Documentation
¶
Index ¶
- Constants
- Variables
- func Kind(kind string) schema.GroupKind
- func NewIngressFromEngress(ing interface{}) (*extensions.Ingress, error)
- func Resource(resource string) schema.GroupResource
- type ACMECertificateDetails
- type Certificate
- type CertificateList
- type CertificateSpec
- type CertificateStatus
- type DNSResolver
- type HTTPIngressPath
- type HTTPIngressRuleValue
- type Ingress
- func (r Ingress) APISchema() string
- func (r Ingress) BackendServices() map[string]metav1.ObjectMeta
- func (r *Ingress) GetObjectKind() schema.ObjectKind
- func (r Ingress) HasBackendService(name, namespace string) bool
- func (r Ingress) HasChanged(o Ingress) (bool, error)
- func (r Ingress) IsKeepSourceChanged(o Ingress, cloudProvider string) bool
- func (r Ingress) IsLoadBalancerSourceRangeChanged(o Ingress) bool
- func (r Ingress) IsPortChanged(o Ingress) bool
- func (r Ingress) IsSecretChanged(o Ingress) bool
- func (r Ingress) IsStatsChanged(o Ingress) bool
- func (r Ingress) IsStatsSecretChanged(o Ingress) bool
- func (r Ingress) KeepSourceIP() bool
- func (r Ingress) LBType() string
- func (r Ingress) LoadBalancerIP() net.IP
- func (r Ingress) MonitorSpec() (*MonitorSpec, error)
- func (r Ingress) NodeSelector() map[string]string
- func (r Ingress) OffshootLabels() map[string]string
- func (r Ingress) OffshootName() string
- func (r Ingress) PodsAnnotations() (map[string]string, bool)
- func (r Ingress) Replicas() int32
- func (r Ingress) ServiceAnnotations(provider string) (map[string]string, bool)
- func (r Ingress) ShouldHandleIngress(ingressClass string) bool
- func (r Ingress) Stats() bool
- func (r Ingress) StatsLabels() map[string]string
- func (r Ingress) StatsPort() int
- func (r Ingress) StatsSecretName() string
- func (r Ingress) StatsServiceName() string
- func (r Ingress) StickySession() bool
- func (r Ingress) Timeouts() map[string]string
- type IngressBackend
- type IngressList
- type IngressRef
- type IngressRule
- type IngressRuleValue
- type IngressSpec
- type IngressStatus
- type IngressTLS
- type MonitorSpec
- type PrometheusSpec
- type TCPIngressRuleValue
Constants ¶
View Source
const ( EngressKey = "ingress.appscode.com" APISchema = EngressKey + "/" + "api-schema" // APISchema = {APIGroup}/{APIVersion} APISchemaEngress = GroupName + "/v1beta1" APISchemaIngress = "extension/v1beta1" VoyagerPrefix = "voyager-" StickySession = EngressKey + "/" + "sticky-session" // LB stats options StatsOn = EngressKey + "/" + "stats" StatsPort = EngressKey + "/" + "stats-port" StatsSecret = EngressKey + "/" + "stats-secret-name" StatsServiceName = EngressKey + "/" + "stats-service-name" DefaultStatsPort = 56789 LBTypeHostPort = "HostPort" LBTypeNodePort = "NodePort" LBTypeLoadBalancer = "LoadBalancer" // default LBType = EngressKey + "/" + "type" // Runs HAProxy on a specific set of a hosts. NodeSelector = EngressKey + "/" + "node-selector" // Replicas specify # of HAProxy pods run (default 1) Replicas = EngressKey + "/" + "replicas" // IP to be assigned to cloud load balancer LoadBalancerIP = EngressKey + "/" + "load-balancer-ip" // IP or empty // BackendWeight is the weight value of a Pod that was // addressed by the Endpoint, this weight will be added to server backend. // Traffic will be forwarded according to there weight. BackendWeight = EngressKey + "/" + "backend-weight" // https://github.com/appscode/voyager/issues/103 // ServiceAnnotations is user provided annotations map that will be // applied to the service of that LoadBalancer. // ex: "ingress.appscode.com/annotations-service": {"key": "val"} ServiceAnnotations = EngressKey + "/" + "annotations-service" // PodAnnotations is user provided annotations map that will be // applied to the Pods (Deployment/ DaemonSet) of that LoadBalancer. // ex: "ingress.appscode.com/annotations-pod": {"key": "val"} PodAnnotations = EngressKey + "/" + "annotations-pod" // Preserves source IP for LoadBalancer type ingresses. The actual configuration // generated depends on the underlying cloud provider. // // - gce, gke, azure: Adds annotation service.beta.kubernetes.io/external-traffic: OnlyLocal // to services used to expose HAProxy. // ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer // // - aws: Enforces the use of the PROXY protocol over any connection accepted by any of // the sockets declared on the same line. Versions 1 and 2 of the PROXY protocol // are supported and correctly detected. The PROXY protocol dictates the layer // 3/4 addresses of the incoming connection to be used everywhere an address is // used, with the only exception of "tcp-request connection" rules which will // only see the real connection address. Logs will reflect the addresses // indicated in the protocol, unless it is violated, in which case the real // address will still be used. This keyword combined with support from external // components can be used as an efficient and reliable alternative to the // X-Forwarded-For mechanism which is not always reliable and not even always // usable. See also "tcp-request connection expect-proxy" for a finer-grained // setting of which client is allowed to use the protocol. // ref: https://github.com/kubernetes/kubernetes/blob/release-1.5/pkg/cloudprovider/providers/aws/aws.go#L79 KeepSourceIP = EngressKey + "/" + "keep-source-ip" // Annotations applied to resources offshoot from an ingress OriginAPISchema = EngressKey + "/" + "origin-api-schema" // APISchema = {APIGroup}/{APIVersion} OriginName = EngressKey + "/" + "origin-name" EgressPoints = EngressKey + "/" + "egress-points" // https://github.com/appscode/voyager/issues/280 // Supports all valid timeout option for defaults section of HAProxy // https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-timeout%20check // expects a json encoded map // ie: "ingress.appscode.com/default-timeout": {"client": "5s"} // // If the annotation is not set default values used to config defaults section will be: // // timeout connect 50000 // timeout client 50000 // timeout client-fin 50000 // timeout server 50000 // timeout tunnel 50000 DefaultsTimeOut = EngressKey + "/" + "default-timeout" )
View Source
const ( ResourceKindCertificate = "Certificate" ResourceNameCertificate = "certificate" ResourceTypeCertificate = "certificates" )
View Source
const ( /* // https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.3 resolvers mydns nameserver dns1 10.0.0.1:53 nameserver dns2 10.0.0.2:53 resolve_retries 3 timeout retry 1s hold other 30s hold refused 30s hold nx 30s hold timeout 30s hold valid 10s */ UseDNSResolver = EngressKey + "/" + "use-dns-resolver" // Bool DNSResolverNameservers = EngressKey + "/" + "dns-resolver-nameservers" // ["", ""] DNSResolverCheckHealth = EngressKey + "/" + "dns-resolver-check-health" // bool DNSResolverRetries = EngressKey + "/" + "dns-resolver-retries" // int DNSResolverTimeout = EngressKey + "/" + "dns-resolver-timeout" // {"event":"time","event":"time"} DNSResolverHold = EngressKey + "/" + "dns-resolver-hold" // {"status":"period","status":"period"} )
View Source
const ( ResourceKindIngress = "Ingress" ResourceNameIngress = "ingress" ResourceTypeIngress = "ingresses" )
View Source
const ( AgentCoreosPrometheus = "coreos-prometheus-operator" StatsPortName = "stats" ExporterPortName = "http" DefaultExporterPortNumber = 56790 MonitoringAgent = EngressKey + "/monitoring-agent" // Name of monitoring agent ServiceMonitorNamespace = EngressKey + "/service-monitor-namespace" // Kube NS where service monitors will be created ServiceMonitorLabels = EngressKey + "/service-monitor-labels" // map[string]string used to select Prometheus instance ServiceMonitorPort = EngressKey + "/service-monitor-endpoint-port" // Port on stats service used to expose metrics ServiceMonitorScrapeInterval = EngressKey + "/service-monitor-endpoint-scrape-interval" // scrape interval )
View Source
const GroupName = "voyager.appscode.com"
GroupName is the group name use in this package
Variables ¶
View Source
var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
View Source
var ( V1beta1SchemeBuilder = runtime.NewSchemeBuilder(v1addKnownTypes, addConversionFuncs) V1beta1AddToScheme = V1beta1SchemeBuilder.AddToScheme )
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects
View Source
var V1beta1SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func NewIngressFromEngress ¶
func NewIngressFromEngress(ing interface{}) (*extensions.Ingress, error)
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns back a Group qualified GroupResource
Types ¶
type ACMECertificateDetails ¶
type Certificate ¶
type Certificate struct {
metav1.TypeMeta `json:",inline,omitempty"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec CertificateSpec `json:"spec,omitempty"`
Status CertificateStatus `json:"status,omitempty"`
}
func (*Certificate) GetObjectKind ¶
func (obj *Certificate) GetObjectKind() schema.ObjectKind
type CertificateList ¶
type CertificateList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Certificate `json:"items,omitempty"`
}
func (*CertificateList) GetObjectKind ¶
func (obj *CertificateList) GetObjectKind() schema.ObjectKind
type CertificateSpec ¶
type CertificateSpec struct {
// Tries to obtain a single certificate using all domains passed into Domains.
// The first domain in domains is used for the CommonName field of the certificate, all other
// domains are added using the Subject Alternate Names extension.
Domains []string `json:"domains,omitempty"`
// DNS Provider.
Provider string `json:"provider,omitempty"`
Email string `json:"email,omitempty"`
// This is the ingress Reference that will be used if provider is http
HTTPProviderIngressReference apiv1.ObjectReference `json:"httpProviderIngressReference,omitempty"`
// ProviderCredentialSecretName is used to create the acme client, that will do
// needed processing in DNS.
ProviderCredentialSecretName string `json:"providerCredentialSecretName,omitempty"`
// Secret contains ACMEUser information. If empty tries to find an Secret via domains
// if not found create an ACMEUser and stores as a secret.
ACMEUserSecretName string `json:"acmeUserSecretName"`
// ACME server that will be used to obtain this certificate.
ACMEServerURL string `json:"acmeStagingURL"`
}
type CertificateStatus ¶
type DNSResolver ¶
type DNSResolver struct {
Name string
NameServer []string `json:"nameserver"`
CheckHealth bool `json:"checkHealth"`
Retries int `json:"retries"`
Timeout map[string]string `json:"timeout"`
Hold map[string]string `json:"hold"`
}
func DNSResolverForService ¶
func DNSResolverForService(svc apiv1.Service) (useDNSResolver bool, resolver *DNSResolver, err error)
type HTTPIngressPath ¶
type HTTPIngressPath struct {
// Path is a extended POSIX regex as defined by IEEE Std 1003.1,
// (i.e this follows the egrep/unix syntax, not the perl syntax)
// matched against the path of an incoming request. Currently it can
// contain characters disallowed from the conventional "path"
// part of a URL as defined by RFC 3986. Paths must begin with
// a '/'. If unspecified, the path defaults to a catch all sending
// traffic to the backend.
Path string `json:"path,omitempty"`
// Backend defines the referenced service endpoint to which the traffic
// will be forwarded to.
Backend IngressBackend `json:"backend,omitempty"`
}
HTTPIngressPath associates a path regex with a backend. Incoming urls matching the path are forwarded to the backend.
type HTTPIngressRuleValue ¶
type HTTPIngressRuleValue struct {
// A collection of paths that map requests to backends.
Paths []HTTPIngressPath `json:"paths"`
}
HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http://<host>/<path>?<searchpart> -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'.
type Ingress ¶
type Ingress struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec is the desired state of the Ingress.
// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#spec-and-status
Spec IngressSpec `json:"spec,omitempty"`
// Status is the current state of the Ingress.
// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#spec-and-status
Status IngressStatus `json:"status,omitempty"`
}
Custom Ingress type for Voyager.
func NewEngressFromIngress ¶
func (Ingress) BackendServices ¶
func (r Ingress) BackendServices() map[string]metav1.ObjectMeta
func (*Ingress) GetObjectKind ¶
func (r *Ingress) GetObjectKind() schema.ObjectKind
func (Ingress) HasBackendService ¶
func (Ingress) IsKeepSourceChanged ¶
func (Ingress) IsLoadBalancerSourceRangeChanged ¶
func (Ingress) IsPortChanged ¶
func (Ingress) IsSecretChanged ¶
func (Ingress) IsStatsChanged ¶
func (Ingress) IsStatsSecretChanged ¶
func (Ingress) KeepSourceIP ¶
func (Ingress) LoadBalancerIP ¶
func (Ingress) MonitorSpec ¶
func (r Ingress) MonitorSpec() (*MonitorSpec, error)
func (Ingress) NodeSelector ¶
func (Ingress) OffshootLabels ¶
func (Ingress) OffshootName ¶
func (Ingress) ServiceAnnotations ¶
func (Ingress) ShouldHandleIngress ¶
if ingressClass == "voyager", then only handle ingress that has voyager annotation if ingressClass == "", then handle no annotaion or voyager annotation
func (Ingress) StatsLabels ¶
func (Ingress) StatsSecretName ¶
func (Ingress) StatsServiceName ¶
func (Ingress) StickySession ¶
type IngressBackend ¶
type IngressBackend struct {
// Host names to forward traffic to. If empty traffic will be
// forwarded to all subsets instance.
// If set only matched hosts will get the traffic.
// This is an handy way to send traffic to Specific
// StatefulSet pod.
// IE. Setting [web-0] will send traffic to only web-0 host
// for this StatefulSet, https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#creating-a-statefulset
HostNames []string `json:"hostNames,omitempty"`
// Specifies the name of the referenced service.
ServiceName string `json:"serviceName,omitempty"`
// Specifies the port of the referenced service.
ServicePort intstr.IntOrString `json:"servicePort,omitempty"`
// Serialized HAProxy rules to apply on server backend including
// request, response or header rewrite. acls also can be used.
// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#1
BackendRule []string `json:"backendRule,omitempty"`
// Path rewrite rules with haproxy formatted regex.
//
// Deprecated: Use backendRule, will be removed.
RewriteRule []string `json:"rewriteRule,omitempty"`
// Header rules to modifies the header.
//
// Deprecated: Use backendRule, will be removed.
HeaderRule []string `json:"headerRule,omitempty"`
}
IngressBackend describes all endpoints for a given service and port.
type IngressList ¶
type IngressList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#metadata
metav1.ListMeta `json:"metadata,omitempty"`
// Items is the list of Ingress.
Items []Ingress `json:"items"`
}
IngressList is a collection of Ingress.
func (*IngressList) GetObjectKind ¶
func (obj *IngressList) GetObjectKind() schema.ObjectKind
type IngressRef ¶
type IngressRule ¶
type IngressRule struct {
// Host is the fully qualified domain name of a network host, as defined
// by RFC 3986. Note the following deviations from the "host" part of the
// URI as defined in the RFC:
// 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the
// IP in the Spec of the parent Ingress.
// 2. The `:` delimiter is not respected because ports are not allowed.
// Currently the port of an Ingress is implicitly :80 for http and
// :443 for https.
// Both these may change in the future.
// Incoming requests are matched against the host before the IngressRuleValue.
// If the host is unspecified, the Ingress routes all traffic based on the
// specified IngressRuleValue.
Host string `json:"host,omitempty"`
// IngressRuleValue represents a rule to route requests for this IngressRule.
// If unspecified, the rule defaults to a http catch-all. Whether that sends
// just traffic matching the host to the default backend or all traffic to the
// default backend, is left to the controller fulfilling the Ingress. Http is
// currently the only supported IngressRuleValue.
IngressRuleValue `json:",inline,omitempty"`
}
IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue.
type IngressRuleValue ¶
type IngressRuleValue struct {
HTTP *HTTPIngressRuleValue `json:"http,omitempty"`
TCP []TCPIngressRuleValue `json:"tcp,omitempty"`
}
IngressRuleValue represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. Currently mixing different types of rules in a single Ingress is disallowed, so exactly one of the following must be set.
type IngressSpec ¶
type IngressSpec struct {
// A default backend capable of servicing requests that don't match any
// rule. At least one of 'backend' or 'rules' must be specified. This field
// is optional to allow the loadbalancer controller or defaulting logic to
// specify a global default.
Backend *IngressBackend `json:"backend,omitempty"`
// TLS is the TLS configuration. Currently the Ingress only supports a single TLS
// port, 443, and assumes TLS termination. If multiple members of this
// list specify different hosts, they will be multiplexed on the same
// port according to the hostname specified through the SNI TLS extension.
TLS []IngressTLS `json:"tls,omitempty"`
// A list of host rules used to configure the Ingress. If unspecified, or
// no rule matches, all traffic is sent to the default backend.
Rules []IngressRule `json:"rules,omitempty"`
// Optional: If specified and supported by the platform, this will restrict traffic through the cloud-provider
// load-balancer will be restricted to the specified client IPs. This field will be ignored if the
// cloud-provider does not support the feature.
// https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
LoadBalancerSourceRanges []string `json:"loadBalancerSourceRanges,omitempty"`
// Compute Resources required by the sidecar container.
Resources apiv1.ResourceRequirements `json:"resources,omitempty"`
}
IngressSpec describes the Ingress the user wishes to exist.
type IngressStatus ¶
type IngressStatus struct {
// LoadBalancer contains the current status of the load-balancer.
LoadBalancer apiv1.LoadBalancerStatus `json:"loadBalancer,omitempty"`
}
IngressStatus describe the current state of the Ingress.
type IngressTLS ¶
type IngressTLS struct {
// Hosts are a list of hosts included in the TLS certificate. The values in
// this list must match the name/s used in the tlsSecret. Defaults to the
// wildcard host setting for the loadbalancer controller fulfilling this
// Ingress, if left unspecified.
Hosts []string `json:"hosts,omitempty"`
// SecretName is the name of the secret used to terminate SSL traffic on 443.
// Field is left optional to allow SSL routing based on SNI hostname alone.
// If the SNI host in a listener conflicts with the "Host" header field used
// by an IngressRule, the SNI host is used for termination and value of the
// Host header is used for routing.
SecretName string `json:"secretName,omitempty"`
}
IngressTLS describes the transport layer security associated with an Ingress.
type MonitorSpec ¶
type MonitorSpec struct {
Prometheus *PrometheusSpec `json:"prometheus,omitempty"`
}
type PrometheusSpec ¶
type PrometheusSpec struct {
// Port number for the exporter side car.
Port int `json:"port,omitempty"`
// Namespace of Prometheus. Service monitors will be created in this namespace.
Namespace string `json:"namespace,omitempty"`
// Labels are key value pairs that is used to select Prometheus instance via ServiceMonitor labels.
// +optional
Labels map[string]string `json:"labels,omitempty"`
// Interval at which metrics should be scraped
Interval string `json:"interval,omitempty"`
}
type TCPIngressRuleValue ¶
type TCPIngressRuleValue struct {
// port to listen tcp connections.
Port intstr.IntOrString `json:"port,omitempty"`
// SSl cert used to terminate ssl in this port
SecretName string `json:"secretName,omitempty"`
// Backend to forward the requests.
Backend IngressBackend `json:"backend,omitempty"`
// Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS)
// extension for application layer protocol negotiation. ALPN allows the application
// layer to negotiate which protocol should be performed over a secure connection in a
// manner which avoids additional round trips and which is independent of the application
// layer protocols. It is used by HTTP/2.
// If provided a list of alpn will be added to port as alpn option1,option2,...
// If SecretName is Provided this secret will be used to terminate SSL with alpn options.
// If Secret name is not provided backend server is responsible for handling SSL.
ALPN []string `json:"alpn,omitempty"`
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.