annotations

package
v1.29.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 11, 2024 License: Apache-2.0 Imports: 9 Imported by: 51

Documentation

Index

Constants

View Source 
const (
	// StatusPrefix is the prefix used in annotations used to record
	// debug information in the Ingress annotations.
	StatusPrefix = "ingress.kubernetes.io"

	// AllowHTTPKey tells the Ingress controller to allow/block HTTP access.
	// If either unset or set to true, the controller will create a
	// forwarding-rule for port 80, and any additional rules based on the TLS
	// section of the Ingress. If set to false, the controller will only create
	// rules for port 443 based on the TLS section.
	AllowHTTPKey = "kubernetes.io/ingress.allow-http"

	// GlobalStaticIPNameKey tells the Ingress controller to use a specific GCE
	// static ip for its forwarding rules. If specified, the Ingress controller
	// assigns the static ip by this name to the forwarding rules of the given
	// Ingress. The controller *does not* manage this ip, it is the users
	// responsibility to create/delete it.
	GlobalStaticIPNameKey = "kubernetes.io/ingress.global-static-ip-name"

	// RegionalStaticIPNameKey tells the Ingress controller to use a specific GCE
	// internal static ip for its forwarding rules. If specified, the Ingress controller
	// assigns the static ip by this name to the forwarding rules of the given
	// Ingress. The controller *does not* manage this ip, it is the users
	// responsibility to create/delete it.
	RegionalStaticIPNameKey = "kubernetes.io/ingress.regional-static-ip-name"

	// PreSharedCertKey represents the specific pre-shared SSL
	// certificate for the Ingress controller to use. The controller *does not*
	// manage this certificate, it is the users responsibility to create/delete it.
	// In GCP, the Ingress controller assigns the SSL certificate with this name
	// to the target proxies of the Ingress.
	PreSharedCertKey = "ingress.gcp.kubernetes.io/pre-shared-cert"

	// IngressClassKey picks a specific "class" for the Ingress. The controller
	// only processes Ingresses with this annotation either unset, or set
	// to either gceIngressClass or the empty string.
	IngressClassKey              = "kubernetes.io/ingress.class"
	GceIngressClass              = "gce"
	GceMultiIngressClass         = "gce-multi-cluster"
	GceL7ILBIngressClass         = "gce-internal"
	GceL7XLBRegionalIngressClass = "gce-regional-external"

	// Label key to denote which GCE zone a Kubernetes node is in.
	ZoneKey     = "topology.kubernetes.io/zone"
	DefaultZone = ""

	// InstanceGroupsAnnotationKey is the annotation key used by controller to
	// specify the name and zone of instance groups created for the ingress.
	// This is read only for users. Controller will overwrite any user updates.
	// This is only set for ingresses with ingressClass = "gce-multi-cluster"
	InstanceGroupsAnnotationKey = "ingress.gcp.kubernetes.io/instance-groups"

	// SuppressFirewallXPNErrorKey is the annotation key used by firewall
	// controller whether to suppress firewallXPNError.
	SuppressFirewallXPNErrorKey = "networking.gke.io/suppress-firewall-xpn-error"

	// FrontendConfigKey is the annotation key used by controller to specify
	// the FrontendConfig resource which should be associated with the Ingress.
	// The value of the annotation is the name of the FrontendConfig resource.
	// Examples:
	// - annotations:
	//     networking.gke.io/v1beta1.FrontendConfig: 'my-frontendconfig'
	FrontendConfigKey = "networking.gke.io/v1beta1.FrontendConfig"

	// UrlMapKey is the annotation key used by controller to record GCP URL map.
	UrlMapKey = StatusPrefix + "/url-map"
	// UrlMapKey is the annotation key used by controller to record GCP URL map used for Https Redirects only.
	RedirectUrlMapKey = StatusPrefix + "/redirect-url-map"
	// HttpForwardingRuleKey is the annotation key used by controller to record
	// GCP http forwarding rule.
	HttpForwardingRuleKey = StatusPrefix + "/forwarding-rule"
	// HttpsForwardingRuleKey is the annotation key used by controller to record
	// GCP https forwarding rule.
	HttpsForwardingRuleKey = StatusPrefix + "/https-forwarding-rule"
	// TargetHttpProxyKey is the annotation key used by controller to record
	// GCP target http proxy.
	TargetHttpProxyKey = StatusPrefix + "/target-proxy"
	// TargetHttpsProxyKey is the annotation key used by controller to record
	// GCP target https proxy.
	TargetHttpsProxyKey = StatusPrefix + "/https-target-proxy"
	// SSLCertKey is the annotation key used by controller to record GCP ssl cert.
	SSLCertKey = StatusPrefix + "/ssl-cert"
	// StaticIPKey is the annotation key used by controller to record GCP static ip.
	StaticIPKey = StatusPrefix + "/static-ip"
)
View Source 
const (
	// ServiceApplicationProtocolKey and GoogleServiceApplicationProtocolKey
	// is a stringified JSON map of port names to protocol strings.
	// Possible values are HTTP, HTTPS and HTTP2.
	// Example:
	// '{"my-https-port":"HTTPS","my-http-port":"HTTP"}'
	// Note: ServiceApplicationProtocolKey will be deprecated.
	ServiceApplicationProtocolKey       = "service.alpha.kubernetes.io/app-protocols"
	GoogleServiceApplicationProtocolKey = "cloud.google.com/app-protocols"

	// NEGAnnotationKey is the annotation key to enable GCE NEG.
	// The value of the annotation must be a valid JSON string in the format
	// specified by type NegAnnotation. To enable, must have either Ingress: true
	// or a non-empty ExposedPorts map referencing valid ServicePorts.
	// examples:
	// - `{"exposed_ports":{"80":{},"443":{}}}`
	// - `{"ingress":true}`
	// - `{"ingress": true,"exposed_ports":{"3000":{},"4000":{}}}`
	NEGAnnotationKey = "cloud.google.com/neg"

	// NEGStatusKey is the annotation key whose value is the status of the NEGs
	// on the Service, and is applied by the NEG Controller.
	NEGStatusKey = "cloud.google.com/neg-status"

	// BetaBackendConfigKey is a stringified JSON with two fields:
	// - "ports": a map of port names or port numbers to backendConfig names
	// - "default": denotes the default backendConfig name for all ports except
	// those are explicitly referenced.
	// Examples:
	// - '{"ports":{"my-https-port":"config-https","my-http-port":"config-http"}}'
	// - '{"default":"config-default","ports":{"my-https-port":"config-https"}}'
	BetaBackendConfigKey = "beta.cloud.google.com/backend-config"

	// BackendConfigKey is GA version of backend config key.
	BackendConfigKey = "cloud.google.com/backend-config"
	// NetworkTierAnnotationKey is annotated on a Service object to indicate which
	// network tier a GCP LB should use.
	// The valid values are "Standard" and "Premium" (default, if unspecified).
	NetworkTierAnnotationKey = "cloud.google.com/network-tier"

	// THCAnnotationKey is the boolean annotation key to enable Transparent Health Checks.
	THCAnnotationKey = "networking.gke.io/transparent-health-checker"

	// ProtocolHTTP protocol for a service
	ProtocolHTTP AppProtocol = "HTTP"
	// ProtocolHTTPS protocol for a service
	ProtocolHTTPS AppProtocol = "HTTPS"
	// ProtocolHTTP2 protocol for a service
	ProtocolHTTP2 AppProtocol = "HTTP2"

	IPv6Suffix = "-ipv6"
	// ServiceStatusPrefix is the prefix used in annotations used to record
	// debug information in the Service annotations. This is applicable to L4 ILB services.
	ServiceStatusPrefix = "service.kubernetes.io"
	// TCPForwardingRuleKey is the annotation key used by l4 controller to record
	// GCP TCP forwarding rule name.
	TCPForwardingRuleKey = ServiceStatusPrefix + "/tcp-" + ForwardingRuleResource
	// UDPForwardingRuleKey is the annotation key used by l4 controller to record
	// GCP UDP forwarding rule name.
	UDPForwardingRuleKey = ServiceStatusPrefix + "/udp-" + ForwardingRuleResource
	// TCPForwardingRuleIPv6Key is the annotation key used by l4 controller to record
	// GCP IPv6 TCP forwarding rule name.
	TCPForwardingRuleIPv6Key = TCPForwardingRuleKey + IPv6Suffix
	// UDPForwardingRuleIPv6Key is the annotation key used by l4 controller to record
	// GCP IPv6 UDP forwarding rule name.
	UDPForwardingRuleIPv6Key = UDPForwardingRuleKey + IPv6Suffix
	// BackendServiceKey is the annotation key used by l4 controller to record
	// GCP Backend service name.
	BackendServiceKey = ServiceStatusPrefix + "/" + BackendServiceResource
	// FirewallRuleKey is the annotation key used by l4 controller to record
	// GCP Firewall rule name.
	FirewallRuleKey = ServiceStatusPrefix + "/" + FirewallRuleResource
	// FirewallRuleIPv6Key is the annotation key used by l4 controller to record
	// GCP IPv6 Firewall rule name.
	FirewallRuleIPv6Key = FirewallRuleKey + IPv6Suffix
	// HealthcheckKey is the annotation key used by l4 controller to record
	// GCP Healthcheck name.
	HealthcheckKey = ServiceStatusPrefix + "/" + HealthcheckResource
	// FirewallRuleForHealthcheckKey is the annotation key used by l4 controller to record
	// the firewall rule name that allows healthcheck traffic.
	FirewallRuleForHealthcheckKey = ServiceStatusPrefix + "/" + FirewallForHealthcheckResource
	// FirewallRuleForHealthcheckIPv6Key is the annotation key used by l4 controller to record
	// the firewall rule name that allows IPv6 healthcheck traffic.
	FirewallRuleForHealthcheckIPv6Key  = FirewallRuleForHealthcheckKey + IPv6Suffix
	ForwardingRuleResource             = "forwarding-rule"
	ForwardingRuleIPv6Resource         = ForwardingRuleResource + IPv6Suffix
	BackendServiceResource             = "backend-service"
	FirewallRuleResource               = "firewall-rule"
	FirewallRuleIPv6Resource           = FirewallRuleResource + IPv6Suffix
	HealthcheckResource                = "healthcheck"
	FirewallForHealthcheckResource     = "firewall-rule-for-hc"
	FirewallForHealthcheckIPv6Resource = FirewallRuleForHealthcheckKey + IPv6Suffix
	AddressResource                    = "address"
	// TODO(slavik): import this from gce_annotations when it will be merged in k8s
	RBSAnnotationKey = "cloud.google.com/l4-rbs"
	RBSEnabled       = "enabled"
	// StrongSessionAffinity is a restricted feature that is enabled on
	// allow-listed projects only. If you need access to this feature for your
	// External L4 Load Balancer, please contact Google Cloud support team.
	StrongSessionAffinityAnnotationKey = "networking.gke.io/l4-strong-session-affinity"
	StrongSessionAffinityEnabled       = "enabled"
	// CustomSubnetAnnotationKey is the new way to specify custom subnet both for ILB and NetLB (only for IPv6)
	// Replaces networking.gke.io/internal-load-balancer-subnet with backward compatibility.
	CustomSubnetAnnotationKey = "networking.gke.io/load-balancer-subnet"
)

Variables

View Source 
var (
	ErrBackendConfigNoneFound         = errors.New("no BackendConfig's found in annotation")
	ErrBackendConfigInvalidJSON       = errors.New("BackendConfig annotation is invalid json")
	ErrBackendConfigAnnotationMissing = errors.New("BackendConfig annotation is missing")
	ErrNEGAnnotationInvalid           = errors.New("NEG annotation is invalid.")
	ErrTHCAnnotationInvalid           = errors.New("THC annotation is invalid")
)

Functions

func HasRBSAnnotation added in v1.24.0 

func HasRBSAnnotation(service *v1.Service) bool

HasRBSAnnotation checks if the given service has the RBS annotation.

func HasStrongSessionAffinityAnnotation added in v1.25.0 

func HasStrongSessionAffinityAnnotation(service *v1.Service) bool

HasStrongSessionAffinityAnnotation checks if the given service has the strong session affinity annotation.

func OnlyStatusAnnotationsChanged added in v1.10.2 

func OnlyStatusAnnotationsChanged(oldService, newService *v1.Service) bool

OnlyStatusAnnotationsChanged returns true if the only annotation change between the 2 services is the NEG or ILB resources annotations. Note : This assumes that the annotations in old and new service are different. If they are identical, this will return true.

func WantsL4ILB added in v1.9.0 

func WantsL4ILB(service *v1.Service) (bool, string)

WantsL4ILB checks if the given service requires L4 ILB. the function returns a boolean as well as the loadbalancer type(string).

func WantsL4NetLB added in v1.15.0 

func WantsL4NetLB(service *v1.Service) (bool, string)

WantsL4NetLB checks if the given service requires L4 NetLb.

Types

type AppProtocol 

type AppProtocol string

AppProtocol describes the service protocol.

type BackendConfigs added in v1.2.2 

type BackendConfigs struct {
	Default string            `json:"default,omitempty"`
	Ports   map[string]string `json:"ports,omitempty"`
}

type DestinationRuleNEGStatus added in v1.7.0 

type DestinationRuleNEGStatus struct {
	NetworkEndpointGroups PortSubsetNegMap `json:"network_endpoint_groups,omitempty"`
	// Zones is a list of zones where the NEGs exist.
	Zones []string `json:"zones,omitempty"`
}

DestinationRuleNEGStatus holds the NEGs Zones info. NetworkEndpointGroups(PortSubsetNegMap) is the mapping between subset to NEG name. Structure: { 

"subsetv1": {
			 "9080": "somehash-default-reviews-v1-9080",
  }
 "v2": {
			"9080": "somehash-default-reviews-v2-9080",
   }

}

func NewDestinationRuleNegStatus added in v1.7.0 

func NewDestinationRuleNegStatus(zones []string, portSubsetToNegs PortSubsetNegMap) DestinationRuleNEGStatus

NewDestinationRuleNegStatus generates a NegStatus denoting the current NEGs associated with the given PortSubsetNegMap.

func ParseDestinationRuleNEGStatus added in v1.8.0 

func ParseDestinationRuleNEGStatus(annotation string) (DestinationRuleNEGStatus, error)

ParseDestinationRuleNEGStatus parses the given annotation into DestinationRuleNEGStatus struct

func (DestinationRuleNEGStatus) Marshal added in v1.7.0 

func (ns DestinationRuleNEGStatus) Marshal() (string, error)

Marshal returns the DestinationRuleNEGStatus in json string.

type IPVersion added in v1.25.0 

type IPVersion = string

IPVersion represents compute.Address IpVersion field 

const (
	// StaticL4AddressesAnnotationKey is new annotation key to specify static IPs (by name) for the services.
	// Supports both IPv4 and IPv6
	StaticL4AddressesAnnotationKey = "networking.gke.io/load-balancer-ip-addresses"

	IPv4Version IPVersion = "IPV4"
	IPv6Version IPVersion = "IPV6"
)

type Ingress 

type Ingress struct {
	// contains filtered or unexported fields
}

Ingress represents ingress annotations.

func FromIngress 

func FromIngress(ing *v1.Ingress) *Ingress

FromIngress extracts the annotations from an Ingress definition.

func (*Ingress) AllowHTTP 

func (ing *Ingress) AllowHTTP() bool

AllowHTTP returns the allowHTTP flag. True by default.

func (*Ingress) FrontendConfig added in v1.6.0 

func (ing *Ingress) FrontendConfig() string

func (*Ingress) GlobalStaticIPName added in v1.9.9 

func (ing *Ingress) GlobalStaticIPName() string

func (*Ingress) IngressClass 

func (ing *Ingress) IngressClass() string

func (*Ingress) RegionalStaticIPName added in v1.9.9 

func (ing *Ingress) RegionalStaticIPName() string

func (*Ingress) StaticIPName 

func (ing *Ingress) StaticIPName() (string, error)

func (*Ingress) SuppressFirewallXPNError added in v1.4.0 

func (ing *Ingress) SuppressFirewallXPNError() bool

SuppressFirewallXPNError returns the SuppressFirewallXPNErrorKey flag. False by default.

func (*Ingress) UseNamedTLS 

func (ing *Ingress) UseNamedTLS() string

UseNamedTLS returns the name of the GCE SSL certificate. Empty by default.

type LoadBalancerType added in v1.21.0 

type LoadBalancerType string

LoadBalancerType defines a specific type for holding load balancer types (eg. Internal) 

const (
	// ServiceAnnotationLoadBalancerType is annotated on a service with type LoadBalancer
	// dictates what specific kind of GCP LB should be assembled.
	// Currently, only "Internal" is supported.
	ServiceAnnotationLoadBalancerType = "networking.gke.io/load-balancer-type"

	// LBTypeInternal is the constant for the official internal type.
	LBTypeInternal LoadBalancerType = "Internal"
)

func GetLoadBalancerAnnotationType added in v1.21.0 

func GetLoadBalancerAnnotationType(service *v1.Service) LoadBalancerType

GetLoadBalancerAnnotationType returns the type of GCP load balancer which should be assembled.

type NegAnnotation added in v1.2.2 

type NegAnnotation struct {
	// "Ingress" indicates whether to enable NEG feature for Ingress referencing
	// the service. Each NEG correspond to a service port.
	// NEGs will be created and managed under the following conditions:
	// 1. Service is referenced by ingress
	// 2. "ingress" is set to "true". Default to "false"
	// When the above conditions are satisfied, Ingress will create a load balancer
	//  and target corresponding NEGs as backends. Service Nodeport is not required.
	Ingress bool `json:"ingress,omitempty"`
	// ExposedPorts specifies the service ports to be exposed as stand-alone NEG.
	// The exposed NEGs will be created and managed by NEG controller.
	// ExposedPorts maps ServicePort to attributes of the NEG that should be
	// associated with the ServicePort.
	ExposedPorts map[int32]NegAttributes `json:"exposed_ports,omitempty"`
}

NegAnnotation is the format of the annotation associated with the NEGAnnotationKey key.

func (*NegAnnotation) NEGEnabled added in v1.3.1 

func (n *NegAnnotation) NEGEnabled() bool

NEGExposed is true if the service uses NEG

func (*NegAnnotation) NEGEnabledForIngress added in v1.3.1 

func (n *NegAnnotation) NEGEnabledForIngress() bool

NEGEnabledForIngress returns true if the annotation is to be applied on Ingress-referenced ports

func (*NegAnnotation) NEGExposed added in v1.3.1 

func (n *NegAnnotation) NEGExposed() bool

NEGExposed is true if the service exposes NEGs

func (*NegAnnotation) String added in v1.6.0 

func (n *NegAnnotation) String() string

type NegAttributes added in v1.2.2 

type NegAttributes struct {
	// Note - in the future, this will be used for custom naming of NEGs.
	// Currently has no effect.
	Name string `json:"name,omitempty"`
}

NegAttributes houses the attributes of the NEGs that are associated with the service. Future extensions to the Expose NEGs annotation should be added here.

type NegStatus added in v1.6.0 

type NegStatus struct {
	// NetworkEndpointGroups returns the mapping between service port and NEG
	// resource. key is service port, value is the name of the NEG resource.
	NetworkEndpointGroups PortNegMap `json:"network_endpoint_groups,omitempty"`
	// Zones is a list of zones where the NEGs exist.
	Zones []string `json:"zones,omitempty"`
}

NegStatus contains name and zone of the Network Endpoint Group resources associated with this service

func NewNegStatus added in v1.6.0 

func NewNegStatus(zones []string, portToNegs PortNegMap) NegStatus

NewNegStatus generates a NegStatus denoting the current NEGs associated with the given ports.

func ParseNegStatus added in v1.6.0 

func ParseNegStatus(annotation string) (NegStatus, error)

ParseNegStatus parses the given annotation into NEG status struct

func (NegStatus) Marshal added in v1.6.0 

func (ns NegStatus) Marshal() (string, error)

type PortNegMap added in v1.6.0 

type PortNegMap map[string]string

PortNegMap is the mapping between service port to NEG name

type PortSubsetNegMap added in v1.7.0 

type PortSubsetNegMap map[string]map[string]string

PortSubsetNegMap is the mapping between subset to NEG name.

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service represents Service annotations.

func FromService 

func FromService(obj *v1.Service) *Service

FromService extracts the annotations from an Service definition.

func (*Service) ApplicationProtocols 

func (svc *Service) ApplicationProtocols() (map[string]AppProtocol, error)

ApplicationProtocols returns a map of port (name or number) to the protocol on the port.

func (*Service) GetBackendConfigs added in v1.2.2 

func (svc *Service) GetBackendConfigs() (*BackendConfigs, error)

GetBackendConfigs returns BackendConfigs for the service.

func (*Service) GetExternalLoadBalancerAnnotationSubnet added in v1.24.0 

func (svc *Service) GetExternalLoadBalancerAnnotationSubnet() string

GetExternalLoadBalancerAnnotationSubnet returns the configured subnet to assign LoadBalancer IP from. Currently useful only for IPv6 External LoadBalancers.

func (*Service) GetInternalLoadBalancerAnnotationSubnet added in v1.24.0 

func (svc *Service) GetInternalLoadBalancerAnnotationSubnet() string

GetInternalLoadBalancerAnnotationSubnet returns the configured subnet to assign LoadBalancer IP from.

func (*Service) IPv4AddressAnnotation added in v1.25.0 

func (svc *Service) IPv4AddressAnnotation(cloud *gce.Cloud) (string, error)

IPv4AddressAnnotation return IPv4 address from networking.gke.io/load-balancer-ip-addresses annotation. If no IPv4 address found, returns empty string.

func (*Service) IPv6AddressAnnotation added in v1.25.0 

func (svc *Service) IPv6AddressAnnotation(cloud *gce.Cloud) (string, error)

IPv6AddressAnnotation return IPv6 address from networking.gke.io/load-balancer-ip-addresses annotation. If no IPv6 address found, returns empty string.

func (*Service) IsThcAnnotated added in v1.24.0 

func (svc *Service) IsThcAnnotated() (bool, error)

IsThcAnnotated returns true if a THC annotation is found and its value is true.

func (*Service) NEGAnnotation added in v1.3.1 

func (svc *Service) NEGAnnotation() (*NegAnnotation, bool, error)

NEGAnnotation returns true if NEG annotation is found. If found, it also returns NEG annotation struct.

func (*Service) NEGStatus added in v1.6.0 

func (svc *Service) NEGStatus() (*NegStatus, bool, error)

type THCAnnotation added in v1.24.0 

type THCAnnotation struct {
	// "enabled" indicates whether to enable the Transparent Health Checks feature.
	Enabled bool `json:"enabled,omitempty"`
}

THCAnnotation is the format of the annotation associated with the THCAnnotationKey key.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.