Documentation ¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the gateway.envoyproxy.io API group.
+kubebuilder:object:generate=true +groupName=gateway.envoyproxy.io
Index ¶
- Constants
- Variables
- type AuthenticationFilter
- type AuthenticationFilterList
- type AuthenticationFilterSpec
- type AuthenticationFilterType
- type GlobalRateLimit
- type HeaderMatch
- type HeaderMatchType
- type JwtAuthenticationFilterProvider
- type RateLimitFilter
- type RateLimitFilterList
- type RateLimitFilterSpec
- type RateLimitRule
- type RateLimitSelectCondition
- type RateLimitType
- type RateLimitUnit
- type RateLimitValue
- type RemoteJWKS
Constants ¶
const (
// KindAuthenticationFilter is the name of the AuthenticationFilter kind.
KindAuthenticationFilter = "AuthenticationFilter"
)
const (
// KindRateLimitFilter is the name of the RateLimitFilter kind.
KindRateLimitFilter = "RateLimitFilter"
)
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "gateway.envoyproxy.io", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type AuthenticationFilter ¶
type AuthenticationFilter struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of the AuthenticationFilter type. Spec AuthenticationFilterSpec `json:"spec"` }
func (*AuthenticationFilter) DeepCopy ¶
func (in *AuthenticationFilter) DeepCopy() *AuthenticationFilter
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationFilter.
func (*AuthenticationFilter) DeepCopyInto ¶
func (in *AuthenticationFilter) DeepCopyInto(out *AuthenticationFilter)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthenticationFilter) DeepCopyObject ¶
func (in *AuthenticationFilter) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AuthenticationFilterList ¶
type AuthenticationFilterList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []AuthenticationFilter `json:"items"` }
AuthenticationFilterList contains a list of AuthenticationFilter.
func (*AuthenticationFilterList) DeepCopy ¶
func (in *AuthenticationFilterList) DeepCopy() *AuthenticationFilterList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationFilterList.
func (*AuthenticationFilterList) DeepCopyInto ¶
func (in *AuthenticationFilterList) DeepCopyInto(out *AuthenticationFilterList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthenticationFilterList) DeepCopyObject ¶
func (in *AuthenticationFilterList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AuthenticationFilterSpec ¶
type AuthenticationFilterSpec struct { // Type defines the type of authentication provider to use. Supported provider types are: // // * JWT: A provider that uses JSON Web Token (JWT) for authenticating requests. // // +unionDiscriminator Type AuthenticationFilterType `json:"type"` // JWT defines the JSON Web Token (JWT) authentication provider type. When multiple // jwtProviders are specified, the JWT is considered valid if any of the providers // successfully validate the JWT. For additional details, see: // // https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/jwt_authn_filter.html // // +kubebuilder:validation:MaxItems=4 // +optional JwtProviders []JwtAuthenticationFilterProvider `json:"jwtProviders,omitempty"` }
AuthenticationFilterSpec defines the desired state of the AuthenticationFilter type. +union
func (*AuthenticationFilterSpec) DeepCopy ¶
func (in *AuthenticationFilterSpec) DeepCopy() *AuthenticationFilterSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationFilterSpec.
func (*AuthenticationFilterSpec) DeepCopyInto ¶
func (in *AuthenticationFilterSpec) DeepCopyInto(out *AuthenticationFilterSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthenticationFilterType ¶
type AuthenticationFilterType string
AuthenticationFilterType is a type of authentication provider. +kubebuilder:validation:Enum=JWT
const ( // JwtAuthenticationFilterProviderType is the JWT authentication provider type. JwtAuthenticationFilterProviderType AuthenticationFilterType = "JWT" )
type GlobalRateLimit ¶
type GlobalRateLimit struct { // Rules are a list of RateLimit selectors and limits. // Each rule and its associated limit is applied // in a mutually exclusive way i.e. if multiple // rules get selected, each of their associated // limits get applied, so a single traffic request // might increase the rate limit counters for multiple // rules if selected. // // +kubebuilder:validation:MaxItems=16 Rules []RateLimitRule `json:"rules"` }
GlobalRateLimit defines the global rate limit configuration.
func (*GlobalRateLimit) DeepCopy ¶
func (in *GlobalRateLimit) DeepCopy() *GlobalRateLimit
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalRateLimit.
func (*GlobalRateLimit) DeepCopyInto ¶
func (in *GlobalRateLimit) DeepCopyInto(out *GlobalRateLimit)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HeaderMatch ¶
type HeaderMatch struct { // Type specifies how to match against the value of the header. // // +optional // +kubebuilder:default=Exact Type *HeaderMatchType `json:"type,omitempty"` // Name of the HTTP header. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=256 Name string `json:"name"` // Value within the HTTP header. Due to the // case-insensitivity of header names, "foo" and "Foo" are considered equivalent. // Do not set this field when Type="Distinct", implying matching on any/all unique values within the header. // +optional // +kubebuilder:validation:MaxLength=1024 Value *string `json:"value,omitempty"` }
HeaderMatch defines the match attributes within the HTTP Headers of the request.
func (*HeaderMatch) DeepCopy ¶
func (in *HeaderMatch) DeepCopy() *HeaderMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderMatch.
func (*HeaderMatch) DeepCopyInto ¶
func (in *HeaderMatch) DeepCopyInto(out *HeaderMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HeaderMatchType ¶
type HeaderMatchType string
HeaderMatchType specifies the semantics of how HTTP header values should be compared. Valid HeaderMatchType values are:
- "Exact": Use this type to match the exact value of the Value field against the value of the specified HTTP Header.
- "RegularExpression": Use this type to match a regular expression against the value of the specified HTTP Header. The regex string must adhere to the syntax documented in https://github.com/google/re2/wiki/Syntax.
- "Distinct": Use this type to match any and all possible unique values encountered in the specified HTTP Header. Note that each unique value will receive its own rate limit bucket.
+kubebuilder:validation:Enum=Exact;RegularExpression;Distinct
const ( HeaderMatchExact HeaderMatchType = "Exact" HeaderMatchRegularExpression HeaderMatchType = "RegularExpression" HeaderMatchDistinct HeaderMatchType = "Distinct" )
HeaderMatchType constants.
type JwtAuthenticationFilterProvider ¶
type JwtAuthenticationFilterProvider struct { // Name defines a unique name for the JWT provider. A name can have a variety of forms, // including RFC1123 subdomains, RFC 1123 labels, or RFC 1035 labels. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 Name string `json:"name"` // Issuer is the principal that issued the JWT and takes the form of a URL or email address. // For additional details, see: // // URL format: https://tools.ietf.org/html/rfc7519#section-4.1.1 // Email format: https://rfc-editor.org/rfc/rfc5322.html // // URL Example: // issuer: https://auth.example.com // // Email Example: // issuer: jdoe@example.com // // If not provided, the JWT issuer is not checked. // // +kubebuilder:validation:MaxLength=253 // +optional Issuer string `json:"issuer,omitempty"` // Audiences is a list of JWT audiences allowed to access. For additional details, see: // // https://tools.ietf.org/html/rfc7519#section-4.1.3 // // Example: // audiences: // - foo.apps.example.com // bar.apps.example.com // // If not provided, JWT audiences are not checked. // // +kubebuilder:validation:MaxItems=8 // +optional Audiences []string `json:"audiences,omitempty"` // RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote // HTTP/HTTPS endpoint. RemoteJWKS RemoteJWKS `json:"remoteJWKS"` }
JwtAuthenticationFilterProvider defines the JSON Web Token (JWT) authentication provider type and how JWTs should be verified:
func (*JwtAuthenticationFilterProvider) DeepCopy ¶
func (in *JwtAuthenticationFilterProvider) DeepCopy() *JwtAuthenticationFilterProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtAuthenticationFilterProvider.
func (*JwtAuthenticationFilterProvider) DeepCopyInto ¶
func (in *JwtAuthenticationFilterProvider) DeepCopyInto(out *JwtAuthenticationFilterProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitFilter ¶
type RateLimitFilter struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of RateLimitFilter. Spec RateLimitFilterSpec `json:"spec"` }
RateLimitFilter allows the user to limit the number of incoming requests to a predefined value based on attributes within the traffic flow.
func (*RateLimitFilter) DeepCopy ¶
func (in *RateLimitFilter) DeepCopy() *RateLimitFilter
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitFilter.
func (*RateLimitFilter) DeepCopyInto ¶
func (in *RateLimitFilter) DeepCopyInto(out *RateLimitFilter)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RateLimitFilter) DeepCopyObject ¶
func (in *RateLimitFilter) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RateLimitFilterList ¶
type RateLimitFilterList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []RateLimitFilter `json:"items"` }
RateLimitFilterList contains a list of RateLimitFilter resources.
func (*RateLimitFilterList) DeepCopy ¶
func (in *RateLimitFilterList) DeepCopy() *RateLimitFilterList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitFilterList.
func (*RateLimitFilterList) DeepCopyInto ¶
func (in *RateLimitFilterList) DeepCopyInto(out *RateLimitFilterList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RateLimitFilterList) DeepCopyObject ¶
func (in *RateLimitFilterList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RateLimitFilterSpec ¶
type RateLimitFilterSpec struct { // Type decides the scope for the RateLimits. // Valid RateLimitType values are: // // * "Global" - In this mode, the rate limits are applied across all Envoy proxy instances. // // +unionDiscriminator Type RateLimitType `json:"type"` // Global rate limit configuration. // // +optional Global *GlobalRateLimit `json:"global,omitempty"` }
RateLimitFilterSpec defines the desired state of RateLimitFilter. +union
func (*RateLimitFilterSpec) DeepCopy ¶
func (in *RateLimitFilterSpec) DeepCopy() *RateLimitFilterSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitFilterSpec.
func (*RateLimitFilterSpec) DeepCopyInto ¶
func (in *RateLimitFilterSpec) DeepCopyInto(out *RateLimitFilterSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitRule ¶
type RateLimitRule struct { // ClientSelectors holds the list of select conditions to select // specific clients using attributes from the traffic flow. // All individual select conditions must hold True for this rule // and its limit to be applied. // If this field is empty, it is equivalent to True, and // the limit is applied. // // +optional // +kubebuilder:validation:MaxItems=8 ClientSelectors []RateLimitSelectCondition `json:"clientSelectors,omitempty"` // Limit holds the rate limit values. // This limit is applied for traffic flows when the selectors // compute to True, causing the request to be counted towards the limit. // The limit is enforced and the request is ratelimited, i.e. a response with // 429 HTTP status code is sent back to the client when // the selected requests have reached the limit. Limit RateLimitValue `json:"limit"` }
RateLimitRule defines the semantics for matching attributes from the incoming requests, and setting limits for them.
func (*RateLimitRule) DeepCopy ¶
func (in *RateLimitRule) DeepCopy() *RateLimitRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitRule.
func (*RateLimitRule) DeepCopyInto ¶
func (in *RateLimitRule) DeepCopyInto(out *RateLimitRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitSelectCondition ¶
type RateLimitSelectCondition struct { // Headers is a list of request headers to match. Multiple header values are ANDed together, // meaning, a request MUST match all the specified headers. // // +listType=map // +listMapKey=name // +optional // +kubebuilder:validation:MaxItems=16 Headers []HeaderMatch `json:"headers,omitempty"` }
RateLimitSelectCondition specifies the attributes within the traffic flow that can be used to select a subset of clients to be ratelimited. All the individual conditions must hold True for the overall condition to hold True.
func (*RateLimitSelectCondition) DeepCopy ¶
func (in *RateLimitSelectCondition) DeepCopy() *RateLimitSelectCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitSelectCondition.
func (*RateLimitSelectCondition) DeepCopyInto ¶
func (in *RateLimitSelectCondition) DeepCopyInto(out *RateLimitSelectCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitType ¶
type RateLimitType string
RateLimitType specifies the types of RateLimiting. +kubebuilder:validation:Enum=Global
const ( // GlobalRateLimitType allows the rate limits to be applied across all Envoy proxy instances. GlobalRateLimitType RateLimitType = "Global" )
type RateLimitUnit ¶
type RateLimitUnit string
RateLimitUnit specifies the intervals for setting rate limits. Valid RateLimitUnit values are:
* "Second" * "Minute" * "Hour" * "Day"
+kubebuilder:validation:Enum=Second;Minute;Hour;Day
type RateLimitValue ¶
type RateLimitValue struct { Requests uint `json:"requests"` Unit RateLimitUnit `json:"unit"` }
RateLimitValue defines the limits for rate limiting.
func (*RateLimitValue) DeepCopy ¶
func (in *RateLimitValue) DeepCopy() *RateLimitValue
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitValue.
func (*RateLimitValue) DeepCopyInto ¶
func (in *RateLimitValue) DeepCopyInto(out *RateLimitValue)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RemoteJWKS ¶
type RemoteJWKS struct { // URI is the HTTPS URI to fetch the JWKS. Envoy's system trust bundle is used to // validate the server certificate. // // Example: // uri: https://www.foo.com/oauth2/v1/certs // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 URI string `json:"uri"` }
RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote HTTP/HTTPS endpoint.
func (*RemoteJWKS) DeepCopy ¶
func (in *RemoteJWKS) DeepCopy() *RemoteJWKS
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteJWKS.
func (*RemoteJWKS) DeepCopyInto ¶
func (in *RemoteJWKS) DeepCopyInto(out *RemoteJWKS)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.