Documentation
¶
Overview ¶
Copyright The Voyager Authors.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright The Voyager Authors.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright The Voyager Authors.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Constants
- Variables
- func ProxyProtocolCommand(version string) string
- func Resource(resource string) schema.GroupResource
- type ACMECertificateDetails
- type AuthOption
- type BasicAuth
- type Certificate
- type CertificateCondition
- type CertificateDetails
- type CertificateList
- type CertificateSpec
- type CertificateStatus
- type CertificateStorage
- type ChallengeProvider
- type DNSChallengeProvider
- type FrontendRule
- type HTTPChallengeProvider
- type HTTPIngressBackend
- type HTTPIngressPath
- type HTTPIngressRuleValue
- type Ingress
- type IngressBackend
- type IngressList
- type IngressRef
- type IngressRule
- type IngressRuleValue
- type IngressSpec
- type IngressStatus
- type IngressTLS
- type LocalTypedReference
- type OAuth
- type ProxyProtocolVersion
- type RequestConditionType
- type TCPIngressRuleValue
- type TLSAuth
- type TLSAuthVerifyOption
- type VaultStore
- type VolumeSource
Constants ¶
const ( EngressKey = "ingress.appscode.com" APISchema = EngressKey + "/" + "api-schema" // APISchema = {APIGroup}/{APIVersion} APISchemaEngress = "voyager.appscode.com" + "/v1beta1" APISchemaIngress = "extensions/v1beta1" VoyagerPrefix = "voyager-" // LB stats options StatsOn = EngressKey + "/" + "stats" StatsPort = EngressKey + "/" + "stats-port" StatsSecret = EngressKey + "/" + "stats-secret-name" StatsServiceName = EngressKey + "/" + "stats-service-name" DefaultStatsPort = 56789 LBTypeHostPort = "HostPort" LBTypeNodePort = "NodePort" LBTypeLoadBalancer = "LoadBalancer" // default LBTypeInternal = "Internal" LBType = EngressKey + "/" + "type" // Replicas specify # of HAProxy pods run (default 1) Replicas = EngressKey + "/" + "replicas" // IP to be assigned to cloud load balancer LoadBalancerIP = EngressKey + "/" + "load-balancer-ip" // IP or empty // BackendWeight is the weight value of a Pod that was // addressed by the Endpoint, this weight will be added to server backend. // Traffic will be forwarded according to there weight. BackendWeight = EngressKey + "/" + "backend-weight" // https://github.com/appscode/voyager/issues/103 // ServiceAnnotations is user provided annotations map that will be // applied to the service of that LoadBalancer. // ex: "ingress.appscode.com/annotations-service": {"key": "val"} ServiceAnnotations = EngressKey + "/" + "annotations-service" LastAppliedAnnotationKeys = EngressKey + "/" + "last-applied-annotation-keys" // PodAnnotations is user provided annotations map that will be // applied to the Pods (Deployment/ DaemonSet) of that LoadBalancer. // ex: "ingress.appscode.com/annotations-pod": {"key": "val"} PodAnnotations = EngressKey + "/" + "annotations-pod" // Preserves source IP for LoadBalancer type ingresses. The actual configuration // generated depends on the underlying cloud provider. // // - gce, gke, azure: Sets "ExternalTrafficPolicy" to "Local" for HAProxy services. // Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip // // - aws: Enables accept-proxy. // Enforces the use of the PROXY protocol over any connection accepted by any of // the sockets declared on the same line. Versions 1 and 2 of the PROXY protocol // are supported and correctly detected. The PROXY protocol dictates the layer // 3/4 addresses of the incoming connection to be used everywhere an address is // used, with the only exception of "tcp-request connection" rules which will // only see the real connection address. Logs will reflect the addresses // indicated in the protocol, unless it is violated, in which case the real // address will still be used. This keyword combined with support from external // components can be used as an efficient and reliable alternative to the // X-Forwarded-For mechanism which is not always reliable and not even always // usable. See also "tcp-request connection expect-proxy" for a finer-grained // setting of which client is allowed to use the protocol. // Ref: https://github.com/kubernetes/kubernetes/blob/release-1.5/pkg/cloudprovider/providers/aws/aws.go#L79 KeepSourceIP = EngressKey + "/" + "keep-source-ip" // https://github.com/appscode/voyager/issues/1128 HealthCheckNodeport = EngressKey + "/" + "health-check-nodeport" // Enforces the use of the PROXY protocol over any connection accepted by HAProxy. AcceptProxy = EngressKey + "/" + "accept-proxy" // Enforces use of the PROXY protocol over any connection established to this server. // Possible values are "v1", "v2", "v2-ssl" and "v2-ssl-cn" SendProxy = EngressKey + "/" + "send-proxy" // Annotations applied to resources offshoot from an ingress OriginAPISchema = EngressKey + "/" + "origin-api-schema" // APISchema = {APIGroup}/{APIVersion} OriginName = EngressKey + "/" + "origin-name" // https://github.com/appscode/voyager/issues/280 // Supports all valid timeout option for defaults section of HAProxy // https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-timeout%20check // expects a json encoded map // ie: "ingress.appscode.com/default-timeout": {"client": "5s"} // // If the annotation is not set default values used to config defaults section will be: // // timeout connect 5s // timeout client 50s // timeout client-fin 50s // timeout server 50s // timeout tunnel 50s DefaultsTimeOut = EngressKey + "/" + "default-timeout" // Defines the maximum time allowed to perform a clean soft-stop. // https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#hard-stop-after HardStopAfter = EngressKey + "/" + "hard-stop-after" DefaultHardStopAfter = "30s" // https://github.com/appscode/voyager/issues/343 // Supports all valid options for defaults section of HAProxy config // https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-option%20abortonclose // from the list from here // expects a json encoded map // ie: "ingress.appscode.com/default-option": '{"http-keep-alive": "true", "dontlognull": "true", "clitcpka": "false"}' // This will be appended in the defaults section of HAProxy as // // option http-keep-alive // option dontlognull // no option clitcpka // DefaultsOption = EngressKey + "/" + "default-option" // Available Options: // // ssl: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.2-ssl // Creates a TLS/SSL socket when connecting to this server in order to cipher/decipher the traffic. // If verify not set the following error may occurred: // [/etc/haproxy/haproxy.cfg:49] verify is enabled by default but no CA file specified. // If you're running on a LAN where you're certain to trust the server's certificate, // please set an explicit 'verify none' statement on the 'server' line, or use // 'ssl-server-verify none' in the global section to disable server-side verifications by default. // // verify [none|required]: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.2-verify // Sets HAProxy‘s behavior regarding the certificated presented by the server: // - none : Doesn’t verify the certificate of the server // - required (default value) : TLS handshake is aborted if the validation of the certificate presented by the server returns an error. // // verifyhost <hostname>: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.2-verifyhost // Sets a <hostname> to look for in the Subject and SubjectAlternateNames fields provided in the // certificate sent by the server. If <hostname> can’t be found, then the TLS handshake is aborted. // This only applies when verify required is configured. // // Example: ingress.appscode.com/backend-tls: "ssl verify none" // // If this annotation is not set HAProxy will connect to backend as http. // This value should not be set if the backend do not support https resolution. BackendTLSOptions = EngressKey + "/backend-tls" // Specify a method to stick clients to origins across requests. // Only supported value is "cookie". // Annotations could be applied to either Ingress or backend Service // If applied to Ingress, all the backend connections would be sticky // If applied to Service and Ingress do not have this annotation only // connection to that backend service will be sticky. IngressAffinity = EngressKey + "/affinity" // When affinity is set to "cookie", the name of the cookie to use. IngressAffinitySessionCookieName = EngressKey + "/session-cookie-name" // When affinity is set to "cookie", the hash algorithm used: md5, sha, index. IngressAffinitySessionCookieHash = EngressKey + "/session-cookie-hash" // Basic Auth: Follows ingress controller standard // https://github.com/kubernetes/ingress/tree/master/examples/auth/basic/haproxy // HAProxy Ingress read user and password from auth file stored on secrets, one // user and password per line. // Each line of the auth file should have: // user and insecure password separated with a pair of colons: <username>::<plain-text-passwd>; or // user and an encrypted password separated with colons: <username>:<encrypted-passwd> // Secret name, realm and type are configured with annotations in the ingress // Auth can only be applied to HTTP backends. // Only supported type is basic AuthType = EngressKey + "/auth-type" // an optional string with authentication realm AuthRealm = EngressKey + "/auth-realm" // name of the auth secret AuthSecret = EngressKey + "/auth-secret" // Name of secret for TLS client certification validation. AuthTLSSecret = EngressKey + "/auth-tls-secret" // The page that user should be redirected in case of Auth error AuthTLSErrorPage = EngressKey + "/auth-tls-error-page" // Enables verification of client certificates. AuthTLSVerifyClient = EngressKey + "/auth-tls-verify-client" // Enables CORS headers in response. // Setting this annotations in ingress will add CORS headers to all HTTP // frontend. If we need to add cors headers only on specific frontend we can also // configure this using FrontendRules for specific frontend. // http://blog.nasrulhazim.com/2017/07/haproxy-setting-up-cors/ CORSEnabled = EngressKey + "/enable-cors" CORSAllowedMethods = EngressKey + "/cors-allow-methods" CORSAllowedHeaders = EngressKey + "/cors-allow-headers" CORSAllowedOrigin = EngressKey + "/cors-allow-origin" CORSAllowCredentials = EngressKey + "/cors-allow-credentials" // Maximum http request body size. This returns the advertised length of the HTTP request's body in bytes. It // will represent the advertised Content-Length header // http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7.3.6-req.body_size // ProxyBodySize = EngressKey + "/proxy-body-size" // Pass TLS connections directly to backend; do not offload. SSLPassthrough = EngressKey + "/ssl-passthrough" EnableHSTS = EngressKey + "/hsts" // This specifies the time (in seconds) the browser should connect to the server using the HTTPS connection. // https://blog.stackpath.com/glossary/hsts/ HSTSMaxAge = EngressKey + "/hsts-max-age" HSTSPreload = EngressKey + "/hsts-preload" // If specified, this HSTS rule applies to all of the site's subdomains as well. HSTSIncludeSubDomains = EngressKey + "/hsts-include-subdomains" WhitelistSourceRange = EngressKey + "/whitelist-source-range" MaxConnections = EngressKey + "/max-connections" // https://github.com/appscode/voyager/issues/552 UseNodePort = EngressKey + "/use-node-port" SSLRedirect = EngressKey + "/ssl-redirect" ForceSSLRedirect = EngressKey + "/force-ssl-redirect" // https://github.com/appscode/voyager/issues/525 ErrorFiles = EngressKey + "/errorfiles" // Limit requests per second per IP address // http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.3-sc_conn_rate // https://serverfault.com/a/679172/349346 // https://discourse.haproxy.org/t/solved-how-to-configure-basic-ddos-protection-when-behind-aws-elb-x-forwarded-for/932 // https://www.haproxy.com/blog/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/ LimitRPS = EngressKey + "/limit-rps" // Limit requests per minute per IP address LimitRPM = EngressKey + "/limit-rpm" // http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.3-src_conn_cur // https://www.haproxy.com/blog/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/ LimitConnection = EngressKey + "/limit-connection" // https://github.com/appscode/voyager/issues/683 // https://www.haproxy.com/documentation/aloha/7-0/haproxy/healthchecks/ CheckHealth = EngressKey + "/" + "check" CheckHealthPort = EngressKey + "/" + "check-port" // https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/rewrite/README.md RewriteTarget = EngressKey + "/" + "rewrite-target" // Workload controller to use run HAProxy pods WorkloadKind = EngressKey + "/" + "workload-kind" // ref: https://github.com/appscode/voyager/issues/1054 NodeSelector = EngressKey + "/" + "node-selector" Tolerations = EngressKey + "/" + "tolerations" // https://github.com/appscode/voyager/issues/1210 // http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#agent-check AgentPort = EngressKey + "/" + "agent-port" AgentInterval = EngressKey + "/" + "agent-interval" )
const ( ACMEUserEmail = "ACME_EMAIL" ACMEUserPrivatekey = "ACME_USER_PRIVATE_KEY" ACMERegistrationData = "ACME_REGISTRATION_DATA" ACMEServerURL = "ACME_SERVER_URL" )
const ( // ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md#cors-related CORSDefaultAllowedMethods = "GET,PUT,POST,DELETE,PATCH,OPTIONS" CORSDefaultAllowedHeaders = "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization" )
const ( ResourceKindCertificate = "Certificate" ResourceCertificate = "certificate" ResourceCertificates = "certificates" )
const ( ProviderMinikube = "minikube" ProviderAWS = "aws" ProviderGCE = "gce" ProviderGKE = "gke" ProviderAzure = "azure" ProviderAKS = "aks" ProviderACS = "acs" ProviderHTTP = "http" )
const ( ResourceKindIngress = "Ingress" ResourceIngress = "ingress" ResourceIngresses = "ingresses" )
const (
MatchAll = "*"
)
Variables ¶
var ( // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: "voyager.appscode.com", Version: "v1beta1"}
Functions ¶
func ProxyProtocolCommand ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type ACMECertificateDetails ¶
type ACMECertificateDetails struct {
Domain string `json:"domain"`
CertURL string `json:"certUrl"`
CertStableURL string `json:"certStableUrl"`
AccountRef string `json:"accountRef,omitempty"`
}
func (*ACMECertificateDetails) DeepCopy ¶
func (in *ACMECertificateDetails) DeepCopy() *ACMECertificateDetails
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMECertificateDetails.
func (*ACMECertificateDetails) DeepCopyInto ¶
func (in *ACMECertificateDetails) DeepCopyInto(out *ACMECertificateDetails)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthOption ¶
type AuthOption struct {
Basic *BasicAuth `json:"basic,omitempty"`
TLS *TLSAuth `json:"tls,omitempty"`
OAuth []OAuth `json:"oauth,omitempty"`
}
func (*AuthOption) DeepCopy ¶
func (in *AuthOption) DeepCopy() *AuthOption
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthOption.
func (*AuthOption) DeepCopyInto ¶
func (in *AuthOption) DeepCopyInto(out *AuthOption)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BasicAuth ¶
type BasicAuth struct {
SecretName string `json:"secretName,omitempty"`
Realm string `json:"realm,omitempty"`
}
func (*BasicAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BasicAuth.
func (*BasicAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Certificate ¶
type Certificate struct {
metav1.TypeMeta `json:",inline,omitempty"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec CertificateSpec `json:"spec,omitempty"`
Status CertificateStatus `json:"status,omitempty"`
}
+kubebuilder:object:root=true +kubebuilder:resource:path=certificates,singular=certificate,shortName=cert,categories={networking,appscode,all} +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Domains",type="string",JSONPath=".spec.domains[0]" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
func (*Certificate) DeepCopy ¶
func (in *Certificate) DeepCopy() *Certificate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate.
func (*Certificate) DeepCopyInto ¶
func (in *Certificate) DeepCopyInto(out *Certificate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Certificate) DeepCopyObject ¶
func (in *Certificate) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateCondition ¶
type CertificateCondition struct {
// request approval state, currently Approved or Denied.
Type RequestConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=RequestConditionType"`
// brief reason for the request state
// +optional
Reason string `json:"reason,omitempty" protobuf:"bytes,2,opt,name=reason"`
// human readable message with details about the request state
// +optional
Message string `json:"message,omitempty" protobuf:"bytes,3,opt,name=message"`
// timestamp for the last update to this condition
// +optional
LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty" protobuf:"bytes,4,opt,name=lastUpdateTime"`
}
func (*CertificateCondition) DeepCopy ¶
func (in *CertificateCondition) DeepCopy() *CertificateCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateCondition.
func (*CertificateCondition) DeepCopyInto ¶
func (in *CertificateCondition) DeepCopyInto(out *CertificateCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateDetails ¶
type CertificateDetails struct {
SerialNumber string `json:"serialNumber,omitempty"`
NotBefore metav1.Time `json:"notBefore,omitempty"`
NotAfter metav1.Time `json:"notAfter,omitempty"`
CertURL string `json:"certURL"`
CertStableURL string `json:"certStableURL"`
AccountRef string `json:"accountRef,omitempty"`
}
func (*CertificateDetails) DeepCopy ¶
func (in *CertificateDetails) DeepCopy() *CertificateDetails
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateDetails.
func (*CertificateDetails) DeepCopyInto ¶
func (in *CertificateDetails) DeepCopyInto(out *CertificateDetails)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateList ¶
type CertificateList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Certificate `json:"items,omitempty"`
}
func (*CertificateList) DeepCopy ¶
func (in *CertificateList) DeepCopy() *CertificateList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateList.
func (*CertificateList) DeepCopyInto ¶
func (in *CertificateList) DeepCopyInto(out *CertificateList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateList) DeepCopyObject ¶
func (in *CertificateList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateSpec ¶
type CertificateSpec struct {
// Tries to obtain a single certificate using all domains passed into Domains.
// The first domain in domains is used for the CommonName field of the certificate, all other
// domains are added using the Subject Alternate Names extension.
Domains []string `json:"domains,omitempty"`
// ChallengeProvider details to verify domains
ChallengeProvider ChallengeProvider `json:"challengeProvider"`
// Secret contains ACMEUser information. Secret must contain a key `email`
// If empty tries to find an Secret via domains
// if not found create an ACMEUser and stores as a secret.
// Secrets key to be expected:
// ACME_EMAIL -> required, if not provided it will through error.
// ACME_SERVER_URL -> custom server url to generate certificates, default is lets encrypt.
// ACME_USER_DATA -> user data, if not found one will be created for the provided email,
// and stored in the key.
ACMEUserSecretName string `json:"acmeUserSecretName"`
// Storage backend to store the certificates currently, kubernetes secret and vault.
Storage CertificateStorage `json:"storage,omitempty"`
// Indicates that the certificate is paused.
// +optional
Paused bool `json:"paused,omitempty"`
// Configure certificate renewal buffer period in days. Default 15 days.
RenewalBufferDays int32 `json:"renewalBufferDays,omitempty"`
}
func (*CertificateSpec) DeepCopy ¶
func (in *CertificateSpec) DeepCopy() *CertificateSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.
func (*CertificateSpec) DeepCopyInto ¶
func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateStatus ¶
type CertificateStatus struct {
// observedGeneration is the most recent generation observed for this resource. It corresponds to the
// resource's generation, which is updated on mutation by the API Server.
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
CreationTime *metav1.Time `json:"creationTime,omitempty"`
Conditions []CertificateCondition `json:"conditions,omitempty"`
LastIssuedCertificate *CertificateDetails `json:"lastIssuedCertificate,omitempty"`
}
func (*CertificateStatus) DeepCopy ¶
func (in *CertificateStatus) DeepCopy() *CertificateStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStatus.
func (*CertificateStatus) DeepCopyInto ¶
func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateStorage ¶
type CertificateStorage struct {
Secret *core.LocalObjectReference `json:"secret,omitempty"`
Vault *VaultStore `json:"vault,omitempty"`
}
func (*CertificateStorage) DeepCopy ¶
func (in *CertificateStorage) DeepCopy() *CertificateStorage
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStorage.
func (*CertificateStorage) DeepCopyInto ¶
func (in *CertificateStorage) DeepCopyInto(out *CertificateStorage)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ChallengeProvider ¶
type ChallengeProvider struct {
HTTP *HTTPChallengeProvider `json:"http,omitempty"`
DNS *DNSChallengeProvider `json:"dns,omitempty"`
}
func (*ChallengeProvider) DeepCopy ¶
func (in *ChallengeProvider) DeepCopy() *ChallengeProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeProvider.
func (*ChallengeProvider) DeepCopyInto ¶
func (in *ChallengeProvider) DeepCopyInto(out *ChallengeProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DNSChallengeProvider ¶
type DNSChallengeProvider struct {
// DNS Provider from the list https://github.com/appscode/voyager/blob/master/docs/tasks/certificate/providers.md
Provider string `json:"provider,omitempty"`
CredentialSecretName string `json:"credentialSecretName,omitempty"`
}
func (*DNSChallengeProvider) DeepCopy ¶
func (in *DNSChallengeProvider) DeepCopy() *DNSChallengeProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSChallengeProvider.
func (*DNSChallengeProvider) DeepCopyInto ¶
func (in *DNSChallengeProvider) DeepCopyInto(out *DNSChallengeProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FrontendRule ¶
type FrontendRule struct {
// Port indicates the frontend port where HAProxy is listening for connection
Port intstr.IntOrString `json:"port,omitempty"`
// Serialized rules
Rules []string `json:"rules,omitempty"`
Auth *AuthOption `json:"auth,omitempty"`
}
func (*FrontendRule) DeepCopy ¶
func (in *FrontendRule) DeepCopy() *FrontendRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FrontendRule.
func (*FrontendRule) DeepCopyInto ¶
func (in *FrontendRule) DeepCopyInto(out *FrontendRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPChallengeProvider ¶
type HTTPChallengeProvider struct {
Ingress LocalTypedReference `json:"ingress,omitempty"`
}
func (*HTTPChallengeProvider) DeepCopy ¶
func (in *HTTPChallengeProvider) DeepCopy() *HTTPChallengeProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPChallengeProvider.
func (*HTTPChallengeProvider) DeepCopyInto ¶
func (in *HTTPChallengeProvider) DeepCopyInto(out *HTTPChallengeProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPIngressBackend ¶
type HTTPIngressBackend struct {
IngressBackend `json:",inline,omitempty"`
// Path rewrite rules with haproxy formatted regex.
//
// Deprecated: Use backendRule, will be removed.
RewriteRules []string `json:"rewriteRules,omitempty"`
// Header rules to modifies the header.
//
// Deprecated: Use backendRule, will be removed.
HeaderRules []string `json:"headerRules,omitempty"`
}
func (*HTTPIngressBackend) DeepCopy ¶
func (in *HTTPIngressBackend) DeepCopy() *HTTPIngressBackend
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPIngressBackend.
func (*HTTPIngressBackend) DeepCopyInto ¶
func (in *HTTPIngressBackend) DeepCopyInto(out *HTTPIngressBackend)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPIngressPath ¶
type HTTPIngressPath struct {
// Path is a extended POSIX regex as defined by IEEE Std 1003.1,
// (i.e this follows the egrep/unix syntax, not the perl syntax)
// matched against the path of an incoming request. Currently it can
// contain characters disallowed from the conventional "path"
// part of a URL as defined by RFC 3986. Paths must begin with
// a '/'. If unspecified, the path defaults to a catch all sending
// traffic to the backend.
Path string `json:"path,omitempty"`
// Backend defines the referenced service endpoint to which the traffic
// will be forwarded to.
Backend HTTPIngressBackend `json:"backend,omitempty"`
}
HTTPIngressPath associates a path regex with a backend. Incoming urls matching the path are forwarded to the backend.
func (*HTTPIngressPath) DeepCopy ¶
func (in *HTTPIngressPath) DeepCopy() *HTTPIngressPath
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPIngressPath.
func (*HTTPIngressPath) DeepCopyInto ¶
func (in *HTTPIngressPath) DeepCopyInto(out *HTTPIngressPath)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPIngressRuleValue ¶
type HTTPIngressRuleValue struct {
// The network address to listen HTTP(s) connections on.
Address string `json:"address,omitempty"`
// port to listen http(s) connections.
Port intstr.IntOrString `json:"port,omitempty"`
// Set noTLS = true to force plain text. Else, auto detect like present
NoTLS bool `json:"noTLS,omitempty"`
// Specifies the node port of the referenced service.
NodePort intstr.IntOrString `json:"nodePort,omitempty"`
// Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS)
// extension for application layer protocol negotiation. ALPN allows the application
// layer to negotiate which protocol should be performed over a secure connection in a
// manner which avoids additional round trips and which is independent of the application
// layer protocols. It is used by HTTP/2.
// If provided a list of alpn will be added to port as alpn option1,option2,...
// If SecretName is Provided this secret will be used to terminate SSL with alpn options.
// If Secret name is not provided backend server is responsible for handling SSL.
// Note that, the order of the options indicates the preference
// If the ALPN list contains "h2", "option http-use-htx" will be added to enable HTX mode
// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#option%20http-use-htx
// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#alpn
ALPN []string `json:"alpn,omitempty"`
// HTTP protocol to use
// If the Proto contains "h2", "option http-use-htx" will be added to enable HTX mode
// https://www.haproxy.com/blog/haproxy-1-9-2-adds-grpc-support/
Proto string `json:"proto,omitempty"`
// A collection of paths that map requests to backends.
Paths []HTTPIngressPath `json:"paths"`
}
HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http://<host>/<path>?<searchpart> -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'.
func (*HTTPIngressRuleValue) DeepCopy ¶
func (in *HTTPIngressRuleValue) DeepCopy() *HTTPIngressRuleValue
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPIngressRuleValue.
func (*HTTPIngressRuleValue) DeepCopyInto ¶
func (in *HTTPIngressRuleValue) DeepCopyInto(out *HTTPIngressRuleValue)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Ingress ¶
type Ingress struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec is the desired state of the Ingress.
// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#spec-and-status
Spec IngressSpec `json:"spec,omitempty"`
// Status is the current state of the Ingress.
// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#spec-and-status
Status IngressStatus `json:"status,omitempty"`
}
+kubebuilder:object:root=true +kubebuilder:resource:path=ingresses,singular=ingress,shortName=ing,categories={networking,appscode,all} +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Hosts",type="string",JSONPath=".spec.rules[0].host" +kubebuilder:printcolumn:name="LOAD_BALANCER_IP",type="string",JSONPath=".status.loadBalancer.ingress" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
func (*Ingress) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ingress.
func (*Ingress) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Ingress) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (Ingress) OffshootName ¶
type IngressBackend ¶
type IngressBackend struct {
// User can specify backend name for using it with custom acl
// Otherwise it will be generated
Name string `json:"name,omitempty"`
// Host names to forward traffic to. If empty traffic will be
// forwarded to all subsets instance.
// If set only matched hosts will get the traffic.
// This is an handy way to send traffic to Specific
// StatefulSet pod.
// IE. Setting [web-0] will send traffic to only web-0 host
// for this StatefulSet, https://kubernetes.io/docs/tasks/stateful-application/basic-stateful-set/#creating-a-statefulset
HostNames []string `json:"hostNames,omitempty"`
// Specifies the name of the referenced service.
ServiceName string `json:"serviceName,omitempty"`
// Specifies the port of the referenced service.
ServicePort intstr.IntOrString `json:"servicePort,omitempty"`
// Serialized HAProxy rules to apply on server backend including
// request, response or header rewrite. acls also can be used.
// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#1
BackendRules []string `json:"backendRules,omitempty"`
// Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS)
// extension for application layer protocol negotiation. ALPN allows the application
// layer to negotiate which protocol should be performed over a secure connection in a
// manner which avoids additional round trips and which is independent of the application
// layer protocols. It is used by HTTP/2.
// If provided a list of alpn will be added to port as alpn option1,option2,...
// If SecretName is Provided this secret will be used to terminate SSL with alpn options.
// If Secret name is not provided backend server is responsible for handling SSL.
// Note that, the order of the options indicates the preference
// If the ALPN list contains "h2", "option http-use-htx" will be added to enable HTX mode
// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#option%20http-use-htx
// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#alpn
ALPN []string `json:"alpn,omitempty"`
// HTTP protocol to use
// If the Proto contains "h2", "option http-use-htx" will be added to enable HTX mode
// https://www.haproxy.com/blog/haproxy-1-9-2-adds-grpc-support/
Proto string `json:"proto,omitempty"`
// Define the load balancing algorithm to be used in a backend.
// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#balance
LoadBalanceOn string `json:"loadBalanceOn,omitempty"`
}
IngressBackend describes all endpoints for a given service and port.
func (*IngressBackend) DeepCopy ¶
func (in *IngressBackend) DeepCopy() *IngressBackend
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressBackend.
func (*IngressBackend) DeepCopyInto ¶
func (in *IngressBackend) DeepCopyInto(out *IngressBackend)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IngressList ¶
type IngressList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#metadata
metav1.ListMeta `json:"metadata,omitempty"`
// Items is the list of Ingress.
Items []Ingress `json:"items"`
}
IngressList is a collection of Ingress.
func (*IngressList) DeepCopy ¶
func (in *IngressList) DeepCopy() *IngressList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressList.
func (*IngressList) DeepCopyInto ¶
func (in *IngressList) DeepCopyInto(out *IngressList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IngressList) DeepCopyObject ¶
func (in *IngressList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IngressRef ¶
type IngressRef struct {
APISchema string `json:"apiSchema"`
Name string `json:"name"`
Namespace string `json:"namespace"`
}
func (*IngressRef) DeepCopy ¶
func (in *IngressRef) DeepCopy() *IngressRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressRef.
func (*IngressRef) DeepCopyInto ¶
func (in *IngressRef) DeepCopyInto(out *IngressRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IngressRule ¶
type IngressRule struct {
// Host is the fully qualified domain name of a network host, as defined
// by RFC 3986. Note the following deviations from the "host" part of the
// URI as defined in the RFC:
// 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the
// IP in the Spec of the parent Ingress.
// 2. The `:` delimiter is not respected because ports are not allowed.
// Currently the port of an Ingress is implicitly :80 for http and
// :443 for https.
// Both these may change in the future.
// Incoming requests are matched against the host before the IngressRuleValue.
// If the host is unspecified, the Ingress routes all traffic based on the
// specified IngressRuleValue.
Host string `json:"host,omitempty"`
// IngressRuleValue represents a rule to route requests for this IngressRule.
// If unspecified, the rule defaults to a http catch-all. Whether that sends
// just traffic matching the host to the default backend or all traffic to the
// default backend, is left to the controller fulfilling the Ingress. Http and TCP are
// currently supported IngressRuleValue.
IngressRuleValue `json:",inline,omitempty"`
}
IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue.
func (*IngressRule) DeepCopy ¶
func (in *IngressRule) DeepCopy() *IngressRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressRule.
func (*IngressRule) DeepCopyInto ¶
func (in *IngressRule) DeepCopyInto(out *IngressRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IngressRuleValue ¶
type IngressRuleValue struct {
HTTP *HTTPIngressRuleValue `json:"http,omitempty"`
TCP *TCPIngressRuleValue `json:"tcp,omitempty"`
}
IngressRuleValue represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. Currently mixing different types of rules in a single Ingress is disallowed, so exactly one of the following must be set.
func (*IngressRuleValue) DeepCopy ¶
func (in *IngressRuleValue) DeepCopy() *IngressRuleValue
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressRuleValue.
func (*IngressRuleValue) DeepCopyInto ¶
func (in *IngressRuleValue) DeepCopyInto(out *IngressRuleValue)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IngressSpec ¶
type IngressSpec struct {
// A default backend capable of servicing requests that don't match any
// rule. At least one of 'backend' or 'rules' must be specified. This field
// is optional to allow the loadbalancer controller or defaulting logic to
// specify a global default.
Backend *HTTPIngressBackend `json:"backend,omitempty"`
// TLS is the TLS configuration. Currently the Ingress only supports a single TLS
// port, 443, and assumes TLS termination. If multiple members of this
// list specify different hosts, they will be multiplexed on the same
// port according to the hostname specified through the SNI TLS extension.
TLS []IngressTLS `json:"tls,omitempty"`
// Config volumes are used to mount any secret or configmap into HAProxy pods.
ConfigVolumes []VolumeSource `json:"configVolumes,omitempty"`
// Frontend rules specifies a set of rules that should be applied in
// HAProxy frontend configuration. The set of keywords are from here
// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.1
// Only frontend sections can be applied here. It is up to user to
// provide valid set of rules.
// This allows acls or other options in frontend sections in HAProxy config.
// Frontend rules will be mapped with Ingress Rules according to port.
FrontendRules []FrontendRule `json:"frontendRules,omitempty"`
// A list of host rules used to configure the Ingress. If unspecified, or
// no rule matches, all traffic is sent to the default backend.
Rules []IngressRule `json:"rules,omitempty"`
// Optional: If specified and supported by the platform, this will restrict traffic through the cloud-provider
// load-balancer will be restricted to the specified client IPs. This field will be ignored if the
// cloud-provider does not support the feature.
// https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
LoadBalancerSourceRanges []string `json:"loadBalancerSourceRanges,omitempty"`
// Compute Resources required by the sidecar container.
Resources core.ResourceRequirements `json:"resources,omitempty"`
// NodeSelector is a selector which must be true for the pod to fit on a node.
// Selector which must match a node's labels for the pod to be scheduled on that node.
// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// If specified, the pod's scheduling constraints
// +optional
Affinity *core.Affinity `json:"affinity,omitempty"`
// If specified, the pod will be dispatched by specified scheduler.
// If not specified, the pod will be dispatched by default scheduler.
// +optional
SchedulerName string `json:"schedulerName,omitempty"`
// If specified, the pod's tolerations.
// +optional
Tolerations []core.Toleration `json:"tolerations,omitempty"`
// ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
// If specified, these secrets will be passed to individual puller implementations for them to use. For example,
// in the case of docker, only DockerConfig type secrets are honored.
// More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
// +optional
ImagePullSecrets []core.LocalObjectReference `json:"imagePullSecrets,omitempty"`
// If specified, indicates the pod's priority. "system-node-critical" and
// "system-cluster-critical" are two special keywords which indicate the
// highest priorities with the former being the highest priority. Any other
// name must be defined by creating a PriorityClass object with that name.
// If not specified, the pod priority will be default or zero if there is no
// default.
// +optional
PriorityClassName string `json:"priorityClassName,omitempty"`
// The priority value. Various system components use this field to find the
// priority of the pod. When Priority Admission Controller is enabled, it
// prevents users from setting this field. The admission controller populates
// this field from PriorityClassName.
// The higher the value, the higher the priority.
// +optional
Priority *int32 `json:"priority,omitempty"`
// SecurityContext holds pod-level security attributes and common container settings.
// Optional: Defaults to empty. See type description for default values of each field.
// +optional
SecurityContext *core.PodSecurityContext `json:"securityContext,omitempty"`
// externalIPs is a list of IP addresses for which nodes in the cluster
// will also accept traffic for this service. These IPs are not managed by
// Kubernetes. The user is responsible for ensuring that traffic arrives
// at a node with this IP. A common example is external load-balancers
// that are not part of the Kubernetes system.
// +optional
ExternalIPs []string `json:"externalIPs,omitempty"`
// Periodic probe of container liveness.
// Container will be restarted if the probe fails.
// Cannot be updated.
// +optional
LivenessProbe *core.Probe `json:"livenessProbe,omitempty"`
// Periodic probe of container service readiness.
// Container will be removed from service endpoints if the probe fails.
// Cannot be updated.
// +optional
ReadinessProbe *core.Probe `json:"readinessProbe,omitempty"`
// Set this value longer than the expected cleanup time for your process.
// Defaults to 30 seconds.
// +optional
TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"`
}
IngressSpec describes the Ingress the user wishes to exist.
func (*IngressSpec) DeepCopy ¶
func (in *IngressSpec) DeepCopy() *IngressSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressSpec.
func (*IngressSpec) DeepCopyInto ¶
func (in *IngressSpec) DeepCopyInto(out *IngressSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IngressStatus ¶
type IngressStatus struct {
// observedGeneration is the most recent generation observed for this resource. It corresponds to the
// resource's generation, which is updated on mutation by the API Server.
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// LoadBalancer contains the current status of the load-balancer.
LoadBalancer core.LoadBalancerStatus `json:"loadBalancer,omitempty"`
}
IngressStatus describe the current state of the Ingress.
func (*IngressStatus) DeepCopy ¶
func (in *IngressStatus) DeepCopy() *IngressStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressStatus.
func (*IngressStatus) DeepCopyInto ¶
func (in *IngressStatus) DeepCopyInto(out *IngressStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IngressTLS ¶
type IngressTLS struct {
// Hosts are a list of hosts included in the TLS certificate. The values in
// this list must match the name/s used in the tlsSecret. Defaults to the
// wildcard host setting for the loadbalancer controller fulfilling this
// Ingress, if left unspecified.
Hosts []string `json:"hosts,omitempty"`
// SecretName is the name of the secret used to terminate SSL traffic on 443.
// Field is left optional to allow SSL routing based on SNI hostname alone.
// If the SNI host in a listener conflicts with the "Host" header field used
// by an IngressRule, the SNI host is used for termination and value of the
// Host header is used for routing.
// Deprecated
SecretName string `json:"secretName,omitempty"`
// Ref to used tls termination.
Ref *LocalTypedReference `json:"ref,omitempty"`
}
IngressTLS describes the transport layer security associated with an Ingress.
func (*IngressTLS) DeepCopy ¶
func (in *IngressTLS) DeepCopy() *IngressTLS
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressTLS.
func (*IngressTLS) DeepCopyInto ¶
func (in *IngressTLS) DeepCopyInto(out *IngressTLS)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LocalTypedReference ¶
type LocalTypedReference struct {
// Kind of the referent.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
// +optional
Kind string `json:"kind,omitempty" protobuf:"bytes,1,opt,name=kind"`
// Name of the referent.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
// +optional
Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"`
// API version of the referent.
// +optional
APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,5,opt,name=apiVersion"`
}
LocalTypedReference contains enough information to let you inspect or modify the referred object.
func (*LocalTypedReference) DeepCopy ¶
func (in *LocalTypedReference) DeepCopy() *LocalTypedReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalTypedReference.
func (*LocalTypedReference) DeepCopyInto ¶
func (in *LocalTypedReference) DeepCopyInto(out *LocalTypedReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OAuth ¶
type OAuth struct {
Host string `json:"host,omitempty"`
AuthBackend string `json:"authBackend,omitempty"`
AuthPath string `json:"authPath,omitempty"`
SigninPath string `json:"signinPath,omitempty"`
Paths []string `json:"paths,omitempty"`
}
func (*OAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth.
func (*OAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProxyProtocolVersion ¶
type ProxyProtocolVersion string
type RequestConditionType ¶
type RequestConditionType string
const ( CertificateIssued RequestConditionType = "Issued" CertificateFailed RequestConditionType = "Failed" CertificateRateLimited RequestConditionType = "RateLimited" )
These are the possible conditions for a certificate create request.
type TCPIngressRuleValue ¶
type TCPIngressRuleValue struct {
// The network address to listen TCP connections on.
Address string `json:"address,omitempty"`
// port to listen tcp connections.
Port intstr.IntOrString `json:"port,omitempty"`
// Set noTLS = true to force plain text. Else, auto detect like present
NoTLS bool `json:"noTLS,omitempty"`
// Specifies the node port of the referenced service.
NodePort intstr.IntOrString `json:"nodePort,omitempty"`
// Backend to forward the requests.
Backend IngressBackend `json:"backend,omitempty"`
// Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS)
// extension for application layer protocol negotiation. ALPN allows the application
// layer to negotiate which protocol should be performed over a secure connection in a
// manner which avoids additional round trips and which is independent of the application
// layer protocols. It is used by HTTP/2.
// If provided a list of alpn will be added to port as alpn option1,option2,...
// If SecretName is Provided this secret will be used to terminate SSL with alpn options.
// If Secret name is not provided backend server is responsible for handling SSL.
// Note that, the order of the options indicates the preference
// If the ALPN list contains "h2", "option http-use-htx" will be added to enable HTX mode
// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#option%20http-use-htx
// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#alpn
ALPN []string `json:"alpn,omitempty"`
// HTTP protocol to use
// If the Proto contains "h2", "option http-use-htx" will be added to enable HTX mode
// https://www.haproxy.com/blog/haproxy-1-9-2-adds-grpc-support/
Proto string `json:"proto,omitempty"`
}
func (*TCPIngressRuleValue) DeepCopy ¶
func (in *TCPIngressRuleValue) DeepCopy() *TCPIngressRuleValue
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIngressRuleValue.
func (*TCPIngressRuleValue) DeepCopyInto ¶
func (in *TCPIngressRuleValue) DeepCopyInto(out *TCPIngressRuleValue)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLSAuth ¶
type TLSAuth struct {
SecretName string `json:"secretName,omitempty"`
VerifyClient TLSAuthVerifyOption `json:"verifyClient,omitempty"`
Headers map[string]string `json:"headers,omitempty"`
ErrorPage string `json:"errorPage,omitempty"`
}
func (*TLSAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSAuth.
func (*TLSAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLSAuthVerifyOption ¶
type TLSAuthVerifyOption string
const ( TLSAuthVerifyOptional TLSAuthVerifyOption = "optional" TLSAuthVerifyRequired TLSAuthVerifyOption = "required" )
type VaultStore ¶
type VaultStore struct {
Name string `json:"name,omitempty"`
Prefix string `json:"prefix,omitempty"`
}
func (*VaultStore) DeepCopy ¶
func (in *VaultStore) DeepCopy() *VaultStore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultStore.
func (*VaultStore) DeepCopyInto ¶
func (in *VaultStore) DeepCopyInto(out *VaultStore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VolumeSource ¶
type VolumeSource struct {
Name string `json:"name,omitempty"`
// Secret represents a secret that should populate this volume.
// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
// +optional
Secret *core.SecretVolumeSource `json:"secret,omitempty"`
// ConfigMap represents a configMap that should populate this volume
// +optional
ConfigMap *core.ConfigMapVolumeSource `json:"configMap,omitempty"`
// Items for all in one resources secrets, configmaps, and downward API
// +optional
Projected *core.ProjectedVolumeSource `json:"projected,omitempty"`
// Path within the container at which the volume should be mounted. Must
// not contain ':'.
MountPath string `json:"mountPath"`
}
Represents the source of a volume to mount. Only one of its members may be specified.
func (*VolumeSource) DeepCopy ¶
func (in *VolumeSource) DeepCopy() *VolumeSource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeSource.
func (*VolumeSource) DeepCopyInto ¶
func (in *VolumeSource) DeepCopyInto(out *VolumeSource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files