v1alpha1

package
v0.3.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 3, 2023 License: Apache-2.0 Imports: 4 Imported by: 16

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the gateway.envoyproxy.io API group.

+kubebuilder:object:generate=true +groupName=gateway.envoyproxy.io

Index

Constants

View Source
const (
	// KindAuthenticationFilter is the name of the AuthenticationFilter kind.
	KindAuthenticationFilter = "AuthenticationFilter"
)
View Source
const (
	// KindRateLimitFilter is the name of the RateLimitFilter kind.
	KindRateLimitFilter = "RateLimitFilter"
)

Variables

View Source
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "gateway.envoyproxy.io", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type AuthenticationFilter

type AuthenticationFilter struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec defines the desired state of the AuthenticationFilter type.
	Spec AuthenticationFilterSpec `json:"spec"`
}

func (*AuthenticationFilter) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationFilter.

func (*AuthenticationFilter) DeepCopyInto

func (in *AuthenticationFilter) DeepCopyInto(out *AuthenticationFilter)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthenticationFilter) DeepCopyObject

func (in *AuthenticationFilter) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AuthenticationFilterList

type AuthenticationFilterList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AuthenticationFilter `json:"items"`
}

AuthenticationFilterList contains a list of AuthenticationFilter.

func (*AuthenticationFilterList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationFilterList.

func (*AuthenticationFilterList) DeepCopyInto

func (in *AuthenticationFilterList) DeepCopyInto(out *AuthenticationFilterList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthenticationFilterList) DeepCopyObject

func (in *AuthenticationFilterList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AuthenticationFilterSpec

type AuthenticationFilterSpec struct {
	// Type defines the type of authentication provider to use. Supported provider types are:
	//
	//   * JWT: A provider that uses JSON Web Token (JWT) for authenticating requests.
	//
	// +unionDiscriminator
	Type AuthenticationFilterType `json:"type"`

	// JWT defines the JSON Web Token (JWT) authentication provider type. When multiple
	// jwtProviders are specified, the JWT is considered valid if any of the providers
	// successfully validate the JWT. For additional details, see:
	//
	//   https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/jwt_authn_filter.html
	//
	// +kubebuilder:validation:MaxItems=4
	// +optional
	JwtProviders []JwtAuthenticationFilterProvider `json:"jwtProviders,omitempty"`
}

AuthenticationFilterSpec defines the desired state of the AuthenticationFilter type. +union

func (*AuthenticationFilterSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationFilterSpec.

func (*AuthenticationFilterSpec) DeepCopyInto

func (in *AuthenticationFilterSpec) DeepCopyInto(out *AuthenticationFilterSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthenticationFilterType

type AuthenticationFilterType string

AuthenticationFilterType is a type of authentication provider. +kubebuilder:validation:Enum=JWT

const (
	// JwtAuthenticationFilterProviderType is the JWT authentication provider type.
	JwtAuthenticationFilterProviderType AuthenticationFilterType = "JWT"
)

type GlobalRateLimit

type GlobalRateLimit struct {
	// Rules are a list of RateLimit selectors and limits.
	// Each rule and its associated limit is applied
	// in a mutually exclusive way i.e. if multiple
	// rules get selected, each of their associated
	// limits get applied, so a single traffic request
	// might increase the rate limit counters for multiple
	// rules if selected.
	//
	// +kubebuilder:validation:MaxItems=16
	Rules []RateLimitRule `json:"rules"`
}

GlobalRateLimit defines the global rate limit configuration.

func (*GlobalRateLimit) DeepCopy

func (in *GlobalRateLimit) DeepCopy() *GlobalRateLimit

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalRateLimit.

func (*GlobalRateLimit) DeepCopyInto

func (in *GlobalRateLimit) DeepCopyInto(out *GlobalRateLimit)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HeaderMatch

type HeaderMatch struct {
	// Type specifies how to match against the value of the header.
	//
	// +optional
	// +kubebuilder:default=Exact
	Type *HeaderMatchType `json:"type,omitempty"`

	// Name of the HTTP header.
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=256
	Name string `json:"name"`

	// Value within the HTTP header. Due to the
	// case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
	// Do not set this field when Type="Distinct", implying matching on any/all unique values within the header.
	// +optional
	// +kubebuilder:validation:MaxLength=1024
	Value *string `json:"value,omitempty"`
}

HeaderMatch defines the match attributes within the HTTP Headers of the request.

func (*HeaderMatch) DeepCopy

func (in *HeaderMatch) DeepCopy() *HeaderMatch

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderMatch.

func (*HeaderMatch) DeepCopyInto

func (in *HeaderMatch) DeepCopyInto(out *HeaderMatch)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HeaderMatchType

type HeaderMatchType string

HeaderMatchType specifies the semantics of how HTTP header values should be compared. Valid HeaderMatchType values are:

  • "Exact": Use this type to match the exact value of the Value field against the value of the specified HTTP Header.
  • "RegularExpression": Use this type to match a regular expression against the value of the specified HTTP Header. The regex string must adhere to the syntax documented in https://github.com/google/re2/wiki/Syntax.
  • "Distinct": Use this type to match any and all possible unique values encountered in the specified HTTP Header. Note that each unique value will receive its own rate limit bucket.

+kubebuilder:validation:Enum=Exact;RegularExpression;Distinct

const (
	HeaderMatchExact             HeaderMatchType = "Exact"
	HeaderMatchRegularExpression HeaderMatchType = "RegularExpression"
	HeaderMatchDistinct          HeaderMatchType = "Distinct"
)

HeaderMatchType constants.

type JwtAuthenticationFilterProvider

type JwtAuthenticationFilterProvider struct {
	// Name defines a unique name for the JWT provider. A name can have a variety of forms,
	// including RFC1123 subdomains, RFC 1123 labels, or RFC 1035 labels.
	//
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=253
	Name string `json:"name"`

	// Issuer is the principal that issued the JWT and takes the form of a URL or email address.
	// For additional details, see:
	//
	//   URL format: https://tools.ietf.org/html/rfc7519#section-4.1.1
	//   Email format: https://rfc-editor.org/rfc/rfc5322.html
	//
	// URL Example:
	//  issuer: https://auth.example.com
	//
	// Email Example:
	//  issuer: jdoe@example.com
	//
	// If not provided, the JWT issuer is not checked.
	//
	// +kubebuilder:validation:MaxLength=253
	// +optional
	Issuer string `json:"issuer,omitempty"`

	// Audiences is a list of JWT audiences allowed to access. For additional details, see:
	//
	//   https://tools.ietf.org/html/rfc7519#section-4.1.3
	//
	// Example:
	//   audiences:
	//   - foo.apps.example.com
	//     bar.apps.example.com
	//
	// If not provided, JWT audiences are not checked.
	//
	// +kubebuilder:validation:MaxItems=8
	// +optional
	Audiences []string `json:"audiences,omitempty"`

	// RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote
	// HTTP/HTTPS endpoint.
	RemoteJWKS RemoteJWKS `json:"remoteJWKS"`
}

JwtAuthenticationFilterProvider defines the JSON Web Token (JWT) authentication provider type and how JWTs should be verified:

func (*JwtAuthenticationFilterProvider) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtAuthenticationFilterProvider.

func (*JwtAuthenticationFilterProvider) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitFilter

type RateLimitFilter struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec defines the desired state of RateLimitFilter.
	Spec RateLimitFilterSpec `json:"spec"`
}

RateLimitFilter allows the user to limit the number of incoming requests to a predefined value based on attributes within the traffic flow.

func (*RateLimitFilter) DeepCopy

func (in *RateLimitFilter) DeepCopy() *RateLimitFilter

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitFilter.

func (*RateLimitFilter) DeepCopyInto

func (in *RateLimitFilter) DeepCopyInto(out *RateLimitFilter)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RateLimitFilter) DeepCopyObject

func (in *RateLimitFilter) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RateLimitFilterList

type RateLimitFilterList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []RateLimitFilter `json:"items"`
}

RateLimitFilterList contains a list of RateLimitFilter resources.

func (*RateLimitFilterList) DeepCopy

func (in *RateLimitFilterList) DeepCopy() *RateLimitFilterList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitFilterList.

func (*RateLimitFilterList) DeepCopyInto

func (in *RateLimitFilterList) DeepCopyInto(out *RateLimitFilterList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RateLimitFilterList) DeepCopyObject

func (in *RateLimitFilterList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RateLimitFilterSpec

type RateLimitFilterSpec struct {
	// Type decides the scope for the RateLimits.
	// Valid RateLimitType values are:
	//
	// * "Global" - In this mode, the rate limits are applied across all Envoy proxy instances.
	//
	// +unionDiscriminator
	Type RateLimitType `json:"type"`
	// Global rate limit configuration.
	//
	// +optional
	Global *GlobalRateLimit `json:"global,omitempty"`
}

RateLimitFilterSpec defines the desired state of RateLimitFilter. +union

func (*RateLimitFilterSpec) DeepCopy

func (in *RateLimitFilterSpec) DeepCopy() *RateLimitFilterSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitFilterSpec.

func (*RateLimitFilterSpec) DeepCopyInto

func (in *RateLimitFilterSpec) DeepCopyInto(out *RateLimitFilterSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitRule

type RateLimitRule struct {
	// ClientSelectors holds the list of select conditions to select
	// specific clients using attributes from the traffic flow.
	// All individual select conditions must hold True for this rule
	// and its limit to be applied.
	// If this field is empty, it is equivalent to True, and
	// the limit is applied.
	//
	// +optional
	// +kubebuilder:validation:MaxItems=8
	ClientSelectors []RateLimitSelectCondition `json:"clientSelectors,omitempty"`
	// Limit holds the rate limit values.
	// This limit is applied for traffic flows when the selectors
	// compute to True, causing the request to be counted towards the limit.
	// The limit is enforced and the request is ratelimited, i.e. a response with
	// 429 HTTP status code is sent back to the client when
	// the selected requests have reached the limit.
	Limit RateLimitValue `json:"limit"`
}

RateLimitRule defines the semantics for matching attributes from the incoming requests, and setting limits for them.

func (*RateLimitRule) DeepCopy

func (in *RateLimitRule) DeepCopy() *RateLimitRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitRule.

func (*RateLimitRule) DeepCopyInto

func (in *RateLimitRule) DeepCopyInto(out *RateLimitRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitSelectCondition

type RateLimitSelectCondition struct {
	// Headers is a list of request headers to match. Multiple header values are ANDed together,
	// meaning, a request MUST match all the specified headers.
	//
	// +listType=map
	// +listMapKey=name
	// +optional
	// +kubebuilder:validation:MaxItems=16
	Headers []HeaderMatch `json:"headers,omitempty"`
}

RateLimitSelectCondition specifies the attributes within the traffic flow that can be used to select a subset of clients to be ratelimited. All the individual conditions must hold True for the overall condition to hold True.

func (*RateLimitSelectCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitSelectCondition.

func (*RateLimitSelectCondition) DeepCopyInto

func (in *RateLimitSelectCondition) DeepCopyInto(out *RateLimitSelectCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitType

type RateLimitType string

RateLimitType specifies the types of RateLimiting. +kubebuilder:validation:Enum=Global

const (
	// GlobalRateLimitType allows the rate limits to be applied across all Envoy proxy instances.
	GlobalRateLimitType RateLimitType = "Global"
)

type RateLimitUnit

type RateLimitUnit string

RateLimitUnit specifies the intervals for setting rate limits. Valid RateLimitUnit values are:

* "Second" * "Minute" * "Hour" * "Day"

+kubebuilder:validation:Enum=Second;Minute;Hour;Day

type RateLimitValue

type RateLimitValue struct {
	Requests uint          `json:"requests"`
	Unit     RateLimitUnit `json:"unit"`
}

RateLimitValue defines the limits for rate limiting.

func (*RateLimitValue) DeepCopy

func (in *RateLimitValue) DeepCopy() *RateLimitValue

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitValue.

func (*RateLimitValue) DeepCopyInto

func (in *RateLimitValue) DeepCopyInto(out *RateLimitValue)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RemoteJWKS

type RemoteJWKS struct {
	// URI is the HTTPS URI to fetch the JWKS. Envoy's system trust bundle is used to
	// validate the server certificate.
	//
	// Example:
	//  uri: https://www.foo.com/oauth2/v1/certs
	//
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=253
	URI string `json:"uri"`
}

RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote HTTP/HTTPS endpoint.

func (*RemoteJWKS) DeepCopy

func (in *RemoteJWKS) DeepCopy() *RemoteJWKS

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteJWKS.

func (*RemoteJWKS) DeepCopyInto

func (in *RemoteJWKS) DeepCopyInto(out *RemoteJWKS)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL