Documentation ¶
Overview ¶
Package v1 contains API Schema definitions for the kuadrant.io v1 API group +kubebuilder:object:generate=true +groupName=kuadrant.io
Index ¶
- Constants
- Variables
- func AtomicDefaultsMergeStrategy(source, target machinery.Policy) machinery.Policy
- func AtomicOverridesMergeStrategy(source, _ machinery.Policy) machinery.Policy
- func DefaultsMergeStrategy(strategy string) machinery.MergeStrategy
- func EffectivePolicyForPath[T machinery.Policy](path []machinery.Targetable, predicate func(machinery.Policy) bool) *T
- func OverridesMergeStrategy(strategy string) machinery.MergeStrategy
- func PathID(path []machinery.Targetable) string
- func PoliciesInPath(path []machinery.Targetable, predicate func(machinery.Policy) bool) []machinery.Policy
- func PolicyRuleDefaultsMergeStrategy(source, target machinery.Policy) machinery.Policy
- func PolicyRuleOverridesMergeStrategy(source, target machinery.Policy) machinery.Policy
- type AuthPolicy
- func (in *AuthPolicy) DeepCopy() *AuthPolicy
- func (in *AuthPolicy) DeepCopyInto(out *AuthPolicy)
- func (in *AuthPolicy) DeepCopyObject() runtime.Object
- func (p *AuthPolicy) Empty() bool
- func (p *AuthPolicy) GetLocator() string
- func (p *AuthPolicy) GetMergeStrategy() machinery.MergeStrategy
- func (p *AuthPolicy) GetName() string
- func (p *AuthPolicy) GetNamespace() string
- func (p *AuthPolicy) GetStatus() kuadrantgatewayapi.PolicyStatus
- func (p *AuthPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReferencedeprecated
- func (p *AuthPolicy) GetTargetRefs() []machinery.PolicyTargetReference
- func (p *AuthPolicy) Kind() string
- func (p *AuthPolicy) Merge(other machinery.Policy) machinery.Policy
- func (p *AuthPolicy) Rules() map[string]MergeableRule
- func (p *AuthPolicy) SetRules(rules map[string]MergeableRule)
- type AuthPolicyList
- type AuthPolicySpec
- type AuthPolicySpecProper
- type AuthPolicyStatus
- type AuthSchemeSpec
- type CertificateSpec
- type Counter
- type DNSPolicy
- func (in *DNSPolicy) DeepCopy() *DNSPolicy
- func (in *DNSPolicy) DeepCopyInto(out *DNSPolicy)
- func (in *DNSPolicy) DeepCopyObject() runtime.Object
- func (p *DNSPolicy) GetLocator() string
- func (p *DNSPolicy) GetMergeStrategy() machinery.MergeStrategy
- func (p *DNSPolicy) GetStatus() kuadrantgatewayapi.PolicyStatus
- func (p *DNSPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReferencedeprecated
- func (p *DNSPolicy) GetTargetRefs() []machinery.PolicyTargetReference
- func (p *DNSPolicy) Kind() string
- func (p *DNSPolicy) Merge(other machinery.Policy) machinery.Policy
- func (p *DNSPolicy) Validate() error
- func (p *DNSPolicy) WithExcludeAddresses(excluded []string) *DNSPolicy
- func (p *DNSPolicy) WithHealthCheck(healthCheck dnsv1alpha1.HealthCheckSpec) *DNSPolicy
- func (p *DNSPolicy) WithHealthCheckFor(endpoint string, port int, protocol string, failureThreshold int) *DNSPolicy
- func (p *DNSPolicy) WithLoadBalancing(loadBalancing LoadBalancingSpec) *DNSPolicy
- func (p *DNSPolicy) WithLoadBalancingFor(weight int, geo string, isDefaultGeo bool) *DNSPolicy
- func (p *DNSPolicy) WithProviderRef(providerRef dnsv1alpha1.ProviderRef) *DNSPolicy
- func (p *DNSPolicy) WithProviderSecret(s corev1.Secret) *DNSPolicy
- func (p *DNSPolicy) WithTargetGateway(gwName string) *DNSPolicy
- func (p *DNSPolicy) WithTargetGatewayListener(gwName string, lName string) *DNSPolicy
- func (p *DNSPolicy) WithTargetRef(targetRef gatewayapiv1alpha2.LocalPolicyTargetReferenceWithSectionName) *DNSPolicy
- type DNSPolicyList
- type DNSPolicySpec
- type DNSPolicyStatus
- type Duration
- type ExcludeAddresses
- type Expression
- type GeoCode
- type Limit
- type LoadBalancingSpec
- type MergeableAuthPolicySpec
- type MergeableAuthenticationSpec
- func (in *MergeableAuthenticationSpec) DeepCopy() *MergeableAuthenticationSpec
- func (in *MergeableAuthenticationSpec) DeepCopyInto(out *MergeableAuthenticationSpec)
- func (r *MergeableAuthenticationSpec) GetSource() string
- func (r *MergeableAuthenticationSpec) GetSpec() any
- func (r *MergeableAuthenticationSpec) WithSource(source string) MergeableRule
- type MergeableAuthorizationSpec
- func (in *MergeableAuthorizationSpec) DeepCopy() *MergeableAuthorizationSpec
- func (in *MergeableAuthorizationSpec) DeepCopyInto(out *MergeableAuthorizationSpec)
- func (r *MergeableAuthorizationSpec) GetSource() string
- func (r *MergeableAuthorizationSpec) GetSpec() any
- func (r *MergeableAuthorizationSpec) WithSource(source string) MergeableRule
- type MergeableCallbackSpec
- func (in *MergeableCallbackSpec) DeepCopy() *MergeableCallbackSpec
- func (in *MergeableCallbackSpec) DeepCopyInto(out *MergeableCallbackSpec)
- func (r *MergeableCallbackSpec) GetSource() string
- func (r *MergeableCallbackSpec) GetSpec() any
- func (r *MergeableCallbackSpec) WithSource(source string) MergeableRule
- type MergeableDenyWithSpec
- func (in *MergeableDenyWithSpec) DeepCopy() *MergeableDenyWithSpec
- func (in *MergeableDenyWithSpec) DeepCopyInto(out *MergeableDenyWithSpec)
- func (r *MergeableDenyWithSpec) GetSource() string
- func (r *MergeableDenyWithSpec) GetSpec() any
- func (r *MergeableDenyWithSpec) WithSource(source string) MergeableRule
- type MergeableHeaderSuccessResponseSpec
- func (in *MergeableHeaderSuccessResponseSpec) DeepCopy() *MergeableHeaderSuccessResponseSpec
- func (in *MergeableHeaderSuccessResponseSpec) DeepCopyInto(out *MergeableHeaderSuccessResponseSpec)
- func (r *MergeableHeaderSuccessResponseSpec) GetSource() string
- func (r *MergeableHeaderSuccessResponseSpec) GetSpec() any
- func (r *MergeableHeaderSuccessResponseSpec) WithSource(source string) MergeableRule
- type MergeableMetadataSpec
- func (in *MergeableMetadataSpec) DeepCopy() *MergeableMetadataSpec
- func (in *MergeableMetadataSpec) DeepCopyInto(out *MergeableMetadataSpec)
- func (r *MergeableMetadataSpec) GetSource() string
- func (r *MergeableMetadataSpec) GetSpec() any
- func (r *MergeableMetadataSpec) WithSource(source string) MergeableRule
- type MergeablePatternExpressions
- func (in *MergeablePatternExpressions) DeepCopy() *MergeablePatternExpressions
- func (in *MergeablePatternExpressions) DeepCopyInto(out *MergeablePatternExpressions)
- func (r *MergeablePatternExpressions) GetSource() string
- func (r *MergeablePatternExpressions) GetSpec() any
- func (r *MergeablePatternExpressions) WithSource(source string) MergeableRule
- type MergeablePolicy
- type MergeableRateLimitPolicySpec
- type MergeableResponseSpec
- type MergeableRule
- type MergeableSuccessResponseSpec
- func (in *MergeableSuccessResponseSpec) DeepCopy() *MergeableSuccessResponseSpec
- func (in *MergeableSuccessResponseSpec) DeepCopyInto(out *MergeableSuccessResponseSpec)
- func (r *MergeableSuccessResponseSpec) GetSource() string
- func (r *MergeableSuccessResponseSpec) GetSpec() any
- func (r *MergeableSuccessResponseSpec) WithSource(source string) MergeableRule
- type MergeableWhenPredicates
- func (in *MergeableWhenPredicates) DeepCopy() *MergeableWhenPredicates
- func (in *MergeableWhenPredicates) DeepCopyInto(out *MergeableWhenPredicates)
- func (p *MergeableWhenPredicates) GetSource() string
- func (p *MergeableWhenPredicates) GetSpec() any
- func (p *MergeableWhenPredicates) WithSource(source string) MergeableRule
- type MergeableWrappedSuccessResponseSpec
- type Predicate
- type Rate
- type RateLimitPolicy
- func (in *RateLimitPolicy) DeepCopy() *RateLimitPolicy
- func (in *RateLimitPolicy) DeepCopyInto(out *RateLimitPolicy)
- func (in *RateLimitPolicy) DeepCopyObject() runtime.Object
- func (p *RateLimitPolicy) Empty() bool
- func (p *RateLimitPolicy) GetLocator() string
- func (p *RateLimitPolicy) GetMergeStrategy() machinery.MergeStrategy
- func (p *RateLimitPolicy) GetName() string
- func (p *RateLimitPolicy) GetNamespace() string
- func (p *RateLimitPolicy) GetStatus() kuadrantgatewayapi.PolicyStatus
- func (p *RateLimitPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReferencedeprecated
- func (p *RateLimitPolicy) GetTargetRefs() []machinery.PolicyTargetReference
- func (p *RateLimitPolicy) Kind() string
- func (p *RateLimitPolicy) Merge(other machinery.Policy) machinery.Policy
- func (p *RateLimitPolicy) Rules() map[string]MergeableRule
- func (p *RateLimitPolicy) SetRules(rules map[string]MergeableRule)
- type RateLimitPolicyList
- type RateLimitPolicySpec
- type RateLimitPolicySpecProper
- type RateLimitPolicyStatus
- type TLSPolicy
- func (in *TLSPolicy) DeepCopy() *TLSPolicy
- func (in *TLSPolicy) DeepCopyInto(out *TLSPolicy)
- func (in *TLSPolicy) DeepCopyObject() runtime.Object
- func (p *TLSPolicy) GetLocator() string
- func (p *TLSPolicy) GetMergeStrategy() machinery.MergeStrategy
- func (p *TLSPolicy) GetStatus() kuadrantgatewayapi.PolicyStatus
- func (p *TLSPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReferencedeprecated
- func (p *TLSPolicy) GetTargetRefs() []machinery.PolicyTargetReference
- func (p *TLSPolicy) Kind() stringdeprecated
- func (p *TLSPolicy) Merge(other machinery.Policy) machinery.Policy
- func (p *TLSPolicy) WithIssuerRef(issuerRef certmanmetav1.ObjectReference) *TLSPolicy
- func (p *TLSPolicy) WithTargetGateway(gwName string) *TLSPolicy
- func (p *TLSPolicy) WithTargetGatewaySection(gwName string, sectionName string) *TLSPolicy
- type TLSPolicyList
- type TLSPolicySpec
- type TLSPolicyStatus
- type WhenPredicates
Constants ¶
const ( AtomicMergeStrategy = "atomic" PolicyRuleMergeStrategy = "merge" )
const GroupName = "kuadrant.io"
GroupName specifies the group name used to register the objects.
Variables ¶
var ( AuthPolicyGroupKind = schema.GroupKind{Group: GroupVersion.Group, Kind: "AuthPolicy"} AuthPoliciesResource = GroupVersion.WithResource("authpolicies") )
var ( DNSPoliciesResource = GroupVersion.WithResource("dnspolicies") DNSPolicyGroupKind = schema.GroupKind{Group: GroupVersion.Group, Kind: "DNSPolicy"} )
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
var ( RateLimitPolicyGroupKind = schema.GroupKind{Group: GroupVersion.Group, Kind: "RateLimitPolicy"} RateLimitPoliciesResource = GroupVersion.WithResource("ratelimitpolicies") // Top level predicate rules key starting with # to prevent conflict with limit names // TODO(eastizle): this coupling between limit names and rule IDs is a bad smell. Merging implementation should be enhanced. RulesKeyTopLevelPredicates = "###_TOP_LEVEL_PREDICATES_###" )
var ( TLSPoliciesResource = GroupVersion.WithResource("tlspolicies") TLSPolicyGroupKind = schema.GroupKind{Group: GroupVersion.Group, Kind: "TLSPolicy"} )
Functions ¶
func AtomicDefaultsMergeStrategy ¶
AtomicDefaultsMergeStrategy implements a merge strategy that returns the target Policy if it exists, otherwise it returns the source Policy.
func AtomicOverridesMergeStrategy ¶
AtomicOverridesMergeStrategy implements a merge strategy that overrides a target Policy with a source one.
func DefaultsMergeStrategy ¶
func DefaultsMergeStrategy(strategy string) machinery.MergeStrategy
func EffectivePolicyForPath ¶
func EffectivePolicyForPath[T machinery.Policy](path []machinery.Targetable, predicate func(machinery.Policy) bool) *T
EffectivePolicyForPath returns the effective policy for a given path, merging all policies in the path. The policies in the path are sorted from the least specific to the most specific. Only policies whose predicate returns true are considered.
func OverridesMergeStrategy ¶
func OverridesMergeStrategy(strategy string) machinery.MergeStrategy
func PathID ¶
func PathID(path []machinery.Targetable) string
func PoliciesInPath ¶
func PoliciesInPath(path []machinery.Targetable, predicate func(machinery.Policy) bool) []machinery.Policy
OrderedPoliciesForPath gathers all policies in a path sorted from the least specific to the most specific. Only policies whose predicate returns true are considered.
func PolicyRuleDefaultsMergeStrategy ¶
PolicyRuleDefaultsMergeStrategy implements a merge strategy that merges a source Policy into a target one by keeping the policy rules from the target and adding the ones from the source that do not exist in the target.
func PolicyRuleOverridesMergeStrategy ¶
PolicyRuleOverridesMergeStrategy implements a merge strategy that merges a source Policy into a target one by using the policy rules from the source and keeping from the target only the policy rules that do not exist in the source.
Types ¶
type AuthPolicy ¶
type AuthPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec AuthPolicySpec `json:"spec,omitempty"` Status AuthPolicyStatus `json:"status,omitempty"` }
AuthPolicy enables authentication and authorization for service workloads in a Gateway API network
func (*AuthPolicy) DeepCopy ¶
func (in *AuthPolicy) DeepCopy() *AuthPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthPolicy.
func (*AuthPolicy) DeepCopyInto ¶
func (in *AuthPolicy) DeepCopyInto(out *AuthPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthPolicy) DeepCopyObject ¶
func (in *AuthPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*AuthPolicy) Empty ¶
func (p *AuthPolicy) Empty() bool
func (*AuthPolicy) GetLocator ¶
func (p *AuthPolicy) GetLocator() string
func (*AuthPolicy) GetMergeStrategy ¶
func (p *AuthPolicy) GetMergeStrategy() machinery.MergeStrategy
func (*AuthPolicy) GetName ¶
func (p *AuthPolicy) GetName() string
func (*AuthPolicy) GetNamespace ¶
func (p *AuthPolicy) GetNamespace() string
func (*AuthPolicy) GetStatus ¶
func (p *AuthPolicy) GetStatus() kuadrantgatewayapi.PolicyStatus
func (*AuthPolicy) GetTargetRef
deprecated
func (p *AuthPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference
Deprecated: Use GetTargetRefs instead
func (*AuthPolicy) GetTargetRefs ¶
func (p *AuthPolicy) GetTargetRefs() []machinery.PolicyTargetReference
func (*AuthPolicy) Kind ¶
func (p *AuthPolicy) Kind() string
func (*AuthPolicy) Rules ¶
func (p *AuthPolicy) Rules() map[string]MergeableRule
func (*AuthPolicy) SetRules ¶
func (p *AuthPolicy) SetRules(rules map[string]MergeableRule)
type AuthPolicyList ¶
type AuthPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []AuthPolicy `json:"items"` }
AuthPolicyList contains a list of AuthPolicy
func (*AuthPolicyList) DeepCopy ¶
func (in *AuthPolicyList) DeepCopy() *AuthPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthPolicyList.
func (*AuthPolicyList) DeepCopyInto ¶
func (in *AuthPolicyList) DeepCopyInto(out *AuthPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthPolicyList) DeepCopyObject ¶
func (in *AuthPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AuthPolicySpec ¶
type AuthPolicySpec struct { // Reference to the object to which this policy applies. // +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'" // +kubebuilder:validation:XValidation:rule="self.kind == 'HTTPRoute' || self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'HTTPRoute' and 'Gateway'" TargetRef gatewayapiv1alpha2.LocalPolicyTargetReferenceWithSectionName `json:"targetRef"` // Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides. // Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). // +optional Defaults *MergeableAuthPolicySpec `json:"defaults,omitempty"` // Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides. // Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). // +optional Overrides *MergeableAuthPolicySpec `json:"overrides,omitempty"` // Bare set of policy rules (implicit defaults). // Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). AuthPolicySpecProper `json:""` }
+kubebuilder:validation:XValidation:rule="!(has(self.defaults) && (has(self.patterns) || has(self.when) || has(self.rules)))",message="Implicit and explicit defaults are mutually exclusive" +kubebuilder:validation:XValidation:rule="!(has(self.overrides) && (has(self.patterns) || has(self.when) || has(self.rules)))",message="Implicit defaults and explicit overrides are mutually exclusive" +kubebuilder:validation:XValidation:rule="!(has(self.overrides) && has(self.defaults))",message="Explicit overrides and explicit defaults are mutually exclusive"
func (*AuthPolicySpec) DeepCopy ¶
func (in *AuthPolicySpec) DeepCopy() *AuthPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthPolicySpec.
func (*AuthPolicySpec) DeepCopyInto ¶
func (in *AuthPolicySpec) DeepCopyInto(out *AuthPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthPolicySpec) Proper ¶
func (s *AuthPolicySpec) Proper() *AuthPolicySpecProper
type AuthPolicySpecProper ¶
type AuthPolicySpecProper struct { // Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules. // +optional NamedPatterns map[string]MergeablePatternExpressions `json:"patterns,omitempty"` // Overall conditions for the AuthPolicy to be enforced. // If omitted, the AuthPolicy will be enforced at all requests to the protected routes. // If present, all conditions must match for the AuthPolicy to be enforced; otherwise, the authorization service skips the AuthPolicy and returns to the auth request with status OK. // +optional MergeableWhenPredicates `json:""` // The auth rules of the policy. // See Authorino's AuthConfig CRD for more details. AuthScheme *AuthSchemeSpec `json:"rules,omitempty"` }
AuthPolicySpecProper contains common shared fields for defaults and overrides
func (*AuthPolicySpecProper) DeepCopy ¶
func (in *AuthPolicySpecProper) DeepCopy() *AuthPolicySpecProper
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthPolicySpecProper.
func (*AuthPolicySpecProper) DeepCopyInto ¶
func (in *AuthPolicySpecProper) DeepCopyInto(out *AuthPolicySpecProper)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthPolicyStatus ¶
type AuthPolicyStatus struct { // ObservedGeneration reflects the generation of the most recently observed spec. // +optional ObservedGeneration int64 `json:"observedGeneration,omitempty"` // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` }
func (*AuthPolicyStatus) DeepCopy ¶
func (in *AuthPolicyStatus) DeepCopy() *AuthPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthPolicyStatus.
func (*AuthPolicyStatus) DeepCopyInto ¶
func (in *AuthPolicyStatus) DeepCopyInto(out *AuthPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthPolicyStatus) Equals ¶
func (s *AuthPolicyStatus) Equals(other *AuthPolicyStatus, logger logr.Logger) bool
func (*AuthPolicyStatus) GetConditions ¶
func (s *AuthPolicyStatus) GetConditions() []metav1.Condition
type AuthSchemeSpec ¶
type AuthSchemeSpec struct { // Authentication configs. // At least one config MUST evaluate to a valid identity object for the auth request to be successful. // +optional Authentication map[string]MergeableAuthenticationSpec `json:"authentication,omitempty"` // Metadata sources. // Authorino fetches auth metadata as JSON from sources specified in this config. // +optional Metadata map[string]MergeableMetadataSpec `json:"metadata,omitempty"` // Authorization policies. // All policies MUST evaluate to "allowed = true" for the auth request be successful. // +optional Authorization map[string]MergeableAuthorizationSpec `json:"authorization,omitempty"` // Response items. // Authorino builds custom responses to the client of the auth request. // +optional Response *MergeableResponseSpec `json:"response,omitempty"` // Callback functions. // Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. // +optional Callbacks map[string]MergeableCallbackSpec `json:"callbacks,omitempty"` }
func (*AuthSchemeSpec) DeepCopy ¶
func (in *AuthSchemeSpec) DeepCopy() *AuthSchemeSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthSchemeSpec.
func (*AuthSchemeSpec) DeepCopyInto ¶
func (in *AuthSchemeSpec) DeepCopyInto(out *AuthSchemeSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateSpec ¶
type CertificateSpec struct { // IssuerRef is a reference to the issuer for this certificate. // If the `kind` field is not set, or set to `Issuer`, an Issuer resource // with the given name in the same namespace as the Certificate will be used. // If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the // provided name will be used. // The `name` field in this stanza is required at all times. IssuerRef certmanmetav1.ObjectReference `json:"issuerRef"` // CommonName is a common name to be used on the Certificate. // The CommonName should have a length of 64 characters or fewer to avoid // generating invalid CSRs. // This value is ignored by TLS clients when any subject alt name is set. // This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4 // +optional CommonName string `json:"commonName,omitempty"` // The requested 'duration' (i.e. lifetime) of the Certificate. This option // may be ignored/overridden by some issuer types. If unset this defaults to // 90 days. Certificate will be renewed either 2/3 through its duration or // `renewBefore` period before its expiry, whichever is later. Minimum // accepted duration is 1 hour. Value must be in units accepted by Go // time.ParseDuration https://golang.org/pkg/time/#ParseDuration // +optional Duration *metav1.Duration `json:"duration,omitempty"` // How long before the currently issued certificate's expiry // cert-manager should renew the certificate. The default is 2/3 of the // issued certificate's duration. Minimum accepted value is 5 minutes. // Value must be in units accepted by Go time.ParseDuration // https://golang.org/pkg/time/#ParseDuration // +optional RenewBefore *metav1.Duration `json:"renewBefore,omitempty"` // Usages is the set of x509 usages that are requested for the certificate. // Defaults to `digital signature` and `key encipherment` if not specified. // +optional Usages []certmanv1.KeyUsage `json:"usages,omitempty"` // RevisionHistoryLimit is the maximum number of CertificateRequest revisions // that are maintained in the Certificate's history. Each revision represents // a single `CertificateRequest` created by this Certificate, either when it // was created, renewed, or Spec was changed. Revisions will be removed by // oldest first if the number of revisions exceeds this number. If set, // revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), // revisions will not be garbage collected. Default value is `nil`. // +kubebuilder:validation:ExclusiveMaximum=false // +optional RevisionHistoryLimit *int32 `json:"revisionHistoryLimit,omitempty"` // Options to control private keys used for the Certificate. // +optional PrivateKey *certmanv1.CertificatePrivateKey `json:"privateKey,omitempty"` }
CertificateSpec defines the certificate manager certificate spec that can be set via the TLSPolicy. Rather than allowing the whole certmanv1.CertificateSpec to be inlined we are only including the same fields that are currently supported by the annotation approach to securing gateways as outlined here https://cert-manager.io/docs/usage/gateway/#supported-annotations
func (*CertificateSpec) DeepCopy ¶
func (in *CertificateSpec) DeepCopy() *CertificateSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.
func (*CertificateSpec) DeepCopyInto ¶
func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Counter ¶
type Counter struct {
Expression Expression `json:"expression"`
}
func (*Counter) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Counter.
func (*Counter) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DNSPolicy ¶
type DNSPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec DNSPolicySpec `json:"spec,omitempty"` Status DNSPolicyStatus `json:"status,omitempty"` }
DNSPolicy is the Schema for the dnspolicies API
func NewDNSPolicy ¶
func (*DNSPolicy) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSPolicy.
func (*DNSPolicy) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*DNSPolicy) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*DNSPolicy) GetLocator ¶
func (*DNSPolicy) GetMergeStrategy ¶
func (p *DNSPolicy) GetMergeStrategy() machinery.MergeStrategy
func (*DNSPolicy) GetStatus ¶
func (p *DNSPolicy) GetStatus() kuadrantgatewayapi.PolicyStatus
func (*DNSPolicy) GetTargetRef
deprecated
func (p *DNSPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference
Deprecated: Use GetTargetRefs instead
func (*DNSPolicy) GetTargetRefs ¶
func (p *DNSPolicy) GetTargetRefs() []machinery.PolicyTargetReference
func (*DNSPolicy) WithExcludeAddresses ¶
func (*DNSPolicy) WithHealthCheck ¶
func (p *DNSPolicy) WithHealthCheck(healthCheck dnsv1alpha1.HealthCheckSpec) *DNSPolicy
func (*DNSPolicy) WithHealthCheckFor ¶
func (*DNSPolicy) WithLoadBalancing ¶
func (p *DNSPolicy) WithLoadBalancing(loadBalancing LoadBalancingSpec) *DNSPolicy
func (*DNSPolicy) WithLoadBalancingFor ¶
func (*DNSPolicy) WithProviderRef ¶
func (p *DNSPolicy) WithProviderRef(providerRef dnsv1alpha1.ProviderRef) *DNSPolicy
func (*DNSPolicy) WithProviderSecret ¶
func (*DNSPolicy) WithTargetGateway ¶
func (*DNSPolicy) WithTargetGatewayListener ¶
func (*DNSPolicy) WithTargetRef ¶
func (p *DNSPolicy) WithTargetRef(targetRef gatewayapiv1alpha2.LocalPolicyTargetReferenceWithSectionName) *DNSPolicy
type DNSPolicyList ¶
type DNSPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []DNSPolicy `json:"items"` }
DNSPolicyList contains a list of DNSPolicy
func (*DNSPolicyList) DeepCopy ¶
func (in *DNSPolicyList) DeepCopy() *DNSPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSPolicyList.
func (*DNSPolicyList) DeepCopyInto ¶
func (in *DNSPolicyList) DeepCopyInto(out *DNSPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*DNSPolicyList) DeepCopyObject ¶
func (in *DNSPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type DNSPolicySpec ¶
type DNSPolicySpec struct { // targetRef identifies an API object to apply policy to. // +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'" // +kubebuilder:validation:XValidation:rule="self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'Gateway'" TargetRef gatewayapiv1alpha2.LocalPolicyTargetReferenceWithSectionName `json:"targetRef"` // +optional HealthCheck *dnsv1alpha1.HealthCheckSpec `json:"healthCheck,omitempty"` // +optional LoadBalancing *LoadBalancingSpec `json:"loadBalancing,omitempty"` // providerRefs is a list of references to provider secrets. Max is one but intention is to allow this to be more in the future // +kubebuilder:validation:MaxItems=1 // +kubebuilder:validation:MinItems=1 ProviderRefs []dnsv1alpha1.ProviderRef `json:"providerRefs"` // ExcludeAddresses is a list of addresses (either hostnames, CIDR or IPAddresses) that DNSPolicy should not use as values in the configured DNS provider records. The default is to allow all addresses configured in the Gateway DNSPolicy is targeting // +optional ExcludeAddresses ExcludeAddresses `json:"excludeAddresses,omitempty"` }
DNSPolicySpec defines the desired state of DNSPolicy
func (*DNSPolicySpec) DeepCopy ¶
func (in *DNSPolicySpec) DeepCopy() *DNSPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSPolicySpec.
func (*DNSPolicySpec) DeepCopyInto ¶
func (in *DNSPolicySpec) DeepCopyInto(out *DNSPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DNSPolicyStatus ¶
type DNSPolicyStatus struct { // conditions are any conditions associated with the policy // // If configuring the policy fails, the "Failed" condition will be set with a // reason and message describing the cause of the failure. Conditions []metav1.Condition `json:"conditions,omitempty"` // observedGeneration is the most recently observed generation of the // DNSPolicy. When the DNSPolicy is updated, the controller updates the // corresponding configuration. If an update fails, that failure is // recorded in the status condition // +optional ObservedGeneration int64 `json:"observedGeneration,omitempty"` // +optional HealthCheck *dnsv1alpha1.HealthCheckStatus `json:"healthCheck,omitempty"` // +optional RecordConditions map[string][]metav1.Condition `json:"recordConditions,omitempty"` // TotalRecords records the total number of individual DNSRecords managed by this DNSPolicy // +optional TotalRecords int32 `json:"totalRecords,omitempty"` }
DNSPolicyStatus defines the observed state of DNSPolicy
func (*DNSPolicyStatus) DeepCopy ¶
func (in *DNSPolicyStatus) DeepCopy() *DNSPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSPolicyStatus.
func (*DNSPolicyStatus) DeepCopyInto ¶
func (in *DNSPolicyStatus) DeepCopyInto(out *DNSPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*DNSPolicyStatus) GetConditions ¶
func (s *DNSPolicyStatus) GetConditions() []metav1.Condition
type Duration ¶
type Duration string
Duration follows Gateway API Duration format: https://gateway-api.sigs.k8s.io/geps/gep-2257/?h=duration#gateway-api-duration-format MUST match the regular expression ^([0-9]{1,5}(h|m|s|ms)){1,4}$ MUST be interpreted as specified by Golang's time.ParseDuration +kubebuilder:validation:Pattern=`^([0-9]{1,5}(h|m|s|ms)){1,4}$`
type ExcludeAddresses ¶
type ExcludeAddresses []string
+kubebuilder:validation:MaxItems=20
func (ExcludeAddresses) DeepCopy ¶
func (in ExcludeAddresses) DeepCopy() ExcludeAddresses
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludeAddresses.
func (ExcludeAddresses) DeepCopyInto ¶
func (in ExcludeAddresses) DeepCopyInto(out *ExcludeAddresses)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (ExcludeAddresses) Validate ¶
func (ea ExcludeAddresses) Validate() error
type Expression ¶
type Expression string
Expression defines one CEL expression Expression can use well known attributes Attributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes Well-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors They are named by a dot-separated path (e.g. request.path) Example: "request.path" -> The path portion of the URL +kubebuilder:validation:MinLength=1
type Limit ¶
type Limit struct { // When holds a list of "limit-level" `Predicate`s // Called also "soft" conditions as route selectors must also match // +optional When WhenPredicates `json:"when,omitempty"` // Counters defines additional rate limit counters based on CEL expressions which can reference well known selectors // TODO Document properly "Well-known selector" https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors // +optional Counters []Counter `json:"counters,omitempty"` // Rates holds the list of limit rates // +optional Rates []Rate `json:"rates,omitempty"` // Source stores the locator of the policy where the limit is orignaly defined (internal use) Source string `json:"-"` }
Limit represents a complete rate limit configuration
func (Limit) CountersAsStringList ¶
func (*Limit) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Limit.
func (*Limit) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Limit) WithSource ¶
func (l *Limit) WithSource(source string) MergeableRule
type LoadBalancingSpec ¶
type LoadBalancingSpec struct { // weight value to apply to weighted endpoints. // // The maximum value accepted is determined by the target dns provider, please refer to the appropriate docs below. // // Route53: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-weighted.html // Google: https://cloud.google.com/dns/docs/overview/ // Azure: https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods#weighted-traffic-routing-method // +kubebuilder:default=120 Weight int `json:"weight"` // geo value to apply to geo endpoints. // // The values accepted are determined by the target dns provider, please refer to the appropriate docs below. // // Route53: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values-geo.html // Google: https://cloud.google.com/compute/docs/regions-zones // Azure: https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-geographic-regions // +kubebuilder:validation:MinLength=2 Geo string `json:"geo"` // defaultGeo specifies if this is the default geo for providers that support setting a default catch all geo endpoint such as Route53. DefaultGeo bool `json:"defaultGeo"` }
func (*LoadBalancingSpec) DeepCopy ¶
func (in *LoadBalancingSpec) DeepCopy() *LoadBalancingSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancingSpec.
func (*LoadBalancingSpec) DeepCopyInto ¶
func (in *LoadBalancingSpec) DeepCopyInto(out *LoadBalancingSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MergeableAuthPolicySpec ¶
type MergeableAuthPolicySpec struct { // Strategy defines the merge strategy to apply when merging this policy with other policies. // +kubebuilder:validation:Enum=atomic;merge // +kubebuilder:default=atomic Strategy string `json:"strategy,omitempty"` AuthPolicySpecProper `json:""` }
func (*MergeableAuthPolicySpec) DeepCopy ¶
func (in *MergeableAuthPolicySpec) DeepCopy() *MergeableAuthPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MergeableAuthPolicySpec.
func (*MergeableAuthPolicySpec) DeepCopyInto ¶
func (in *MergeableAuthPolicySpec) DeepCopyInto(out *MergeableAuthPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MergeableAuthenticationSpec ¶
type MergeableAuthenticationSpec struct { authorinov1beta3.AuthenticationSpec `json:",inline"` Source string `json:"-"` }
func (*MergeableAuthenticationSpec) DeepCopy ¶
func (in *MergeableAuthenticationSpec) DeepCopy() *MergeableAuthenticationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MergeableAuthenticationSpec.
func (*MergeableAuthenticationSpec) DeepCopyInto ¶
func (in *MergeableAuthenticationSpec) DeepCopyInto(out *MergeableAuthenticationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MergeableAuthenticationSpec) GetSource ¶
func (r *MergeableAuthenticationSpec) GetSource() string
func (*MergeableAuthenticationSpec) GetSpec ¶
func (r *MergeableAuthenticationSpec) GetSpec() any
func (*MergeableAuthenticationSpec) WithSource ¶
func (r *MergeableAuthenticationSpec) WithSource(source string) MergeableRule
type MergeableAuthorizationSpec ¶
type MergeableAuthorizationSpec struct { authorinov1beta3.AuthorizationSpec `json:",inline"` Source string `json:"-"` }
func (*MergeableAuthorizationSpec) DeepCopy ¶
func (in *MergeableAuthorizationSpec) DeepCopy() *MergeableAuthorizationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MergeableAuthorizationSpec.
func (*MergeableAuthorizationSpec) DeepCopyInto ¶
func (in *MergeableAuthorizationSpec) DeepCopyInto(out *MergeableAuthorizationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MergeableAuthorizationSpec) GetSource ¶
func (r *MergeableAuthorizationSpec) GetSource() string
func (*MergeableAuthorizationSpec) GetSpec ¶
func (r *MergeableAuthorizationSpec) GetSpec() any
func (*MergeableAuthorizationSpec) WithSource ¶
func (r *MergeableAuthorizationSpec) WithSource(source string) MergeableRule
type MergeableCallbackSpec ¶
type MergeableCallbackSpec struct { authorinov1beta3.CallbackSpec `json:",inline"` Source string `json:"-"` }
func (*MergeableCallbackSpec) DeepCopy ¶
func (in *MergeableCallbackSpec) DeepCopy() *MergeableCallbackSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MergeableCallbackSpec.
func (*MergeableCallbackSpec) DeepCopyInto ¶
func (in *MergeableCallbackSpec) DeepCopyInto(out *MergeableCallbackSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MergeableCallbackSpec) GetSource ¶
func (r *MergeableCallbackSpec) GetSource() string
func (*MergeableCallbackSpec) GetSpec ¶
func (r *MergeableCallbackSpec) GetSpec() any
func (*MergeableCallbackSpec) WithSource ¶
func (r *MergeableCallbackSpec) WithSource(source string) MergeableRule
type MergeableDenyWithSpec ¶
type MergeableDenyWithSpec struct { authorinov1beta3.DenyWithSpec `json:",inline"` Source string `json:"-"` }
func (*MergeableDenyWithSpec) DeepCopy ¶
func (in *MergeableDenyWithSpec) DeepCopy() *MergeableDenyWithSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MergeableDenyWithSpec.
func (*MergeableDenyWithSpec) DeepCopyInto ¶
func (in *MergeableDenyWithSpec) DeepCopyInto(out *MergeableDenyWithSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MergeableDenyWithSpec) GetSource ¶
func (r *MergeableDenyWithSpec) GetSource() string
func (*MergeableDenyWithSpec) GetSpec ¶
func (r *MergeableDenyWithSpec) GetSpec() any
func (*MergeableDenyWithSpec) WithSource ¶
func (r *MergeableDenyWithSpec) WithSource(source string) MergeableRule
type MergeableHeaderSuccessResponseSpec ¶
type MergeableHeaderSuccessResponseSpec struct { authorinov1beta3.HeaderSuccessResponseSpec `json:",inline"` Source string `json:"-"` }
func (*MergeableHeaderSuccessResponseSpec) DeepCopy ¶
func (in *MergeableHeaderSuccessResponseSpec) DeepCopy() *MergeableHeaderSuccessResponseSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MergeableHeaderSuccessResponseSpec.
func (*MergeableHeaderSuccessResponseSpec) DeepCopyInto ¶
func (in *MergeableHeaderSuccessResponseSpec) DeepCopyInto(out *MergeableHeaderSuccessResponseSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MergeableHeaderSuccessResponseSpec) GetSource ¶
func (r *MergeableHeaderSuccessResponseSpec) GetSource() string
func (*MergeableHeaderSuccessResponseSpec) GetSpec ¶
func (r *MergeableHeaderSuccessResponseSpec) GetSpec() any
func (*MergeableHeaderSuccessResponseSpec) WithSource ¶
func (r *MergeableHeaderSuccessResponseSpec) WithSource(source string) MergeableRule
type MergeableMetadataSpec ¶
type MergeableMetadataSpec struct { authorinov1beta3.MetadataSpec `json:",inline"` Source string `json:"-"` }
func (*MergeableMetadataSpec) DeepCopy ¶
func (in *MergeableMetadataSpec) DeepCopy() *MergeableMetadataSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MergeableMetadataSpec.
func (*MergeableMetadataSpec) DeepCopyInto ¶
func (in *MergeableMetadataSpec) DeepCopyInto(out *MergeableMetadataSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MergeableMetadataSpec) GetSource ¶
func (r *MergeableMetadataSpec) GetSource() string
func (*MergeableMetadataSpec) GetSpec ¶
func (r *MergeableMetadataSpec) GetSpec() any
func (*MergeableMetadataSpec) WithSource ¶
func (r *MergeableMetadataSpec) WithSource(source string) MergeableRule
type MergeablePatternExpressions ¶
type MergeablePatternExpressions struct { authorinov1beta3.PatternExpressions `json:"allOf"` Source string `json:"-"` }
func (*MergeablePatternExpressions) DeepCopy ¶
func (in *MergeablePatternExpressions) DeepCopy() *MergeablePatternExpressions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MergeablePatternExpressions.
func (*MergeablePatternExpressions) DeepCopyInto ¶
func (in *MergeablePatternExpressions) DeepCopyInto(out *MergeablePatternExpressions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MergeablePatternExpressions) GetSource ¶
func (r *MergeablePatternExpressions) GetSource() string
func (*MergeablePatternExpressions) GetSpec ¶
func (r *MergeablePatternExpressions) GetSpec() any
func (*MergeablePatternExpressions) WithSource ¶
func (r *MergeablePatternExpressions) WithSource(source string) MergeableRule
type MergeablePolicy ¶
type MergeablePolicy interface { machinery.Policy Rules() map[string]MergeableRule SetRules(map[string]MergeableRule) Empty() bool DeepCopyObject() runtime.Object }
+kubebuilder:object:generate=false
type MergeableRateLimitPolicySpec ¶
type MergeableRateLimitPolicySpec struct { // Strategy defines the merge strategy to apply when merging this policy with other policies. // +kubebuilder:validation:Enum=atomic;merge // +kubebuilder:default=atomic Strategy string `json:"strategy,omitempty"` RateLimitPolicySpecProper `json:""` }
func (*MergeableRateLimitPolicySpec) DeepCopy ¶
func (in *MergeableRateLimitPolicySpec) DeepCopy() *MergeableRateLimitPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MergeableRateLimitPolicySpec.
func (*MergeableRateLimitPolicySpec) DeepCopyInto ¶
func (in *MergeableRateLimitPolicySpec) DeepCopyInto(out *MergeableRateLimitPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MergeableResponseSpec ¶
type MergeableResponseSpec struct { // Customizations on the denial status attributes when the request is unauthenticated. // For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. // Default: 401 Unauthorized // +optional Unauthenticated *MergeableDenyWithSpec `json:"unauthenticated,omitempty"` // For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. // Default: 403 Forbidden // +optional Unauthorized *MergeableDenyWithSpec `json:"unauthorized,omitempty"` // Response items to be included in the auth response when the request is authenticated and authorized. // For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. // +optional Success MergeableWrappedSuccessResponseSpec `json:"success,omitempty"` }
Settings of the custom auth response.
func (*MergeableResponseSpec) DeepCopy ¶
func (in *MergeableResponseSpec) DeepCopy() *MergeableResponseSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MergeableResponseSpec.
func (*MergeableResponseSpec) DeepCopyInto ¶
func (in *MergeableResponseSpec) DeepCopyInto(out *MergeableResponseSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MergeableRule ¶
type MergeableRule interface { GetSpec() any GetSource() string WithSource(string) MergeableRule }
MergeableRule is a policy rule that contains a spec which can be traced back to its source, i.e. to the policy where the rule spec was defined. +kubebuilder:object:generate=false
func NewMergeableRule ¶
func NewMergeableRule(rule MergeableRule, defaultSource string) MergeableRule
NewMergeableRule creates a new MergeableRule with a default source if the rule does not have one.
type MergeableSuccessResponseSpec ¶
type MergeableSuccessResponseSpec struct { authorinov1beta3.SuccessResponseSpec `json:",inline"` Source string `json:"-"` }
func (*MergeableSuccessResponseSpec) DeepCopy ¶
func (in *MergeableSuccessResponseSpec) DeepCopy() *MergeableSuccessResponseSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MergeableSuccessResponseSpec.
func (*MergeableSuccessResponseSpec) DeepCopyInto ¶
func (in *MergeableSuccessResponseSpec) DeepCopyInto(out *MergeableSuccessResponseSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MergeableSuccessResponseSpec) GetSource ¶
func (r *MergeableSuccessResponseSpec) GetSource() string
func (*MergeableSuccessResponseSpec) GetSpec ¶
func (r *MergeableSuccessResponseSpec) GetSpec() any
func (*MergeableSuccessResponseSpec) WithSource ¶
func (r *MergeableSuccessResponseSpec) WithSource(source string) MergeableRule
type MergeableWhenPredicates ¶
type MergeableWhenPredicates struct { // Overall conditions for the policy to be enforced. // If omitted, the policy will be enforced at all requests to the protected routes. // If present, all conditions must match for the policy to be enforced. // +optional Predicates WhenPredicates `json:"when,omitempty"` // Source stores the locator of the policy where the limit is orignaly defined (internal use) Source string `json:"-"` }
func (*MergeableWhenPredicates) DeepCopy ¶
func (in *MergeableWhenPredicates) DeepCopy() *MergeableWhenPredicates
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MergeableWhenPredicates.
func (*MergeableWhenPredicates) DeepCopyInto ¶
func (in *MergeableWhenPredicates) DeepCopyInto(out *MergeableWhenPredicates)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MergeableWhenPredicates) GetSource ¶
func (p *MergeableWhenPredicates) GetSource() string
func (*MergeableWhenPredicates) GetSpec ¶
func (p *MergeableWhenPredicates) GetSpec() any
func (*MergeableWhenPredicates) WithSource ¶
func (p *MergeableWhenPredicates) WithSource(source string) MergeableRule
type MergeableWrappedSuccessResponseSpec ¶
type MergeableWrappedSuccessResponseSpec struct { // Custom headers to inject in the request. Headers map[string]MergeableHeaderSuccessResponseSpec `json:"headers,omitempty"` // Custom data made available to other filters managed by Kuadrant (i.e. Rate Limit) DynamicMetadata map[string]MergeableSuccessResponseSpec `json:"filters,omitempty"` }
func (*MergeableWrappedSuccessResponseSpec) DeepCopy ¶
func (in *MergeableWrappedSuccessResponseSpec) DeepCopy() *MergeableWrappedSuccessResponseSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MergeableWrappedSuccessResponseSpec.
func (*MergeableWrappedSuccessResponseSpec) DeepCopyInto ¶
func (in *MergeableWrappedSuccessResponseSpec) DeepCopyInto(out *MergeableWrappedSuccessResponseSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Predicate ¶
type Predicate struct { // +kubebuilder:validation:MinLength=1 Predicate string `json:"predicate"` }
Predicate defines one CEL expression that must be evaluated to bool
func NewPredicate ¶
func (*Predicate) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Predicate.
func (*Predicate) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Rate ¶
type Rate struct { // Limit defines the max value allowed for a given period of time Limit int `json:"limit"` // Window defines the time period for which the Limit specified above applies. Window Duration `json:"window"` }
Rate defines the actual rate limit that will be used when there is a match
func (*Rate) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rate.
func (*Rate) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitPolicy ¶
type RateLimitPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec RateLimitPolicySpec `json:"spec,omitempty"` Status RateLimitPolicyStatus `json:"status,omitempty"` }
RateLimitPolicy enables rate limiting for service workloads in a Gateway API network
func (*RateLimitPolicy) DeepCopy ¶
func (in *RateLimitPolicy) DeepCopy() *RateLimitPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitPolicy.
func (*RateLimitPolicy) DeepCopyInto ¶
func (in *RateLimitPolicy) DeepCopyInto(out *RateLimitPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RateLimitPolicy) DeepCopyObject ¶
func (in *RateLimitPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*RateLimitPolicy) Empty ¶
func (p *RateLimitPolicy) Empty() bool
func (*RateLimitPolicy) GetLocator ¶
func (p *RateLimitPolicy) GetLocator() string
func (*RateLimitPolicy) GetMergeStrategy ¶
func (p *RateLimitPolicy) GetMergeStrategy() machinery.MergeStrategy
func (*RateLimitPolicy) GetName ¶
func (p *RateLimitPolicy) GetName() string
func (*RateLimitPolicy) GetNamespace ¶
func (p *RateLimitPolicy) GetNamespace() string
func (*RateLimitPolicy) GetStatus ¶
func (p *RateLimitPolicy) GetStatus() kuadrantgatewayapi.PolicyStatus
func (*RateLimitPolicy) GetTargetRef
deprecated
func (p *RateLimitPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference
Deprecated: Use GetTargetRefs instead
func (*RateLimitPolicy) GetTargetRefs ¶
func (p *RateLimitPolicy) GetTargetRefs() []machinery.PolicyTargetReference
func (*RateLimitPolicy) Kind ¶
func (p *RateLimitPolicy) Kind() string
func (*RateLimitPolicy) Merge ¶
func (p *RateLimitPolicy) Merge(other machinery.Policy) machinery.Policy
func (*RateLimitPolicy) Rules ¶
func (p *RateLimitPolicy) Rules() map[string]MergeableRule
func (*RateLimitPolicy) SetRules ¶
func (p *RateLimitPolicy) SetRules(rules map[string]MergeableRule)
type RateLimitPolicyList ¶
type RateLimitPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []RateLimitPolicy `json:"items"` }
RateLimitPolicyList contains a list of RateLimitPolicy
func (*RateLimitPolicyList) DeepCopy ¶
func (in *RateLimitPolicyList) DeepCopy() *RateLimitPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitPolicyList.
func (*RateLimitPolicyList) DeepCopyInto ¶
func (in *RateLimitPolicyList) DeepCopyInto(out *RateLimitPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RateLimitPolicyList) DeepCopyObject ¶
func (in *RateLimitPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RateLimitPolicySpec ¶
type RateLimitPolicySpec struct { // Reference to the object to which this policy applies. // +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'" // +kubebuilder:validation:XValidation:rule="self.kind == 'HTTPRoute' || self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'HTTPRoute' and 'Gateway'" TargetRef gatewayapiv1alpha2.LocalPolicyTargetReferenceWithSectionName `json:"targetRef"` // Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides. // Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). // +optional Defaults *MergeableRateLimitPolicySpec `json:"defaults,omitempty"` // Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides. // Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). // +optional Overrides *MergeableRateLimitPolicySpec `json:"overrides,omitempty"` // Bare set of policy rules (implicit defaults). // Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). RateLimitPolicySpecProper `json:""` }
+kubebuilder:validation:XValidation:rule="!(has(self.defaults) && has(self.limits))",message="Implicit and explicit defaults are mutually exclusive" +kubebuilder:validation:XValidation:rule="!(has(self.defaults) && has(self.overrides))",message="Overrides and explicit defaults are mutually exclusive" +kubebuilder:validation:XValidation:rule="!(has(self.overrides) && has(self.limits))",message="Overrides and implicit defaults are mutually exclusive" +kubebuilder:validation:XValidation:rule="!(has(self.overrides) || has(self.defaults)) ? has(self.limits) && size(self.limits) > 0 : true",message="At least one spec.limits must be defined" +kubebuilder:validation:XValidation:rule="has(self.overrides) ? has(self.overrides.limits) && size(self.overrides.limits) > 0 : true",message="At least one spec.overrides.limits must be defined" +kubebuilder:validation:XValidation:rule="has(self.defaults) ? has(self.defaults.limits) && size(self.defaults.limits) > 0 : true",message="At least one spec.defaults.limits must be defined"
func (*RateLimitPolicySpec) DeepCopy ¶
func (in *RateLimitPolicySpec) DeepCopy() *RateLimitPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitPolicySpec.
func (*RateLimitPolicySpec) DeepCopyInto ¶
func (in *RateLimitPolicySpec) DeepCopyInto(out *RateLimitPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RateLimitPolicySpec) Proper ¶
func (s *RateLimitPolicySpec) Proper() *RateLimitPolicySpecProper
type RateLimitPolicySpecProper ¶
type RateLimitPolicySpecProper struct { // When holds a list of "top-level" `Predicate`s // +optional MergeableWhenPredicates `json:""` // Limits holds the struct of limits indexed by a unique name // +optional Limits map[string]Limit `json:"limits,omitempty"` }
RateLimitPolicySpecProper contains common shared fields for defaults and overrides
func (*RateLimitPolicySpecProper) DeepCopy ¶
func (in *RateLimitPolicySpecProper) DeepCopy() *RateLimitPolicySpecProper
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitPolicySpecProper.
func (*RateLimitPolicySpecProper) DeepCopyInto ¶
func (in *RateLimitPolicySpecProper) DeepCopyInto(out *RateLimitPolicySpecProper)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitPolicyStatus ¶
type RateLimitPolicyStatus struct { // ObservedGeneration reflects the generation of the most recently observed spec. // +optional ObservedGeneration int64 `json:"observedGeneration,omitempty"` // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` }
func (*RateLimitPolicyStatus) DeepCopy ¶
func (in *RateLimitPolicyStatus) DeepCopy() *RateLimitPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitPolicyStatus.
func (*RateLimitPolicyStatus) DeepCopyInto ¶
func (in *RateLimitPolicyStatus) DeepCopyInto(out *RateLimitPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RateLimitPolicyStatus) GetConditions ¶
func (s *RateLimitPolicyStatus) GetConditions() []metav1.Condition
type TLSPolicy ¶
type TLSPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec TLSPolicySpec `json:"spec,omitempty"` Status TLSPolicyStatus `json:"status,omitempty"` }
TLSPolicy is the Schema for the tlspolicies API
func NewTLSPolicy ¶
func (*TLSPolicy) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicy.
func (*TLSPolicy) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TLSPolicy) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*TLSPolicy) GetLocator ¶
func (*TLSPolicy) GetMergeStrategy ¶
func (p *TLSPolicy) GetMergeStrategy() machinery.MergeStrategy
func (*TLSPolicy) GetStatus ¶
func (p *TLSPolicy) GetStatus() kuadrantgatewayapi.PolicyStatus
func (*TLSPolicy) GetTargetRef
deprecated
func (p *TLSPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference
Deprecated: Use GetTargetRefs instead
func (*TLSPolicy) GetTargetRefs ¶
func (p *TLSPolicy) GetTargetRefs() []machinery.PolicyTargetReference
func (*TLSPolicy) WithIssuerRef ¶
func (p *TLSPolicy) WithIssuerRef(issuerRef certmanmetav1.ObjectReference) *TLSPolicy
func (*TLSPolicy) WithTargetGateway ¶
type TLSPolicyList ¶
type TLSPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []TLSPolicy `json:"items"` }
TLSPolicyList contains a list of TLSPolicy
func (*TLSPolicyList) DeepCopy ¶
func (in *TLSPolicyList) DeepCopy() *TLSPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicyList.
func (*TLSPolicyList) DeepCopyInto ¶
func (in *TLSPolicyList) DeepCopyInto(out *TLSPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TLSPolicyList) DeepCopyObject ¶
func (in *TLSPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TLSPolicySpec ¶
type TLSPolicySpec struct { // TargetRef identifies an API object to apply policy to. // +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'" // +kubebuilder:validation:XValidation:rule="self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'Gateway'" TargetRef gatewayapiv1alpha2.LocalPolicyTargetReferenceWithSectionName `json:"targetRef"` CertificateSpec `json:",inline"` }
TLSPolicySpec defines the desired state of TLSPolicy
func (*TLSPolicySpec) DeepCopy ¶
func (in *TLSPolicySpec) DeepCopy() *TLSPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicySpec.
func (*TLSPolicySpec) DeepCopyInto ¶
func (in *TLSPolicySpec) DeepCopyInto(out *TLSPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLSPolicyStatus ¶
type TLSPolicyStatus struct { // conditions are any conditions associated with the policy // // If configuring the policy fails, the "Failed" condition will be set with a // reason and message describing the cause of the failure. Conditions []metav1.Condition `json:"conditions,omitempty"` // observedGeneration is the most recently observed generation of the // TLSPolicy. When the TLSPolicy is updated, the controller updates the // corresponding configuration. If an update fails, that failure is // recorded in the status condition // +optional ObservedGeneration int64 `json:"observedGeneration,omitempty"` }
TLSPolicyStatus defines the observed state of TLSPolicy
func (*TLSPolicyStatus) DeepCopy ¶
func (in *TLSPolicyStatus) DeepCopy() *TLSPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicyStatus.
func (*TLSPolicyStatus) DeepCopyInto ¶
func (in *TLSPolicyStatus) DeepCopyInto(out *TLSPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TLSPolicyStatus) GetConditions ¶
func (s *TLSPolicyStatus) GetConditions() []metav1.Condition
type WhenPredicates ¶
type WhenPredicates []Predicate
func NewWhenPredicates ¶
func NewWhenPredicates(predicates ...string) WhenPredicates
func (WhenPredicates) DeepCopy ¶
func (in WhenPredicates) DeepCopy() WhenPredicates
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhenPredicates.
func (WhenPredicates) DeepCopyInto ¶
func (in WhenPredicates) DeepCopyInto(out *WhenPredicates)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (WhenPredicates) Extend ¶
func (w WhenPredicates) Extend(other WhenPredicates) WhenPredicates
func (WhenPredicates) Into ¶
func (w WhenPredicates) Into() []string