com/documentation/aloha/7-0/haproxy/healthchecks/
	CheckHealth     = EngressKey + "/" + "check"
	CheckHealthPort = EngressKey + "/" + "check-port"

	// https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/rewrite/README.md
	RewriteTarget = EngressKey + "/" + "rewrite-target"

	// Workload controller to use run HAProxy pods
	WorkloadKind = EngressKey + "/" + "workload-kind"

	// ref: https://github.com/appscode/voyager/issues/1054
	NodeSelector = EngressKey + "/" + "node-selector"
	Tolerations  = EngressKey + "/" + "tolerations"

	// https://github.com/appscode/voyager/issues/1210
	// http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#agent-check
	AgentPort     = EngressKey + "/" + "agent-port"
	AgentInterval = EngressKey + "/" + "agent-interval"
)
View Source 
const (
	ACMEUserEmail        = "ACME_EMAIL"
	ACMEUserPrivatekey   = "ACME_USER_PRIVATE_KEY"
	ACMERegistrationData = "ACME_REGISTRATION_DATA"
	ACMEServerURL        = "ACME_SERVER_URL"
)
View Source 
const (
	// ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md#cors-related
	CORSDefaultAllowedMethods = "GET,PUT,POST,DELETE,PATCH,OPTIONS"
	CORSDefaultAllowedHeaders = "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization"
)
View Source 
const (
	ResourceKindCertificate = "Certificate"
	ResourceCertificate     = "certificate"
	ResourceCertificates    = "certificates"
)
View Source 
const (
	ProviderMinikube = "minikube"
	ProviderAWS      = "aws"
	ProviderGCE      = "gce"
	ProviderGKE      = "gke"
	ProviderAzure    = "azure"
	ProviderAKS      = "aks"
	ProviderACS      = "acs"
	ProviderHTTP     = "http"
)
View Source 
const (
	/*
		// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.3
			resolvers mydns
			  nameserver dns1 10.0.0.1:53
			  nameserver dns2 10.0.0.2:53
			  resolve_retries       3
			  timeout retry         1s
			  hold other           30s
			  hold refused         30s
			  hold nx              30s
			  hold timeout         30s
			  hold valid           10s
	*/
	UseDNSResolver         = EngressKey + "/" + "use-dns-resolver"          // Bool
	DNSResolverNameservers = EngressKey + "/" + "dns-resolver-nameservers"  // ["", ""]
	DNSResolverCheckHealth = EngressKey + "/" + "dns-resolver-check-health" // bool
	DNSResolverRetries     = EngressKey + "/" + "dns-resolver-retries"      // int
	DNSResolverTimeout     = EngressKey + "/" + "dns-resolver-timeout"      // {"event":"time","event":"time"}
	DNSResolverHold        = EngressKey + "/" + "dns-resolver-hold"         // {"status":"period","status":"period"}
)
View Source 
const (
	ResourceKindIngress = "Ingress"
	ResourceIngress     = "ingress"
	ResourceIngresses   = "ingresses"
)
View Source 
const (
	StatsPortName             = "stats"
	ExporterPortName          = "http"
	DefaultExporterPortNumber = 56790
)
View Source 
const (
	MatchAll = "*"
)

Variables

View Source 
var (
	DNSResolverHoldKeys    = sets.NewString("nx", "other", "refused", "timeout", "valid", "obsolete")
	DNSResolverTimeoutKeys = sets.NewString("resolve", "retry")
)
View Source 
var (
	// TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api.
	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
	SchemeBuilder runtime.SchemeBuilder

	AddToScheme = localSchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: voyager.GroupName, Version: "v1beta1"}

Functions

func GetOpenAPIDefinitions 

func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition

func ProxyProtocolCommand 

func ProxyProtocolCommand(version string) string

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type ACMECertificateDetails 

type ACMECertificateDetails struct {
	Domain        string `json:"domain"`
	CertURL       string `json:"certUrl"`
	CertStableURL string `json:"certStableUrl"`
	AccountRef    string `json:"accountRef,omitempty"`
}

func (*ACMECertificateDetails) DeepCopy 

func (in *ACMECertificateDetails) DeepCopy() *ACMECertificateDetails

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMECertificateDetails.

func (*ACMECertificateDetails) DeepCopyInto 

func (in *ACMECertificateDetails) DeepCopyInto(out *ACMECertificateDetails)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthOption 

type AuthOption struct {
	Basic *BasicAuth `json:"basic,omitempty"`
	TLS   *TLSAuth   `json:"tls,omitempty"`
	OAuth []OAuth    `json:"oauth,omitempty"`
}

func (*AuthOption) DeepCopy 

func (in *AuthOption) DeepCopy() *AuthOption

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthOption.

func (*AuthOption) DeepCopyInto 

func (in *AuthOption) DeepCopyInto(out *AuthOption)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BasicAuth 

type BasicAuth struct {
	SecretName string `json:"secretName,omitempty"`
	Realm      string `json:"realm,omitempty"`
}

func (*BasicAuth) DeepCopy 

func (in *BasicAuth) DeepCopy() *BasicAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BasicAuth.

func (*BasicAuth) DeepCopyInto 

func (in *BasicAuth) DeepCopyInto(out *BasicAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Certificate 

type Certificate struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              CertificateSpec   `json:"spec,omitempty"`
	Status            CertificateStatus `json:"status,omitempty"`
}

+kubebuilder:object:root=true +kubebuilder:resource:path=certificates,singular=certificate,shortName=cert,categories={networking,appscode,all} +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Domains",type="string",JSONPath=".spec.domains[0]" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"

func (Certificate) CustomResourceDefinition 

func (c Certificate) CustomResourceDefinition() *apiextensions.CustomResourceDefinition

func (*Certificate) DeepCopy 

func (in *Certificate) DeepCopy() *Certificate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate.

func (*Certificate) DeepCopyInto 

func (in *Certificate) DeepCopyInto(out *Certificate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Certificate) DeepCopyObject 

func (in *Certificate) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (Certificate) IsRateLimited 

func (c Certificate) IsRateLimited() bool

func (Certificate) IsValid 

func (c Certificate) IsValid(cloudProvider string) error

func (Certificate) MatchesDomains 

func (c Certificate) MatchesDomains(crt *x509.Certificate) bool

func (Certificate) ObjectReference 

func (c Certificate) ObjectReference() *core.ObjectReference

func (Certificate) SecretName 

func (c Certificate) SecretName() string

func (Certificate) ShouldRenew 

func (c Certificate) ShouldRenew(crt *x509.Certificate) bool

type CertificateCondition 

type CertificateCondition struct {
	// request approval state, currently Approved or Denied.
	Type RequestConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=RequestConditionType"`
	// brief reason for the request state
	// +optional
	Reason string `json:"reason,omitempty" protobuf:"bytes,2,opt,name=reason"`
	// human readable message with details about the request state
	// +optional
	Message string `json:"message,omitempty" protobuf:"bytes,3,opt,name=message"`
	// timestamp for the last update to this condition
	// +optional
	LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty" protobuf:"bytes,4,opt,name=lastUpdateTime"`
}

func (*CertificateCondition) DeepCopy 

func (in *CertificateCondition) DeepCopy() *CertificateCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateCondition.

func (*CertificateCondition) DeepCopyInto 

func (in *CertificateCondition) DeepCopyInto(out *CertificateCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateDetails 

type CertificateDetails struct {
	SerialNumber  string      `json:"serialNumber,omitempty"`
	NotBefore     metav1.Time `json:"notBefore,omitempty"`
	NotAfter      metav1.Time `json:"notAfter,omitempty"`
	CertURL       string      `json:"certURL"`
	CertStableURL string      `json:"certStableURL"`
	AccountRef    string      `json:"accountRef,omitempty"`
}

func (*CertificateDetails) DeepCopy 

func (in *CertificateDetails) DeepCopy() *CertificateDetails

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateDetails.

func (*CertificateDetails) DeepCopyInto 

func (in *CertificateDetails) DeepCopyInto(out *CertificateDetails)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateList 

type CertificateList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Certificate `json:"items,omitempty"`
}

func (*CertificateList) DeepCopy 

func (in *CertificateList) DeepCopy() *CertificateList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateList.

func (*CertificateList) DeepCopyInto 

func (in *CertificateList) DeepCopyInto(out *CertificateList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateList) DeepCopyObject 

func (in *CertificateList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CertificateSpec 

type CertificateSpec struct {
	// Tries to obtain a single certificate using all domains passed into Domains.
	// The first domain in domains is used for the CommonName field of the certificate, all other
	// domains are added using the Subject Alternate Names extension.
	Domains []string `json:"domains,omitempty"`

	// ChallengeProvider details to verify domains
	ChallengeProvider ChallengeProvider `json:"challengeProvider"`

	// Secret contains ACMEUser information. Secret must contain a key `email`
	// If empty tries to find an Secret via domains
	// if not found create an ACMEUser and stores as a secret.
	// Secrets key to be expected:
	//  ACME_EMAIL -> required, if not provided it will through error.
	//  ACME_SERVER_URL -> custom server url to generate certificates, default is lets encrypt.
	//  ACME_USER_DATA -> user data, if not found one will be created for the provided email,
	//    and stored in the key.
	ACMEUserSecretName string `json:"acmeUserSecretName"`

	// Storage backend to store the certificates currently, kubernetes secret and vault.
	Storage CertificateStorage `json:"storage,omitempty"`

	// Indicates that the certificate is paused.
	// +optional
	Paused bool `json:"paused,omitempty"`

	// Configure certificate renewal buffer period in days. Default 15 days.
	RenewalBufferDays int32 `json:"renewalBufferDays,omitempty"`
}

func (*CertificateSpec) DeepCopy 

func (in *CertificateSpec) DeepCopy() *CertificateSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.

func (*CertificateSpec) DeepCopyInto 

func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateStatus 

type CertificateStatus struct {
	// observedGeneration is the most recent generation observed for this resource. It corresponds to the
	// resource's generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	CreationTime          *metav1.Time           `json:"creationTime,omitempty"`
	Conditions            []CertificateCondition `json:"conditions,omitempty"`
	LastIssuedCertificate *CertificateDetails    `json:"lastIssuedCertificate,omitempty"`
}

func (*CertificateStatus) DeepCopy 

func (in *CertificateStatus) DeepCopy() *CertificateStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStatus.

func (*CertificateStatus) DeepCopyInto 

func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateStorage 

type CertificateStorage struct {
	Secret *core.LocalObjectReference `json:"secret,omitempty"`
	Vault  *VaultStore                `json:"vault,omitempty"`
}

func (*CertificateStorage) DeepCopy 

func (in *CertificateStorage) DeepCopy() *CertificateStorage

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStorage.

func (*CertificateStorage) DeepCopyInto 

func (in *CertificateStorage) DeepCopyInto(out *CertificateStorage)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ChallengeProvider 

type ChallengeProvider struct {
	HTTP *HTTPChallengeProvider `json:"http,omitempty"`
	DNS  *DNSChallengeProvider  `json:"dns,omitempty"`
}

func (*ChallengeProvider) DeepCopy 

func (in *ChallengeProvider) DeepCopy() *ChallengeProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeProvider.

func (*ChallengeProvider) DeepCopyInto 

func (in *ChallengeProvider) DeepCopyInto(out *ChallengeProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DNSChallengeProvider 

type DNSChallengeProvider struct {
	// DNS Provider from the list https://github.com/appscode/voyager/blob/master/docs/tasks/certificate/providers.md
	Provider             string `json:"provider,omitempty"`
	CredentialSecretName string `json:"credentialSecretName,omitempty"`
}

func (*DNSChallengeProvider) DeepCopy 

func (in *DNSChallengeProvider) DeepCopy() *DNSChallengeProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSChallengeProvider.

func (*DNSChallengeProvider) DeepCopyInto 

func (in *DNSChallengeProvider) DeepCopyInto(out *DNSChallengeProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DNSResolver 

type DNSResolver struct {
	Name        string
	NameServer  []string          `json:"nameserver"`
	CheckHealth bool              `json:"checkHealth"`
	Retries     int               `json:"retries"`
	Timeout     map[string]string `json:"timeout"`
	Hold        map[string]string `json:"hold"`
}

func DNSResolverForService 

func DNSResolverForService(svc core.Service) (useDNSResolver bool, resolver *DNSResolver, err error)

func (*DNSResolver) DeepCopy 

func (in *DNSResolver) DeepCopy() *DNSResolver

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSResolver.

func (*DNSResolver) DeepCopyInto 

func (in *DNSResolver) DeepCopyInto(out *DNSResolver)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FrontendRule 

type FrontendRule struct {
	// Port indicates the frontend port where HAProxy is listening for connection
	Port intstr.IntOrString `json:"port,omitempty"`
	// Serialized rules
	Rules []string `json:"rules,omitempty"`

	Auth *AuthOption `json:"auth,omitempty"`
}

func (*FrontendRule) DeepCopy 

func (in *FrontendRule) DeepCopy() *FrontendRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FrontendRule.

func (*FrontendRule) DeepCopyInto 

func (in *FrontendRule) DeepCopyInto(out *FrontendRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPChallengeProvider 

type HTTPChallengeProvider struct {
	Ingress LocalTypedReference `json:"ingress,omitempty"`
}

func (*HTTPChallengeProvider) DeepCopy 

func (in *HTTPChallengeProvider) DeepCopy() *HTTPChallengeProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPChallengeProvider.

func (*HTTPChallengeProvider) DeepCopyInto 

func (in *HTTPChallengeProvider) DeepCopyInto(out *HTTPChallengeProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPIngressBackend 

type HTTPIngressBackend struct {
	IngressBackend `json:",inline,omitempty"`

	// Path rewrite rules with haproxy formatted regex.
	//
	// Deprecated: Use backendRule, will be removed.
	RewriteRules []string `json:"rewriteRules,omitempty"`

	// Header rules to modifies the header.
	//
	// Deprecated: Use backendRule, will be removed.
	HeaderRules []string `json:"headerRules,omitempty"`
}

func (*HTTPIngressBackend) DeepCopy 

func (in *HTTPIngressBackend) DeepCopy() *HTTPIngressBackend

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPIngressBackend.

func (*HTTPIngressBackend) DeepCopyInto 

func (in *HTTPIngressBackend) DeepCopyInto(out *HTTPIngressBackend)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPIngressPath 

type HTTPIngressPath struct {
	// Path is a extended POSIX regex as defined by IEEE Std 1003.1,
	// (i.e this follows the egrep/unix syntax, not the perl syntax)
	// matched against the path of an incoming request. Currently it can
	// contain characters disallowed from the conventional "path"
	// part of a URL as defined by RFC 3986. Paths must begin with
	// a '/'. If unspecified, the path defaults to a catch all sending
	// traffic to the backend.
	Path string `json:"path,omitempty"`

	// Backend defines the referenced service endpoint to which the traffic
	// will be forwarded to.
	Backend HTTPIngressBackend `json:"backend,omitempty"`
}

HTTPIngressPath associates a path regex with a backend. Incoming urls matching the path are forwarded to the backend.

func (*HTTPIngressPath) DeepCopy 

func (in *HTTPIngressPath) DeepCopy() *HTTPIngressPath

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPIngressPath.

func (*HTTPIngressPath) DeepCopyInto 

func (in *HTTPIngressPath) DeepCopyInto(out *HTTPIngressPath)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPIngressRuleValue 

type HTTPIngressRuleValue struct {
	// The network address to listen HTTP(s) connections on.
	Address string `json:"address,omitempty"`

	// port to listen http(s) connections.
	Port intstr.IntOrString `json:"port,omitempty"`

	// Set noTLS = true to force plain text. Else, auto detect like present
	NoTLS bool `json:"noTLS,omitempty"`

	// Specifies the node port of the referenced service.
	NodePort intstr.IntOrString `json:"nodePort,omitempty"`

	// Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS)
	// extension for application layer protocol negotiation. ALPN allows the application
	// layer to negotiate which protocol should be performed over a secure connection in a
	// manner which avoids additional round trips and which is independent of the application
	// layer protocols. It is used by HTTP/2.
	// If provided a list of alpn will be added to port as alpn option1,option2,...
	// If SecretName is Provided this secret will be used to terminate SSL with alpn options.
	// If Secret name is not provided backend server is responsible for handling SSL.
	// Note that, the order of the options indicates the preference
	// If the ALPN list contains "h2",  "option http-use-htx" will be added to enable HTX mode
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#option%20http-use-htx
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#alpn
	ALPN []string `json:"alpn,omitempty"`

	// HTTP protocol to use
	// If the Proto contains "h2",  "option http-use-htx" will be added to enable HTX mode
	// https://www.haproxy.com/blog/haproxy-1-9-2-adds-grpc-support/
	Proto string `json:"proto,omitempty"`

	// A collection of paths that map requests to backends.
	Paths []HTTPIngressPath `json:"paths"`
}

HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http://<host>/<path>?<searchpart> -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'.

func (*HTTPIngressRuleValue) DeepCopy 

func (in *HTTPIngressRuleValue) DeepCopy() *HTTPIngressRuleValue

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPIngressRuleValue.

func (*HTTPIngressRuleValue) DeepCopyInto 

func (in *HTTPIngressRuleValue) DeepCopyInto(out *HTTPIngressRuleValue)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Ingress 

type Ingress struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              IngressSpec   `json:"spec,omitempty"`
	Status            IngressStatus `json:"status,omitempty"`
}

+kubebuilder:object:root=true +kubebuilder:resource:path=ingresses,singular=ingress,shortName=ing,categories={networking,appscode,all} +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Hosts",type="string",JSONPath=".spec.rules[0].host" +kubebuilder:printcolumn:name="LOAD_BALANCER_IP",type="string",JSONPath=".status.loadBalancer.ingress" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"

func NewEngressFromIngress 

func NewEngressFromIngress(ing interface{}) (*Ingress, error)

func (Ingress) APISchema 

func (r Ingress) APISchema() string

func (Ingress) AcceptProxy 

func (r Ingress) AcceptProxy() bool

func (Ingress) AllowCORSCred 

func (r Ingress) AllowCORSCred() bool

func (Ingress) AllowedCORSHeaders 

func (r Ingress) AllowedCORSHeaders() string

func (Ingress) AllowedCORSMethods 

func (r Ingress) AllowedCORSMethods() string

func (Ingress) AllowedCORSOrigin 

func (r Ingress) AllowedCORSOrigin() string

func (Ingress) AuthRealm 

func (r Ingress) AuthRealm() string

func (Ingress) AuthSecretName 

func (r Ingress) AuthSecretName() string

func (Ingress) AuthTLSErrorPage 

func (r Ingress) AuthTLSErrorPage() string

func (Ingress) AuthTLSSecret 

func (r Ingress) AuthTLSSecret() string

func (Ingress) AuthTLSVerifyClient 

func (r Ingress) AuthTLSVerifyClient() TLSAuthVerifyOption

func (Ingress) BackendServices 

func (r Ingress) BackendServices() map[string]metav1.ObjectMeta

func (Ingress) BasicAuthEnabled 

func (r Ingress) BasicAuthEnabled() bool

func (Ingress) CustomResourceDefinition 

func (r Ingress) CustomResourceDefinition() *apiextensions.CustomResourceDefinition

func (*Ingress) DeepCopy 

func (in *Ingress) DeepCopy() *Ingress

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ingress.

func (*Ingress) DeepCopyInto 

func (in *Ingress) DeepCopyInto(out *Ingress)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Ingress) DeepCopyObject 

func (in *Ingress) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (Ingress) EnableCORS 

func (r Ingress) EnableCORS() bool

func (Ingress) EnableHSTS 

func (r Ingress) EnableHSTS() bool

func (Ingress) ErrorFilesConfigMapName 

func (r Ingress) ErrorFilesConfigMapName() string

func (Ingress) FindTLSSecret 

func (r Ingress) FindTLSSecret(h string) (*LocalTypedReference, bool)

func (Ingress) ForceSSLRedirect 

func (r Ingress) ForceSSLRedirect() bool

func (Ingress) HAProxyOptions 

func (r Ingress) HAProxyOptions() map[string]bool

func (Ingress) HSTSIncludeSubDomains 

func (r Ingress) HSTSIncludeSubDomains() bool

func (Ingress) HSTSMaxAge 

func (r Ingress) HSTSMaxAge() int

func (Ingress) HSTSPreload 

func (r Ingress) HSTSPreload() bool

func (Ingress) HardStopAfter 

func (r Ingress) HardStopAfter() string

func (Ingress) HasBackendService 

func (r Ingress) HasBackendService(name, namespace string) bool

func (Ingress) HasChanged 

func (r Ingress) HasChanged(o Ingress) (bool, error)

func (Ingress) HealthCheckNodeport 

func (r Ingress) HealthCheckNodeport() int

func (Ingress) IsKeepSourceChanged 

func (r Ingress) IsKeepSourceChanged(o Ingress, cloudProvider string) bool

func (Ingress) IsLoadBalancerSourceRangeChanged 

func (r Ingress) IsLoadBalancerSourceRangeChanged(o Ingress) bool

func (Ingress) IsPortChanged 

func (r Ingress) IsPortChanged(o Ingress, cloudProvider string) bool

func (Ingress) IsStatsChanged 

func (r Ingress) IsStatsChanged(o Ingress) bool

func (Ingress) IsStatsSecretChanged 

func (r Ingress) IsStatsSecretChanged(o Ingress) bool

func (Ingress) IsValid 

func (r Ingress) IsValid(cloudProvider string) error

func (Ingress) KeepSourceIP 

func (r Ingress) KeepSourceIP() bool

func (Ingress) LBType 

func (r Ingress) LBType() string

func (Ingress) LimitConnections 

func (r Ingress) LimitConnections() int

func (Ingress) LimitRPM 

func (r Ingress) LimitRPM() int

func (Ingress) LimitRPS 

func (r Ingress) LimitRPS() int

func (Ingress) LoadBalancerIP 

func (r Ingress) LoadBalancerIP() net.IP

func (Ingress) MaxConnections 

func (r Ingress) MaxConnections() int

func (*Ingress) Migrate 

func (r *Ingress) Migrate()

func (Ingress) ObjectReference 

func (r Ingress) ObjectReference() *core.ObjectReference

func (Ingress) OffshootLabels 

func (r Ingress) OffshootLabels() map[string]string

func (Ingress) OffshootName 

func (r Ingress) OffshootName() string

func (Ingress) OffshootSelector 

func (r Ingress) OffshootSelector() map[string]string

func (Ingress) PodPorts 

func (r Ingress) PodPorts() []int

func (Ingress) PodsAnnotations 

func (r Ingress) PodsAnnotations() (map[string]string, bool)

func (Ingress) PortMappings 

func (r Ingress) PortMappings(cloudProvider string) (map[int]Target, error)

PortMappings contains a map of Service Port to HAProxy port (svc.Port -> {svc.TargetPort, svc.NodePort}). HAProxy pods binds to the target ports. Service ports are used to open loadbalancer/firewall. Usually target port == service port with one exception for LoadBalancer type service in AWS. If AWS cert manager is used then a 443 -> 80 port mapping is added.

func (Ingress) ProtoWithALPN 

func (r Ingress) ProtoWithALPN() error

check if both alpn and proto specified in the same rule/backend

func (Ingress) ProxyBodySize 

func (r Ingress) ProxyBodySize() string

func (Ingress) Replicas 

func (r Ingress) Replicas() int32

func (Ingress) RewriteTarget 

func (r Ingress) RewriteTarget() string

func (Ingress) SSLPassthrough 

func (r Ingress) SSLPassthrough() bool

func (Ingress) SSLRedirect 

func (r Ingress) SSLRedirect() bool

func (Ingress) ServiceAnnotations 

func (r Ingress) ServiceAnnotations(provider string) (map[string]string, bool)

func (Ingress) ShouldHandleIngress 

func (r Ingress) ShouldHandleIngress(ingressClass string) bool

if ingressClass == "voyager", then only handle ingress that has voyager annotation if ingressClass == "", then handle no annotation or voyager annotation

func (Ingress) Stats 

func (r Ingress) Stats() bool

func (Ingress) StatsAccessor 

func (r Ingress) StatsAccessor() mona.StatsAccessor

func (Ingress) StatsLabels 

func (r Ingress) StatsLabels() map[string]string

func (Ingress) StatsPort 

func (r Ingress) StatsPort() int

func (Ingress) StatsSecretName 

func (r Ingress) StatsSecretName() string

func (Ingress) StatsServiceName 

func (r Ingress) StatsServiceName() string

func (Ingress) Sticky 

func (r Ingress) Sticky() bool

func (Ingress) StickySessionCookieHashType 

func (r Ingress) StickySessionCookieHashType() string

func (Ingress) StickySessionCookieName 

func (r Ingress) StickySessionCookieName() string

func (Ingress) SupportsLBType 

func (r Ingress) SupportsLBType(cloudProvider string) bool

func (Ingress) Timeouts 

func (r Ingress) Timeouts() map[string]string

func (Ingress) UseHTX 

func (r Ingress) UseHTX() bool

check any alpn/proto contains "h2"

func (Ingress) UseNodePort 

func (r Ingress) UseNodePort() bool

func (Ingress) UseTLSForRule 

func (r Ingress) UseTLSForRule(rule IngressRule) bool

func (Ingress) UsesAuthSecret 

func (r Ingress) UsesAuthSecret(namespace, name string) bool

func (Ingress) WhitelistSourceRange 

func (r Ingress) WhitelistSourceRange() string

func (Ingress) WorkloadKind 

func (r Ingress) WorkloadKind() string

type IngressBackend 

type IngressBackend struct {
	// User can specify backend name for using it with custom acl
	// Otherwise it will be generated
	Name string `json:"name,omitempty"`

	// Host names to forward traffic to. If empty traffic will be
	// forwarded to all subsets instance.
	// If set only matched hosts will get the traffic.
	// This is an handy way to send traffic to Specific
	// StatefulSet pod.
	// IE. Setting [web-0] will send traffic to only web-0 host
	// for this StatefulSet, https://kubernetes.io/docs/tasks/stateful-application/basic-stateful-set/#creating-a-statefulset
	HostNames []string `json:"hostNames,omitempty"`

	// Specifies the name of the referenced service.
	ServiceName string `json:"serviceName,omitempty"`

	// Specifies the port of the referenced service.
	ServicePort intstr.IntOrString `json:"servicePort,omitempty"`

	// Serialized HAProxy rules to apply on server backend including
	// request, response or header rewrite. acls also can be used.
	// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#1
	BackendRules []string `json:"backendRules,omitempty"`

	// Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS)
	// extension for application layer protocol negotiation. ALPN allows the application
	// layer to negotiate which protocol should be performed over a secure connection in a
	// manner which avoids additional round trips and which is independent of the application
	// layer protocols. It is used by HTTP/2.
	// If provided a list of alpn will be added to port as alpn option1,option2,...
	// If SecretName is Provided this secret will be used to terminate SSL with alpn options.
	// If Secret name is not provided backend server is responsible for handling SSL.
	// Note that, the order of the options indicates the preference
	// If the ALPN list contains "h2",  "option http-use-htx" will be added to enable HTX mode
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#option%20http-use-htx
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#alpn
	ALPN []string `json:"alpn,omitempty"`

	// HTTP protocol to use
	// If the Proto contains "h2",  "option http-use-htx" will be added to enable HTX mode
	// https://www.haproxy.com/blog/haproxy-1-9-2-adds-grpc-support/
	Proto string `json:"proto,omitempty"`

	// Define the load balancing algorithm to be used in a backend.
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#balance
	LoadBalanceOn string `json:"loadBalanceOn,omitempty"`
}

IngressBackend describes all endpoints for a given service and port.

func (*IngressBackend) DeepCopy 

func (in *IngressBackend) DeepCopy() *IngressBackend

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressBackend.

func (*IngressBackend) DeepCopyInto 

func (in *IngressBackend) DeepCopyInto(out *IngressBackend)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (IngressBackend) ParseALPNOptions 

func (r IngressBackend) ParseALPNOptions() string

type IngressList 

type IngressList struct {
	metav1.TypeMeta `json:",inline"`
	// Standard object's metadata.
	// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#metadata
	metav1.ListMeta `json:"metadata,omitempty"`

	// Items is the list of Ingress.
	Items []Ingress `json:"items"`
}

IngressList is a collection of Ingress.

func (*IngressList) DeepCopy 

func (in *IngressList) DeepCopy() *IngressList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressList.

func (*IngressList) DeepCopyInto 

func (in *IngressList) DeepCopyInto(out *IngressList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*IngressList) DeepCopyObject 

func (in *IngressList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type IngressRef 

type IngressRef struct {
	APISchema string `json:"apiSchema"`
	Name      string `json:"name"`
	Namespace string `json:"namespace"`
}

func (*IngressRef) DeepCopy 

func (in *IngressRef) DeepCopy() *IngressRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressRef.

func (*IngressRef) DeepCopyInto 

func (in *IngressRef) DeepCopyInto(out *IngressRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IngressRule 

type IngressRule struct {
	// Host is the fully qualified domain name of a network host, as defined
	// by RFC 3986. Note the following deviations from the "host" part of the
	// URI as defined in the RFC:
	// 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the
	//	  IP in the Spec of the parent Ingress.
	// 2. The `:` delimiter is not respected because ports are not allowed.
	//	  Currently the port of an Ingress is implicitly :80 for http and
	//	  :443 for https.
	// Both these may change in the future.
	// Incoming requests are matched against the host before the IngressRuleValue.
	// If the host is unspecified, the Ingress routes all traffic based on the
	// specified IngressRuleValue.
	Host string `json:"host,omitempty"`
	// IngressRuleValue represents a rule to route requests for this IngressRule.
	// If unspecified, the rule defaults to a http catch-all. Whether that sends
	// just traffic matching the host to the default backend or all traffic to the
	// default backend, is left to the controller fulfilling the Ingress. Http and TCP are
	// currently supported IngressRuleValue.
	IngressRuleValue `json:",inline,omitempty"`
}

IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue.

func (*IngressRule) DeepCopy 

func (in *IngressRule) DeepCopy() *IngressRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressRule.

func (*IngressRule) DeepCopyInto 

func (in *IngressRule) DeepCopyInto(out *IngressRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (IngressRule) GetHost 

func (r IngressRule) GetHost() string

unify wildcard-host into empty-host, this will ease template rendering paths under empty-host and wildcard-host will be merged but TLS will be matched separately

func (IngressRule) ParseALPNOptions 

func (r IngressRule) ParseALPNOptions() string

type IngressRuleValue 

type IngressRuleValue struct {
	HTTP *HTTPIngressRuleValue `json:"http,omitempty"`

	TCP *TCPIngressRuleValue `json:"tcp,omitempty"`
}

IngressRuleValue represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. Currently mixing different types of rules in a single Ingress is disallowed, so exactly one of the following must be set.

func (*IngressRuleValue) DeepCopy 

func (in *IngressRuleValue) DeepCopy() *IngressRuleValue

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressRuleValue.

func (*IngressRuleValue) DeepCopyInto 

func (in *IngressRuleValue) DeepCopyInto(out *IngressRuleValue)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IngressSpec 

type IngressSpec struct {
	// A default backend capable of servicing requests that don't match any
	// rule. At least one of 'backend' or 'rules' must be specified. This field
	// is optional to allow the loadbalancer controller or defaulting logic to
	// specify a global default.
	Backend *HTTPIngressBackend `json:"backend,omitempty"`

	// TLS is the TLS configuration. Currently the Ingress only supports a single TLS
	// port, 443, and assumes TLS termination. If multiple members of this
	// list specify different hosts, they will be multiplexed on the same
	// port according to the hostname specified through the SNI TLS extension.
	TLS []IngressTLS `json:"tls,omitempty"`

	// Config volumes are used to mount any secret or configmap into HAProxy pods.
	ConfigVolumes []VolumeSource `json:"configVolumes,omitempty"`

	// Frontend rules specifies a set of rules that should be applied in
	// HAProxy frontend configuration. The set of keywords are from here
	// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.1
	// Only frontend sections can be applied here. It is up to user to
	// provide valid set of rules.
	// This allows acls or other options in frontend sections in HAProxy config.
	// Frontend rules will be mapped with Ingress Rules according to port.
	FrontendRules []FrontendRule `json:"frontendRules,omitempty"`

	// A list of host rules used to configure the Ingress. If unspecified, or
	// no rule matches, all traffic is sent to the default backend.
	Rules []IngressRule `json:"rules,omitempty"`

	// Optional: If specified and supported by the platform, this will restrict traffic through the cloud-provider
	// load-balancer will be restricted to the specified client IPs. This field will be ignored if the
	// cloud-provider does not support the feature.
	// https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
	LoadBalancerSourceRanges []string `json:"loadBalancerSourceRanges,omitempty"`

	// Compute Resources required by the sidecar container.
	Resources core.ResourceRequirements `json:"resources,omitempty"`

	// NodeSelector is a selector which must be true for the pod to fit on a node.
	// Selector which must match a node's labels for the pod to be scheduled on that node.
	// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
	NodeSelector map[string]string `json:"nodeSelector,omitempty"`

	// If specified, the pod's scheduling constraints
	// +optional
	Affinity *core.Affinity `json:"affinity,omitempty"`

	// If specified, the pod will be dispatched by specified scheduler.
	// If not specified, the pod will be dispatched by default scheduler.
	// +optional
	SchedulerName string `json:"schedulerName,omitempty"`

	// If specified, the pod's tolerations.
	// +optional
	Tolerations []core.Toleration `json:"tolerations,omitempty"`

	// ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
	// If specified, these secrets will be passed to individual puller implementations for them to use. For example,
	// in the case of docker, only DockerConfig type secrets are honored.
	// More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
	// +optional
	ImagePullSecrets []core.LocalObjectReference `json:"imagePullSecrets,omitempty"`

	// If specified, indicates the pod's priority. "system-node-critical" and
	// "system-cluster-critical" are two special keywords which indicate the
	// highest priorities with the former being the highest priority. Any other
	// name must be defined by creating a PriorityClass object with that name.
	// If not specified, the pod priority will be default or zero if there is no
	// default.
	// +optional
	PriorityClassName string `json:"priorityClassName,omitempty"`
	// The priority value. Various system components use this field to find the
	// priority of the pod. When Priority Admission Controller is enabled, it
	// prevents users from setting this field. The admission controller populates
	// this field from PriorityClassName.
	// The higher the value, the higher the priority.
	// +optional
	Priority *int32 `json:"priority,omitempty"`

	// SecurityContext holds pod-level security attributes and common container settings.
	// Optional: Defaults to empty.  See type description for default values of each field.
	// +optional
	SecurityContext *core.PodSecurityContext `json:"securityContext,omitempty"`

	// externalIPs is a list of IP addresses for which nodes in the cluster
	// will also accept traffic for this service.  These IPs are not managed by
	// Kubernetes.  The user is responsible for ensuring that traffic arrives
	// at a node with this IP.  A common example is external load-balancers
	// that are not part of the Kubernetes system.
	// +optional
	ExternalIPs []string `json:"externalIPs,omitempty"`

	// Periodic probe of container liveness.
	// Container will be restarted if the probe fails.
	// Cannot be updated.
	// +optional
	LivenessProbe *core.Probe `json:"livenessProbe,omitempty"`

	// Periodic probe of container service readiness.
	// Container will be removed from service endpoints if the probe fails.
	// Cannot be updated.
	// +optional
	ReadinessProbe *core.Probe `json:"readinessProbe,omitempty"`

	// Set this value longer than the expected cleanup time for your process.
	// Defaults to 30 seconds.
	// +optional
	TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"`
}

IngressSpec describes the Ingress the user wishes to exist.

func (*IngressSpec) DeepCopy 

func (in *IngressSpec) DeepCopy() *IngressSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressSpec.

func (*IngressSpec) DeepCopyInto 

func (in *IngressSpec) DeepCopyInto(out *IngressSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IngressStatus 

type IngressStatus struct {
	// observedGeneration is the most recent generation observed for this resource. It corresponds to the
	// resource's generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// LoadBalancer contains the current status of the load-balancer.
	LoadBalancer core.LoadBalancerStatus `json:"loadBalancer,omitempty"`
}

IngressStatus describe the current state of the Ingress.

func (*IngressStatus) DeepCopy 

func (in *IngressStatus) DeepCopy() *IngressStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressStatus.

func (*IngressStatus) DeepCopyInto 

func (in *IngressStatus) DeepCopyInto(out *IngressStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IngressTLS 

type IngressTLS struct {
	// Hosts are a list of hosts included in the TLS certificate. The values in
	// this list must match the name/s used in the tlsSecret. Defaults to the
	// wildcard host setting for the loadbalancer controller fulfilling this
	// Ingress, if left unspecified.
	Hosts []string `json:"hosts,omitempty"`
	// SecretName is the name of the secret used to terminate SSL traffic on 443.
	// Field is left optional to allow SSL routing based on SNI hostname alone.
	// If the SNI host in a listener conflicts with the "Host" header field used
	// by an IngressRule, the SNI host is used for termination and value of the
	// Host header is used for routing.
	// Deprecated
	SecretName string `json:"secretName,omitempty"`

	// Ref to used tls termination.
	Ref *LocalTypedReference `json:"ref,omitempty"`
}

IngressTLS describes the transport layer security associated with an Ingress.

func (*IngressTLS) DeepCopy 

func (in *IngressTLS) DeepCopy() *IngressTLS

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressTLS.

func (*IngressTLS) DeepCopyInto 

func (in *IngressTLS) DeepCopyInto(out *IngressTLS)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LocalTypedReference 

type LocalTypedReference struct {
	// Kind of the referent.
	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
	// +optional
	Kind string `json:"kind,omitempty" protobuf:"bytes,1,opt,name=kind"`
	// Name of the referent.
	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
	// +optional
	Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"`
	// API version of the referent.
	// +optional
	APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,5,opt,name=apiVersion"`
}

LocalTypedReference contains enough information to let you inspect or modify the referred object.

func (*LocalTypedReference) DeepCopy 

func (in *LocalTypedReference) DeepCopy() *LocalTypedReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalTypedReference.

func (*LocalTypedReference) DeepCopyInto 

func (in *LocalTypedReference) DeepCopyInto(out *LocalTypedReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OAuth 

type OAuth struct {
	Host        string   `json:"host,omitempty"`
	AuthBackend string   `json:"authBackend,omitempty"`
	AuthPath    string   `json:"authPath,omitempty"`
	SigninPath  string   `json:"signinPath,omitempty"`
	Paths       []string `json:"paths,omitempty"`
}

func (*OAuth) DeepCopy 

func (in *OAuth) DeepCopy() *OAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth.

func (*OAuth) DeepCopyInto 

func (in *OAuth) DeepCopyInto(out *OAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Paths 

type Paths map[string]indices

+k8s:openapi-gen=false

func (Paths) DeepCopy 

func (in Paths) DeepCopy() Paths

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Paths.

func (Paths) DeepCopyInto 

func (in Paths) DeepCopyInto(out *Paths)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyProtocolVersion 

type ProxyProtocolVersion string

type RequestConditionType 

type RequestConditionType string
const (
	CertificateIssued      RequestConditionType = "Issued"
	CertificateFailed      RequestConditionType = "Failed"
	CertificateRateLimited RequestConditionType = "RateLimited"
)

These are the possible conditions for a certificate create request.

type TCPIngressRuleValue 

type TCPIngressRuleValue struct {
	// The network address to listen TCP connections on.
	Address string `json:"address,omitempty"`

	// port to listen tcp connections.
	Port intstr.IntOrString `json:"port,omitempty"`

	// Set noTLS = true to force plain text. Else, auto detect like present
	NoTLS bool `json:"noTLS,omitempty"`

	// Specifies the node port of the referenced service.
	NodePort intstr.IntOrString `json:"nodePort,omitempty"`

	// Backend to forward the requests.
	Backend IngressBackend `json:"backend,omitempty"`

	// Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS)
	// extension for application layer protocol negotiation. ALPN allows the application
	// layer to negotiate which protocol should be performed over a secure connection in a
	// manner which avoids additional round trips and which is independent of the application
	// layer protocols. It is used by HTTP/2.
	// If provided a list of alpn will be added to port as alpn option1,option2,...
	// If SecretName is Provided this secret will be used to terminate SSL with alpn options.
	// If Secret name is not provided backend server is responsible for handling SSL.
	// Note that, the order of the options indicates the preference
	// If the ALPN list contains "h2",  "option http-use-htx" will be added to enable HTX mode
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#option%20http-use-htx
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#alpn
	ALPN []string `json:"alpn,omitempty"`

	// HTTP protocol to use
	// If the Proto contains "h2",  "option http-use-htx" will be added to enable HTX mode
	// https://www.haproxy.com/blog/haproxy-1-9-2-adds-grpc-support/
	Proto string `json:"proto,omitempty"`
}

func (*TCPIngressRuleValue) DeepCopy 

func (in *TCPIngressRuleValue) DeepCopy() *TCPIngressRuleValue

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIngressRuleValue.

func (*TCPIngressRuleValue) DeepCopyInto 

func (in *TCPIngressRuleValue) DeepCopyInto(out *TCPIngressRuleValue)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSAuth 

type TLSAuth struct {
	SecretName   string              `json:"secretName,omitempty"`
	VerifyClient TLSAuthVerifyOption `json:"verifyClient,omitempty"`
	Headers      map[string]string   `json:"headers,omitempty"`
	ErrorPage    string              `json:"errorPage,omitempty"`
}

func (*TLSAuth) DeepCopy 

func (in *TLSAuth) DeepCopy() *TLSAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSAuth.

func (*TLSAuth) DeepCopyInto 

func (in *TLSAuth) DeepCopyInto(out *TLSAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSAuthVerifyOption 

type TLSAuthVerifyOption string
const (
	TLSAuthVerifyOptional TLSAuthVerifyOption = "optional"
	TLSAuthVerifyRequired TLSAuthVerifyOption = "required"
)

type Target 

type Target struct {
	PodPort  int
	NodePort int
}

func (*Target) DeepCopy 

func (in *Target) DeepCopy() *Target

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Target.

func (*Target) DeepCopyInto 

func (in *Target) DeepCopyInto(out *Target)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultStore 

type VaultStore struct {
	Name   string `json:"name,omitempty"`
	Prefix string `json:"prefix,omitempty"`
}

func (*VaultStore) DeepCopy 

func (in *VaultStore) DeepCopy() *VaultStore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultStore.

func (*VaultStore) DeepCopyInto 

func (in *VaultStore) DeepCopyInto(out *VaultStore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VolumeSource 

type VolumeSource struct {
	Name string `json:"name,omitempty"`
	// Secret represents a secret that should populate this volume.
	// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
	// +optional
	Secret *core.SecretVolumeSource `json:"secret,omitempty"`
	// ConfigMap represents a configMap that should populate this volume
	// +optional
	ConfigMap *core.ConfigMapVolumeSource `json:"configMap,omitempty"`
	// Items for all in one resources secrets, configmaps, and downward API
	// +optional
	Projected *core.ProjectedVolumeSource `json:"projected,omitempty"`
	// Path within the container at which the volume should be mounted.  Must
	// not contain ':'.
	MountPath string `json:"mountPath"`
}

Represents the source of a volume to mount. Only one of its members may be specified.

func (*VolumeSource) DeepCopy 

func (in *VolumeSource) DeepCopy() *VolumeSource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeSource.

func (*VolumeSource) DeepCopyInto 

func (in *VolumeSource) DeepCopyInto(out *VolumeSource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.