Documentation
¶
Overview ¶
Package v2alpha1 contains API Schema definitions for the gateway v2alpha1 API group +kubebuilder:object:generate=true +groupName=gateway.kyma-project.io
Index ¶
- Constants
- Variables
- func ConvertHttpMethodsToStrings(methods []HttpMethod) []string
- func FindServiceNamespace(apiRule *APIRule, rule Rule) (string, error)
- type APIRule
- type APIRuleList
- type APIRuleSpec
- type APIRuleStatus
- type CorsPolicy
- type ExtAuth
- type Host
- type HttpMethod
- type JwtAuthentication
- type JwtAuthorization
- type JwtConfig
- type JwtHeader
- type PodSelector
- type Request
- type Rule
- type Service
- type State
- type StringMatch
- type Timeout
Constants ¶
const ( Regex = "regex" Exact = "exact" Prefix = "prefix" )
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "gateway.kyma-project.io", Version: "v2alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
func ConvertHttpMethodsToStrings ¶
func ConvertHttpMethodsToStrings(methods []HttpMethod) []string
Types ¶
type APIRule ¶
type APIRule struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec APIRuleSpec `json:"spec,omitempty"`
Status APIRuleStatus `json:"status,omitempty"`
}
APIRule is the Schema for ApiRule APIs. +kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:resource:categories={kyma-api-gateway} +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.state" +kubebuilder:printcolumn:name="Hosts",type="string",JSONPath=".spec.hosts"
func (*APIRule) ConvertFrom ¶
func (apiRuleV2Alpha1 *APIRule) ConvertFrom(hub conversion.Hub) error
Converts from the Hub version (v1beta1) into this ApiRule (v2alpha1)
func (*APIRule) ConvertTo ¶
func (apiRuleV2Alpha1 *APIRule) ConvertTo(hub conversion.Hub) error
ConvertTo Converts this ApiRule (v2alpha1) to the Hub version (v1beta1)
func (*APIRule) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIRule.
func (*APIRule) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*APIRule) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type APIRuleList ¶
type APIRuleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []APIRule `json:"items"`
}
APIRuleList contains a list of ApiRule
func (*APIRuleList) DeepCopy ¶
func (in *APIRuleList) DeepCopy() *APIRuleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIRuleList.
func (*APIRuleList) DeepCopyInto ¶
func (in *APIRuleList) DeepCopyInto(out *APIRuleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*APIRuleList) DeepCopyObject ¶
func (in *APIRuleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type APIRuleSpec ¶
type APIRuleSpec struct {
// Specifies the URLs of the exposed service.
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=1
Hosts []*Host `json:"hosts"`
// Describes the service to expose.
// +optional
Service *Service `json:"service,omitempty"`
// Specifies the Istio Gateway to be used.
// +kubebuilder:validation:MaxLength=127
// +kubebuilder:validation:XValidation:rule=`self.matches('^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?/([a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)$')`,message="Gateway must be in the namespace/name format"
Gateway *string `json:"gateway"`
// Specifies CORS headers configuration that will be sent downstream
// +optional
CorsPolicy *CorsPolicy `json:"corsPolicy,omitempty"`
// Represents the array of Oathkeeper access rules to be applied.
// +kubebuilder:validation:MinItems=1
Rules []Rule `json:"rules"`
// +optional
Timeout *Timeout `json:"timeout,omitempty"`
}
APIRuleSpec defines the desired state of ApiRule.
func (*APIRuleSpec) DeepCopy ¶
func (in *APIRuleSpec) DeepCopy() *APIRuleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIRuleSpec.
func (*APIRuleSpec) DeepCopyInto ¶
func (in *APIRuleSpec) DeepCopyInto(out *APIRuleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type APIRuleStatus ¶
type APIRuleStatus struct {
LastProcessedTime metav1.Time `json:"lastProcessedTime,omitempty"`
// State signifies current state of APIRule.
// Value can be one of ("Ready", "Processing", "Error", "Deleting", "Warning").
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum=Processing;Deleting;Ready;Error;Warning
State State `json:"state"`
// Description of APIRule status
Description string `json:"description,omitempty"`
}
APIRuleStatus describes the observed state of ApiRule.
func (*APIRuleStatus) ApiRuleStatusVersion ¶
func (s *APIRuleStatus) ApiRuleStatusVersion() versions.Version
func (*APIRuleStatus) DeepCopy ¶
func (in *APIRuleStatus) DeepCopy() *APIRuleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIRuleStatus.
func (*APIRuleStatus) DeepCopyInto ¶
func (in *APIRuleStatus) DeepCopyInto(out *APIRuleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CorsPolicy ¶
type CorsPolicy struct {
AllowHeaders []string `json:"allowHeaders,omitempty"`
AllowMethods []string `json:"allowMethods,omitempty"`
AllowOrigins StringMatch `json:"allowOrigins,omitempty"`
AllowCredentials *bool `json:"allowCredentials,omitempty"`
ExposeHeaders []string `json:"exposeHeaders,omitempty"`
// +kubebuilder:validation:Minimum=1
MaxAge *uint64 `json:"maxAge,omitempty"`
}
CorsPolicy allows configuration of CORS headers received downstream. If this is not defined, the default values are applied. If CorsPolicy is configured, CORS headers received downstream will be only those defined on the APIRule
func (*CorsPolicy) DeepCopy ¶
func (in *CorsPolicy) DeepCopy() *CorsPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CorsPolicy.
func (*CorsPolicy) DeepCopyInto ¶
func (in *CorsPolicy) DeepCopyInto(out *CorsPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExtAuth ¶
type ExtAuth struct {
// Specifies the name of the external authorization handler.
// +kubebuilder:validation:MinItems=1
ExternalAuthorizers []string `json:"authorizers"`
// Specifies JWT configuration for the external authorization handler.
// +optional
Restrictions *JwtConfig `json:"restrictions,omitempty"`
}
ExtAuth contains configuration for paths that use external authorization.
func (*ExtAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtAuth.
func (*ExtAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Host ¶
type Host string
Host is the URL of the exposed service. We support lowercase RFC 1123 labels and FQDN. +kubebuilder:validation:MaxLength=255 +kubebuilder:validation:XValidation:rule=`self.matches('^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?)(?:(?:\\.[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?)*(?:\\.[a-z0-9]{2,63}))?$')`,message="Host must be a lowercase RFC 1123 label (must consist of lowercase alphanumeric characters or '-', and must start and end with an lowercase alphanumeric character) or a fully qualified domain name"
type HttpMethod ¶
type HttpMethod string
HttpMethod specifies the HTTP request method. The list of supported methods is defined in RFC 9910: HTTP Semantics and RFC 5789: PATCH Method for HTTP. +kubebuilder:validation:Enum=GET;HEAD;POST;PUT;DELETE;CONNECT;OPTIONS;TRACE;PATCH
type JwtAuthentication ¶
type JwtAuthentication struct {
Issuer string `json:"issuer"`
JwksUri string `json:"jwksUri"`
// +optional
FromHeaders []*JwtHeader `json:"fromHeaders,omitempty"`
// +optional
FromParams []string `json:"fromParams,omitempty"`
}
JwtAuthentication Config for Jwt Istio authentication
func (*JwtAuthentication) DeepCopy ¶
func (in *JwtAuthentication) DeepCopy() *JwtAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtAuthentication.
func (*JwtAuthentication) DeepCopyInto ¶
func (in *JwtAuthentication) DeepCopyInto(out *JwtAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JwtAuthorization ¶
type JwtAuthorization struct {
// +optional
RequiredScopes []string `json:"requiredScopes,omitempty"`
// +optional
Audiences []string `json:"audiences,omitempty"`
}
JwtAuthorization contains scopes and audiences required for the JWT token.
func (*JwtAuthorization) DeepCopy ¶
func (in *JwtAuthorization) DeepCopy() *JwtAuthorization
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtAuthorization.
func (*JwtAuthorization) DeepCopyInto ¶
func (in *JwtAuthorization) DeepCopyInto(out *JwtAuthorization)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*JwtAuthorization) HasRequiredScopes ¶
func (a *JwtAuthorization) HasRequiredScopes() bool
type JwtConfig ¶
type JwtConfig struct {
Authentications []*JwtAuthentication `json:"authentications,omitempty"`
Authorizations []*JwtAuthorization `json:"authorizations,omitempty"`
}
JwtConfig is the configuration for the Istio JWT authentication and authorization. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*JwtConfig) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtConfig.
func (*JwtConfig) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*JwtConfig) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*JwtConfig) GetObjectKind ¶
func (j *JwtConfig) GetObjectKind() schema.ObjectKind
type JwtHeader ¶
type JwtHeader struct {
Name string `json:"name"`
// +optional
Prefix string `json:"prefix,omitempty"`
}
JwtHeader for specifying from header for the Jwt token
func (*JwtHeader) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtHeader.
func (*JwtHeader) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PodSelector ¶
type PodSelector struct {
Selector *apiv1beta1.WorkloadSelector
Namespace string
}
PodSelector represents a service workload selector for a pod and the namespace of the service. +k8s:deepcopy-gen=false
func GetSelectorFromService ¶
type Request ¶
type Request struct {
// Cookies allow modifying the request cookies before it is forwarded to the service.
// +optional
Cookies map[string]string `json:"cookies,omitempty"`
// Headers allow modifying the request headers before it is forwarded to the service.
// +optional
Headers map[string]string `json:"headers,omitempty"`
}
func (*Request) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Request.
func (*Request) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Rule ¶
type Rule struct {
// Specifies the path on which the service is exposed.
// Supported configurations are:
// - Exact path (e.g. /abc) - matches the specified path exactly.
// - Usage of the `{*}` operator (e.g. `/foo/{*}` or `/foo/{*}/bar`) -
// match any request that matches the pattern with exactly one path segment in the operator's place.
// - Usage of the `{**}` operator (e.g. `/foo/{**}` or `/foo/{**}/bar`) -
// match any request that matches the pattern with zero or more path segments in the operator's place.
// The `{**}` operator must be the last operator in the path.
// - Wildcard path `/*` - matches all paths. Equivalent to `/{**}` path.
//
// +kubebuilder:validation:Pattern=`^((\/[\w\.~\-]*)|(\/\{\*{1,2}\}))+$|^\/\*$`
Path string `json:"path"`
// Describes the service to expose. Overwrites the **spec** level service if defined.
// +optional
Service *Service `json:"service,omitempty"`
// Represents the list of allowed HTTP request methods available for the **spec.rules.path**.
// +kubebuilder:validation:MinItems=1
Methods []HttpMethod `json:"methods"`
// Disables authorization when set to true.
// +optional
NoAuth *bool `json:"noAuth"`
// Specifies the Istio JWT access strategy.
// +optional
Jwt *JwtConfig `json:"jwt,omitempty"`
// Specifies external authorization configuration.
// +optional
ExtAuth *ExtAuth `json:"extAuth,omitempty"`
// +optional
Timeout *Timeout `json:"timeout,omitempty"`
// Request allows modifying the request before it is forwarded to the service.
// +optional
Request *Request `json:"request,omitempty"`
}
Rule . +kubebuilder:validation:XValidation:rule="((has(self.extAuth)?1:0)+(has(self.jwt)?1:0)+((has(self.noAuth)&&self.noAuth==true)?1:0))==1",message="One of the following fields must be set: noAuth, jwt, extAuth"
func (*Rule) AppliesToAllPaths ¶
AppliesToAllPaths returns true if the rule applies to all paths of the service.
func (*Rule) ContainsAccessStrategyJwt ¶
func (*Rule) ContainsNoAuth ¶
func (*Rule) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.
func (*Rule) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Service ¶
type Service struct {
// Specifies the name of the exposed service.
Name *string `json:"name"`
// Specifies the Namespace of the exposed service. If not defined, it defaults to the APIRule Namespace.
// +kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
// +optional
Namespace *string `json:"namespace,omitempty"`
// Specifies the communication port of the exposed service.
// +kubebuilder:validation:Minimum=1
// +kubebuilder:validation:Maximum=65535
Port *uint32 `json:"port"`
// Specifies if the service is internal (in cluster) or external.
// +optional
IsExternal *bool `json:"external,omitempty"`
}
Service .
func (*Service) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Service.
func (*Service) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type StringMatch ¶
func (StringMatch) DeepCopy ¶
func (in StringMatch) DeepCopy() StringMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch.
func (StringMatch) DeepCopyInto ¶
func (in StringMatch) DeepCopyInto(out *StringMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (StringMatch) ToIstioStringMatchArray ¶
func (s StringMatch) ToIstioStringMatchArray() (out []*v1beta1.StringMatch)
type Timeout ¶
type Timeout uint16 // We use unit16 instead of a time.Duration because there is a bug with duration that requires additional validation of the format. Issue: checking https://github.com/kubernetes/apiextensions-apiserver/issues/56
Timeout for HTTP requests in seconds. The timeout can be configured up to 3900 seconds (65 minutes). +kubebuilder:validation:Minimum=1 +kubebuilder:validation:Maximum=3900
Source Files