Documentation
¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the projectcontour.io v1alpha1 API group
+kubebuilder:object:generate=true +k8s:deepcopy-gen=package +groupName=projectcontour.io
Index ¶
- Constants
- Variables
- func ValidateTLSProtocolVersions(min, max string) error
- type AccessLogFormatString
- type AccessLogJSONFields
- type AccessLogLevel
- type AccessLogType
- type ClusterDNSFamilyType
- type ClusterParameters
- type ContourConfiguration
- type ContourConfigurationList
- type ContourConfigurationSpec
- type ContourConfigurationStatus
- type ContourDeployment
- type ContourDeploymentList
- type ContourDeploymentSpec
- type ContourDeploymentStatus
- type ContourSettings
- type CustomTag
- type DaemonSetSettings
- type DebugConfig
- type DeploymentSettings
- type EnvoyConfig
- type EnvoyListener
- type EnvoyListenerConfig
- type EnvoyLogging
- type EnvoySettings
- type EnvoyTLS
- type ExtensionProtocolVersion
- type ExtensionService
- type ExtensionServiceList
- type ExtensionServiceSpec
- type ExtensionServiceStatus
- type ExtensionServiceTarget
- type FeatureFlags
- type GatewayConfig
- type GlobalCircuitBreakerDefaults
- type HTTPProxyConfig
- type HTTPVersionType
- type HeadersPolicy
- type HealthConfig
- type IngressConfig
- type LogLevel
- type MetricsConfig
- type MetricsTLS
- type NamespacedName
- type NetworkParameters
- type NetworkPublishing
- type NetworkPublishingType
- type NodePlacement
- type PolicyConfig
- type RateLimitServiceConfig
- type ServerHeaderTransformationType
- type SocketOptions
- type TLS
- type TimeoutParameters
- type TracingConfig
- type WorkloadType
- type XDSServerConfig
- type XDSServerType
Constants ¶
View Source
const ( // A Kubernetes daemonset. WorkloadTypeDaemonSet = "DaemonSet" // A Kubernetes deployment. WorkloadTypeDeployment = "Deployment" )
View Source
const DefaultAccessLogType = EnvoyAccessLog
DefaultAccessLogType is the default access log format.
Variables ¶
View Source
var ( ExtensionServiceGVR = GroupVersion.WithResource("extensionservices") ContourConfigurationGVR = GroupVersion.WithResource("contourconfigurations") ContourDeploymentGVR = GroupVersion.WithResource("contourdeployments") )
View Source
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "projectcontour.io", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
View Source
var DefaultAccessLogJSONFields = AccessLogJSONFields([]string{
"@timestamp",
"authority",
"bytes_received",
"bytes_sent",
"downstream_local_address",
"downstream_remote_address",
"duration",
"method",
"path",
"protocol",
"request_id",
"requested_server_name",
"response_code",
"response_flags",
"uber_trace_id",
"upstream_cluster",
"upstream_host",
"upstream_local_address",
"upstream_service_time",
"user_agent",
"x_forwarded_for",
"grpc_status",
"grpc_status_number",
})
DefaultAccessLogJSONFields are fields that will be included by default when JSON logging is enabled.
View Source
var DefaultTLSCiphers = []string{
"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]",
"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
}
DefaultTLSCiphers contains the list of default ciphers used by Contour. A handful are commented out, as they're arguably less secure. They're also unnecessary - most of the clients that might need to use the commented ciphers are unable to connect without TLS 1.0, which contour never enables.
This list is ignored if the client and server negotiate TLS 1.3.
The commented ciphers are left in place to simplify updating this list for future versions of envoy.
View Source
var ValidTLSCiphers = map[string]struct{}{
"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]": {},
"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]": {},
"ECDHE-ECDSA-AES128-GCM-SHA256": {},
"ECDHE-RSA-AES128-GCM-SHA256": {},
"ECDHE-ECDSA-AES128-SHA": {},
"ECDHE-RSA-AES128-SHA": {},
"AES128-GCM-SHA256": {},
"AES128-SHA": {},
"ECDHE-ECDSA-AES256-GCM-SHA384": {},
"ECDHE-RSA-AES256-GCM-SHA384": {},
"ECDHE-ECDSA-AES256-SHA": {},
"ECDHE-RSA-AES256-SHA": {},
"AES256-GCM-SHA384": {},
"AES256-SHA": {},
}
ValidTLSCiphers contains the list of TLS ciphers that Envoy supports See: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters Note: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS.
Functions ¶
func ValidateTLSProtocolVersions ¶ added in v1.26.0
Types ¶
type AccessLogFormatString ¶ added in v1.22.0
type AccessLogFormatString string
func (AccessLogFormatString) Validate ¶ added in v1.22.0
func (s AccessLogFormatString) Validate() error
type AccessLogJSONFields ¶ added in v1.22.0
type AccessLogJSONFields []string
func (AccessLogJSONFields) AsFieldMap ¶ added in v1.22.0
func (a AccessLogJSONFields) AsFieldMap() map[string]string
func (AccessLogJSONFields) DeepCopy ¶ added in v1.22.0
func (in AccessLogJSONFields) DeepCopy() AccessLogJSONFields
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLogJSONFields.
func (AccessLogJSONFields) DeepCopyInto ¶ added in v1.22.0
func (in AccessLogJSONFields) DeepCopyInto(out *AccessLogJSONFields)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (AccessLogJSONFields) Validate ¶ added in v1.22.0
func (a AccessLogJSONFields) Validate() error
type AccessLogLevel ¶ added in v1.21.0
type AccessLogLevel string
const ( // Log all requests. This is the default. LogLevelInfo AccessLogLevel = "info" // Log only requests that result in a non-success (i.e. 300+) response code LogLevelError AccessLogLevel = "error" // Log only requests that result in an server error (i.e. 500+) response code. LogLevelCritical AccessLogLevel = "critical" // Disable the access log. LogLevelDisabled AccessLogLevel = "disabled" )
func (AccessLogLevel) Validate ¶ added in v1.21.0
func (a AccessLogLevel) Validate() error
type AccessLogType ¶ added in v1.19.0
type AccessLogType string
AccessLogType is the name of a supported access logging mechanism.
const ( // Set the Envoy access logging to Envoy's standard format. // Can be customized using `accessLogFormatString`. EnvoyAccessLog AccessLogType = "envoy" // Set the Envoy access logging to a JSON format. // Can be customized using `jsonFields`. JSONAccessLog AccessLogType = "json" )
func (AccessLogType) Validate ¶ added in v1.19.0
func (a AccessLogType) Validate() error
type ClusterDNSFamilyType ¶ added in v1.19.0
type ClusterDNSFamilyType string
ClusterDNSFamilyType is the Ip family to use for resolving DNS names in an Envoy cluster config.
const ( // DNS lookups will do a v6 lookup first, followed by a v4 if that fails. AutoClusterDNSFamily ClusterDNSFamilyType = "auto" // DNS lookups will only attempt v4 queries. IPv4ClusterDNSFamily ClusterDNSFamilyType = "v4" // DNS lookups will only attempt v6 queries. IPv6ClusterDNSFamily ClusterDNSFamilyType = "v6" // DNS lookups will attempt both v4 and v6 queries. AllClusterDNSFamily ClusterDNSFamilyType = "all" )
func (ClusterDNSFamilyType) Validate ¶ added in v1.21.0
func (d ClusterDNSFamilyType) Validate() error
type ClusterParameters ¶ added in v1.19.0
type ClusterParameters struct {
// DNSLookupFamily defines how external names are looked up
// When configured as V4, the DNS resolver will only perform a lookup
// for addresses in the IPv4 family. If V6 is configured, the DNS resolver
// will only perform a lookup for addresses in the IPv6 family.
// If AUTO is configured, the DNS resolver will first perform a lookup
// for addresses in the IPv6 family and fallback to a lookup for addresses
// in the IPv4 family. If ALL is specified, the DNS resolver will perform a lookup for
// both IPv4 and IPv6 families, and return all resolved addresses.
// When this is used, Happy Eyeballs will be enabled for upstream connections.
// Refer to Happy Eyeballs Support for more information.
// Note: This only applies to externalName clusters.
//
// See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily
// for more information.
//
// Values: `auto` (default), `v4`, `v6`, `all`.
//
// Other values will produce an error.
// +optional
DNSLookupFamily ClusterDNSFamilyType `json:"dnsLookupFamily,omitempty"`
// Defines the maximum requests for upstream connections. If not specified, there is no limit.
// see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions
// for more information.
//
// +kubebuilder:validation:Minimum=1
// +optional
MaxRequestsPerConnection *uint32 `json:"maxRequestsPerConnection,omitempty"`
// Defines the soft limit on size of the cluster’s new connection read and write buffers in bytes.
// If unspecified, an implementation defined default is applied (1MiB).
// see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes
// for more information.
//
// +kubebuilder:validation:Minimum=1
// +optional
PerConnectionBufferLimitBytes *uint32 `json:"per-connection-buffer-limit-bytes,omitempty"`
// GlobalCircuitBreakerDefaults specifies default circuit breaker budget across all services.
// If defined, this will be used as the default for all services.
//
// +optional
GlobalCircuitBreakerDefaults *GlobalCircuitBreakerDefaults `json:"circuitBreakers,omitempty"`
// UpstreamTLS contains the TLS policy parameters for upstream connections
//
// +optional
UpstreamTLS *EnvoyTLS `json:"upstreamTLS,omitempty"`
}
ClusterParameters holds various configurable cluster values.
func (*ClusterParameters) DeepCopy ¶ added in v1.19.0
func (in *ClusterParameters) DeepCopy() *ClusterParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterParameters.
func (*ClusterParameters) DeepCopyInto ¶ added in v1.19.0
func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ContourConfiguration ¶ added in v1.19.0
type ContourConfiguration struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ContourConfigurationSpec `json:"spec"`
// +optional
Status ContourConfigurationStatus `json:"status,omitempty"`
}
ContourConfiguration is the schema for a Contour instance.
func (*ContourConfiguration) DeepCopy ¶ added in v1.19.0
func (in *ContourConfiguration) DeepCopy() *ContourConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContourConfiguration.
func (*ContourConfiguration) DeepCopyInto ¶ added in v1.19.0
func (in *ContourConfiguration) DeepCopyInto(out *ContourConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ContourConfiguration) DeepCopyObject ¶ added in v1.19.0
func (in *ContourConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ContourConfigurationList ¶ added in v1.19.0
type ContourConfigurationList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ContourConfiguration `json:"items"`
}
ContourConfigurationList contains a list of Contour configuration resources.
func (*ContourConfigurationList) DeepCopy ¶ added in v1.19.0
func (in *ContourConfigurationList) DeepCopy() *ContourConfigurationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContourConfigurationList.
func (*ContourConfigurationList) DeepCopyInto ¶ added in v1.19.0
func (in *ContourConfigurationList) DeepCopyInto(out *ContourConfigurationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ContourConfigurationList) DeepCopyObject ¶ added in v1.19.0
func (in *ContourConfigurationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ContourConfigurationSpec ¶ added in v1.19.0
type ContourConfigurationSpec struct {
// XDSServer contains parameters for the xDS server.
// +optional
XDSServer *XDSServerConfig `json:"xdsServer,omitempty"`
// Ingress contains parameters for ingress options.
// +optional
Ingress *IngressConfig `json:"ingress,omitempty"`
// Debug contains parameters to enable debug logging
// and debug interfaces inside Contour.
// +optional
Debug *DebugConfig `json:"debug,omitempty"`
// Health defines the endpoints Contour uses to serve health checks.
//
// Contour's default is { address: "0.0.0.0", port: 8000 }.
// +optional
Health *HealthConfig `json:"health,omitempty"`
// Envoy contains parameters for Envoy as well
// as how to optionally configure a managed Envoy fleet.
// +optional
Envoy *EnvoyConfig `json:"envoy,omitempty"`
// Gateway contains parameters for the gateway-api Gateway that Contour
// is configured to serve traffic.
// +optional
Gateway *GatewayConfig `json:"gateway,omitempty"`
// HTTPProxy defines parameters on HTTPProxy.
// +optional
HTTPProxy *HTTPProxyConfig `json:"httpproxy,omitempty"`
// EnableExternalNameService allows processing of ExternalNameServices
//
// Contour's default is false for security reasons.
// +optional
EnableExternalNameService *bool `json:"enableExternalNameService,omitempty"`
// GlobalExternalAuthorization allows envoys external authorization filter
// to be enabled for all virtual hosts.
// +optional
GlobalExternalAuthorization *contour_api_v1.AuthorizationServer `json:"globalExtAuth,omitempty"`
// RateLimitService optionally holds properties of the Rate Limit Service
// to be used for global rate limiting.
// +optional
RateLimitService *RateLimitServiceConfig `json:"rateLimitService,omitempty"`
// Policy specifies default policy applied if not overridden by the user
// +optional
Policy *PolicyConfig `json:"policy,omitempty"`
// Metrics defines the endpoint Contour uses to serve metrics.
//
// Contour's default is { address: "0.0.0.0", port: 8000 }.
// +optional
Metrics *MetricsConfig `json:"metrics,omitempty"`
// Tracing defines properties for exporting trace data to OpenTelemetry.
Tracing *TracingConfig `json:"tracing,omitempty"`
// FeatureFlags defines toggle to enable new contour features.
// Available toggles are:
// useEndpointSlices - configures contour to fetch endpoint data
// from k8s endpoint slices. defaults to false and reading endpoint
// data from the k8s endpoints.
FeatureFlags FeatureFlags `json:"featureFlags,omitempty"`
}
ContourConfigurationSpec represents a configuration of a Contour controller. It contains most of all the options that can be customized, the other remaining options being command line flags.
func (*ContourConfigurationSpec) DeepCopy ¶ added in v1.19.0
func (in *ContourConfigurationSpec) DeepCopy() *ContourConfigurationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContourConfigurationSpec.
func (*ContourConfigurationSpec) DeepCopyInto ¶ added in v1.19.0
func (in *ContourConfigurationSpec) DeepCopyInto(out *ContourConfigurationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ContourConfigurationSpec) Validate ¶ added in v1.20.0
func (c *ContourConfigurationSpec) Validate() error
Validate configuration that is not already covered by CRD validation.
type ContourConfigurationStatus ¶ added in v1.19.0
type ContourConfigurationStatus struct {
// Conditions contains the current status of the Contour resource.
//
// Contour will update a single condition, `Valid`, that is in normal-true polarity.
//
// Contour will not modify any other Conditions set in this block,
// in case some other controller wants to add a Condition.
//
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
// +listType=map
// +listMapKey=type
Conditions []contour_api_v1.DetailedCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}
ContourConfigurationStatus defines the observed state of a ContourConfiguration resource.
func (*ContourConfigurationStatus) DeepCopy ¶ added in v1.19.0
func (in *ContourConfigurationStatus) DeepCopy() *ContourConfigurationStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContourConfigurationStatus.
func (*ContourConfigurationStatus) DeepCopyInto ¶ added in v1.19.0
func (in *ContourConfigurationStatus) DeepCopyInto(out *ContourConfigurationStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ContourDeployment ¶ added in v1.19.0
type ContourDeployment struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ContourDeploymentSpec `json:"spec,omitempty"`
Status ContourDeploymentStatus `json:"status,omitempty"`
}
ContourDeployment is the schema for a Contour Deployment.
func (*ContourDeployment) DeepCopy ¶ added in v1.19.0
func (in *ContourDeployment) DeepCopy() *ContourDeployment
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContourDeployment.
func (*ContourDeployment) DeepCopyInto ¶ added in v1.19.0
func (in *ContourDeployment) DeepCopyInto(out *ContourDeployment)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ContourDeployment) DeepCopyObject ¶ added in v1.19.0
func (in *ContourDeployment) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ContourDeploymentList ¶ added in v1.19.0
type ContourDeploymentList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ContourDeployment `json:"items"`
}
ContourDeploymentList contains a list of Contour Deployment resources.
func (*ContourDeploymentList) DeepCopy ¶ added in v1.19.0
func (in *ContourDeploymentList) DeepCopy() *ContourDeploymentList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContourDeploymentList.
func (*ContourDeploymentList) DeepCopyInto ¶ added in v1.19.0
func (in *ContourDeploymentList) DeepCopyInto(out *ContourDeploymentList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ContourDeploymentList) DeepCopyObject ¶ added in v1.19.0
func (in *ContourDeploymentList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ContourDeploymentSpec ¶ added in v1.19.0
type ContourDeploymentSpec struct {
// Contour specifies deployment-time settings for the Contour
// part of the installation, i.e. the xDS server/control plane
// and associated resources, including things like replica count
// for the Deployment, and node placement constraints for the pods.
//
// +optional
Contour *ContourSettings `json:"contour,omitempty"`
// Envoy specifies deployment-time settings for the Envoy
// part of the installation, i.e. the xDS client/data plane
// and associated resources, including things like the workload
// type to use (DaemonSet or Deployment), node placement constraints
// for the pods, and various options for the Envoy service.
//
// +optional
Envoy *EnvoySettings `json:"envoy,omitempty"`
// RuntimeSettings is a ContourConfiguration spec to be used when
// provisioning a Contour instance that will influence aspects of
// the Contour instance's runtime behavior.
//
// +optional
RuntimeSettings *ContourConfigurationSpec `json:"runtimeSettings,omitempty"`
// ResourceLabels is a set of labels to add to the provisioned Contour resources.
//
// Deprecated: use Gateway.Spec.Infrastructure.Labels instead. This field will be
// removed in a future release.
// +optional
ResourceLabels map[string]string `json:"resourceLabels,omitempty"`
}
ContourDeploymentSpec specifies options for how a Contour instance should be provisioned.
func (*ContourDeploymentSpec) DeepCopy ¶ added in v1.19.0
func (in *ContourDeploymentSpec) DeepCopy() *ContourDeploymentSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContourDeploymentSpec.
func (*ContourDeploymentSpec) DeepCopyInto ¶ added in v1.19.0
func (in *ContourDeploymentSpec) DeepCopyInto(out *ContourDeploymentSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ContourDeploymentStatus ¶ added in v1.19.0
type ContourDeploymentStatus struct {
// Conditions describe the current conditions of the ContourDeployment resource.
//
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}
ContourDeploymentStatus defines the observed state of a ContourDeployment resource.
func (*ContourDeploymentStatus) DeepCopy ¶ added in v1.19.0
func (in *ContourDeploymentStatus) DeepCopy() *ContourDeploymentStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContourDeploymentStatus.
func (*ContourDeploymentStatus) DeepCopyInto ¶ added in v1.19.0
func (in *ContourDeploymentStatus) DeepCopyInto(out *ContourDeploymentStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ContourSettings ¶ added in v1.21.0
type ContourSettings struct {
// Deprecated: Use `DeploymentSettings.Replicas` instead.
//
// Replicas is the desired number of Contour replicas. If if unset,
// defaults to 2.
//
// if both `DeploymentSettings.Replicas` and this one is set, use `DeploymentSettings.Replicas`.
//
// +kubebuilder:validation:Minimum=0
// +optional
Replicas int32 `json:"replicas,omitempty"`
// NodePlacement describes node scheduling configuration of Contour pods.
//
// +optional
NodePlacement *NodePlacement `json:"nodePlacement,omitempty"`
// KubernetesLogLevel Enable Kubernetes client debug logging with log level. If unset,
// defaults to 0.
//
// +kubebuilder:validation:Minimum=0
// +kubebuilder:validation:Maximum=9
// +optional
KubernetesLogLevel uint8 `json:"kubernetesLogLevel,omitempty"`
// LogLevel sets the log level for Contour
// Allowed values are "info", "debug".
//
// +optional
LogLevel LogLevel `json:"logLevel,omitempty"`
// Compute Resources required by contour container.
// Cannot be updated.
// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
// +optional
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
// Deployment describes the settings for running contour as a `Deployment`.
// +optional
Deployment *DeploymentSettings `json:"deployment,omitempty"`
// PodAnnotations defines annotations to add to the Contour pods.
// the annotations for Prometheus will be appended or overwritten with predefined value.
// +optional
PodAnnotations map[string]string `json:"podAnnotations,omitempty"`
// WatchNamespaces is an array of namespaces. Setting it will instruct the contour instance
// to only watch this subset of namespaces.
// +optional
// +kubebuilder:validation:Type=array
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=42
WatchNamespaces []contour_api_v1.Namespace `json:"watchNamespaces,omitempty"`
// DisabledFeatures defines an array of resources that will be ignored by
// contour reconciler.
// +optional
// +kubebuilder:validation:Type=array
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=42
DisabledFeatures []contour_api_v1.Feature `json:"disabledFeatures,omitempty"`
}
ContourSettings contains settings for the Contour part of the installation, i.e. the xDS server/control plane and associated resources.
func (*ContourSettings) DeepCopy ¶ added in v1.21.0
func (in *ContourSettings) DeepCopy() *ContourSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContourSettings.
func (*ContourSettings) DeepCopyInto ¶ added in v1.21.0
func (in *ContourSettings) DeepCopyInto(out *ContourSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomTag ¶ added in v1.25.0
type CustomTag struct {
// TagName is the unique name of the custom tag.
TagName string `json:"tagName"`
// Literal is a static custom tag value.
// Precisely one of Literal, RequestHeaderName must be set.
// +optional
Literal string `json:"literal,omitempty"`
// RequestHeaderName indicates which request header
// the label value is obtained from.
// Precisely one of Literal, RequestHeaderName must be set.
// +optional
RequestHeaderName string `json:"requestHeaderName,omitempty"`
}
CustomTag defines custom tags with unique tag name to create tags for the active span.
func (*CustomTag) DeepCopy ¶ added in v1.25.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomTag.
func (*CustomTag) DeepCopyInto ¶ added in v1.25.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DaemonSetSettings ¶ added in v1.24.0
type DaemonSetSettings struct {
// Strategy describes the deployment strategy to use to replace existing DaemonSet pods with new pods.
// +optional
UpdateStrategy *appsv1.DaemonSetUpdateStrategy `json:"updateStrategy,omitempty"`
}
DaemonSetSettings contains settings for DaemonSet resources.
func (*DaemonSetSettings) DeepCopy ¶ added in v1.24.0
func (in *DaemonSetSettings) DeepCopy() *DaemonSetSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DaemonSetSettings.
func (*DaemonSetSettings) DeepCopyInto ¶ added in v1.24.0
func (in *DaemonSetSettings) DeepCopyInto(out *DaemonSetSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DebugConfig ¶ added in v1.19.0
type DebugConfig struct {
// Defines the Contour debug address interface.
//
// Contour's default is "127.0.0.1".
// +optional
Address string `json:"address,omitempty"`
// Defines the Contour debug address port.
//
// Contour's default is 6060.
// +optional
Port int `json:"port,omitempty"`
}
DebugConfig contains Contour specific troubleshooting options.
func (*DebugConfig) DeepCopy ¶ added in v1.19.0
func (in *DebugConfig) DeepCopy() *DebugConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DebugConfig.
func (*DebugConfig) DeepCopyInto ¶ added in v1.19.0
func (in *DebugConfig) DeepCopyInto(out *DebugConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DeploymentSettings ¶ added in v1.24.0
type DeploymentSettings struct {
// Replicas is the desired number of replicas.
//
// +kubebuilder:validation:Minimum=0
Replicas int32 `json:"replicas,omitempty"`
// Strategy describes the deployment strategy to use to replace existing pods with new pods.
// +optional
Strategy *appsv1.DeploymentStrategy `json:"strategy,omitempty"`
}
DeploymentSettings contains settings for Deployment resources.
func (*DeploymentSettings) DeepCopy ¶ added in v1.24.0
func (in *DeploymentSettings) DeepCopy() *DeploymentSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentSettings.
func (*DeploymentSettings) DeepCopyInto ¶ added in v1.24.0
func (in *DeploymentSettings) DeepCopyInto(out *DeploymentSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyConfig ¶ added in v1.19.0
type EnvoyConfig struct {
// Listener hold various configurable Envoy listener values.
// +optional
Listener *EnvoyListenerConfig `json:"listener,omitempty"`
// Service holds Envoy service parameters for setting Ingress status.
//
// Contour's default is { namespace: "projectcontour", name: "envoy" }.
// +optional
Service *NamespacedName `json:"service,omitempty"`
// Defines the HTTP Listener for Envoy.
//
// Contour's default is { address: "0.0.0.0", port: 8080, accessLog: "/dev/stdout" }.
// +optional
HTTPListener *EnvoyListener `json:"http,omitempty"`
// Defines the HTTPS Listener for Envoy.
//
// Contour's default is { address: "0.0.0.0", port: 8443, accessLog: "/dev/stdout" }.
// +optional
HTTPSListener *EnvoyListener `json:"https,omitempty"`
// Health defines the endpoint Envoy uses to serve health checks.
//
// Contour's default is { address: "0.0.0.0", port: 8002 }.
// +optional
Health *HealthConfig `json:"health,omitempty"`
// Metrics defines the endpoint Envoy uses to serve metrics.
//
// Contour's default is { address: "0.0.0.0", port: 8002 }.
// +optional
Metrics *MetricsConfig `json:"metrics,omitempty"`
// ClientCertificate defines the namespace/name of the Kubernetes
// secret containing the client certificate and private key
// to be used when establishing TLS connection to upstream
// cluster.
// +optional
ClientCertificate *NamespacedName `json:"clientCertificate,omitempty"`
// Logging defines how Envoy's logs can be configured.
// +optional
Logging *EnvoyLogging `json:"logging,omitempty"`
// DefaultHTTPVersions defines the default set of HTTPS
// versions the proxy should accept. HTTP versions are
// strings of the form "HTTP/xx". Supported versions are
// "HTTP/1.1" and "HTTP/2".
//
// Values: `HTTP/1.1`, `HTTP/2` (default: both).
//
// Other values will produce an error.
// +optional
DefaultHTTPVersions []HTTPVersionType `json:"defaultHTTPVersions,omitempty"`
// Timeouts holds various configurable timeouts that can
// be set in the config file.
// +optional
Timeouts *TimeoutParameters `json:"timeouts,omitempty"`
// Cluster holds various configurable Envoy cluster values that can
// be set in the config file.
// +optional
Cluster *ClusterParameters `json:"cluster,omitempty"`
// Network holds various configurable Envoy network values.
// +optional
Network *NetworkParameters `json:"network,omitempty"`
}
EnvoyConfig defines how Envoy is to be Configured from Contour.
func (*EnvoyConfig) DeepCopy ¶ added in v1.19.0
func (in *EnvoyConfig) DeepCopy() *EnvoyConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyConfig.
func (*EnvoyConfig) DeepCopyInto ¶ added in v1.19.0
func (in *EnvoyConfig) DeepCopyInto(out *EnvoyConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyConfig) Validate ¶ added in v1.20.0
func (e *EnvoyConfig) Validate() error
Validate configuration that cannot be handled with CRD validation.
type EnvoyListener ¶ added in v1.19.0
type EnvoyListener struct {
// Defines an Envoy Listener Address.
// +kubebuilder:validation:MinLength=1
// +optional
Address string `json:"address,omitempty"`
// Defines an Envoy listener Port.
// +optional
Port int `json:"port,omitempty"`
// AccessLog defines where Envoy logs are outputted for this listener.
// +optional
AccessLog string `json:"accessLog,omitempty"`
}
EnvoyListener defines parameters for an Envoy Listener.
func (*EnvoyListener) DeepCopy ¶ added in v1.19.0
func (in *EnvoyListener) DeepCopy() *EnvoyListener
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyListener.
func (*EnvoyListener) DeepCopyInto ¶ added in v1.19.0
func (in *EnvoyListener) DeepCopyInto(out *EnvoyListener)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyListenerConfig ¶ added in v1.19.0
type EnvoyListenerConfig struct {
// Use PROXY protocol for all listeners.
//
// Contour's default is false.
// +optional
UseProxyProto *bool `json:"useProxyProtocol,omitempty"`
// DisableAllowChunkedLength disables the RFC-compliant Envoy behavior to
// strip the "Content-Length" header if "Transfer-Encoding: chunked" is
// also set. This is an emergency off-switch to revert back to Envoy's
// default behavior in case of failures. Please file an issue if failures
// are encountered.
// See: https://github.com/projectcontour/contour/issues/3221
//
// Contour's default is false.
// +optional
DisableAllowChunkedLength *bool `json:"disableAllowChunkedLength,omitempty"`
// DisableMergeSlashes disables Envoy's non-standard merge_slashes path transformation option
// which strips duplicate slashes from request URL paths.
//
// Contour's default is false.
// +optional
DisableMergeSlashes *bool `json:"disableMergeSlashes,omitempty"`
// Defines the action to be applied to the Server header on the response path.
// When configured as overwrite, overwrites any Server header with "envoy".
// When configured as append_if_absent, if a Server header is present, pass it through, otherwise set it to "envoy".
// When configured as pass_through, pass through the value of the Server header, and do not append a header if none is present.
//
// Values: `overwrite` (default), `append_if_absent`, `pass_through`
//
// Other values will produce an error.
// Contour's default is overwrite.
// +optional
ServerHeaderTransformation ServerHeaderTransformationType `json:"serverHeaderTransformation,omitempty"`
// ConnectionBalancer. If the value is exact, the listener will use the exact connection balancer
// See https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto#envoy-api-msg-listener-connectionbalanceconfig
// for more information.
//
// Values: (empty string): use the default ConnectionBalancer, `exact`: use the Exact ConnectionBalancer.
//
// Other values will produce an error.
// +optional
ConnectionBalancer string `json:"connectionBalancer,omitempty"`
// Defines the maximum requests for downstream connections. If not specified, there is no limit.
// see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions
// for more information.
//
// +kubebuilder:validation:Minimum=1
// +optional
MaxRequestsPerConnection *uint32 `json:"maxRequestsPerConnection,omitempty"`
// Defines the soft limit on size of the listener’s new connection read and write buffers in bytes.
// If unspecified, an implementation defined default is applied (1MiB).
// see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-per-connection-buffer-limit-bytes
// for more information.
//
// +kubebuilder:validation:Minimum=1
// +optional
PerConnectionBufferLimitBytes *uint32 `json:"per-connection-buffer-limit-bytes,omitempty"`
// TLS holds various configurable Envoy TLS listener values.
// +optional
TLS *EnvoyTLS `json:"tls,omitempty"`
// SocketOptions defines configurable socket options for the listeners.
// Single set of options are applied to all listeners.
// +optional
SocketOptions *SocketOptions `json:"socketOptions,omitempty"`
// Defines the limit on number of HTTP requests that Envoy will process from a single
// connection in a single I/O cycle. Requests over this limit are processed in subsequent
// I/O cycles. Can be used as a mitigation for CVE-2023-44487 when abusive traffic is
// detected. Configures the http.max_requests_per_io_cycle Envoy runtime setting. The default
// value when this is not set is no limit.
//
// +kubebuilder:validation:Minimum=1
// +optional
MaxRequestsPerIOCycle *uint32 `json:"maxRequestsPerIOCycle,omitempty"`
// Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS Envoy will advertise in the
// SETTINGS frame in HTTP/2 connections and the limit for concurrent streams allowed
// for a peer on a single HTTP/2 connection. It is recommended to not set this lower
// than 100 but this field can be used to bound resource usage by HTTP/2 connections
// and mitigate attacks like CVE-2023-44487. The default value when this is not set is
// unlimited.
//
// +kubebuilder:validation:Minimum=1
// +optional
HTTP2MaxConcurrentStreams *uint32 `json:"httpMaxConcurrentStreams,omitempty"`
// Defines the limit on number of active connections to a listener. The limit is applied
// per listener. The default value when this is not set is unlimited.
//
// +kubebuilder:validation:Minimum=1
// +optional
MaxConnectionsPerListener *uint32 `json:"maxConnectionsPerListener,omitempty"`
}
EnvoyListenerConfig hold various configurable Envoy listener values.
func (*EnvoyListenerConfig) DeepCopy ¶ added in v1.19.0
func (in *EnvoyListenerConfig) DeepCopy() *EnvoyListenerConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyListenerConfig.
func (*EnvoyListenerConfig) DeepCopyInto ¶ added in v1.19.0
func (in *EnvoyListenerConfig) DeepCopyInto(out *EnvoyListenerConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyLogging ¶ added in v1.19.0
type EnvoyLogging struct {
// AccessLogFormat sets the global access log format.
//
// Values: `envoy` (default), `json`.
//
// Other values will produce an error.
// +optional
AccessLogFormat AccessLogType `json:"accessLogFormat,omitempty"`
// AccessLogFormatString sets the access log format when format is set to `envoy`.
// When empty, Envoy's default format is used.
// +optional
AccessLogFormatString string `json:"accessLogFormatString,omitempty"`
// AccessLogJSONFields sets the fields that JSON logging will
// output when AccessLogFormat is json.
// +optional
AccessLogJSONFields AccessLogJSONFields `json:"accessLogJSONFields,omitempty"`
// AccessLogLevel sets the verbosity level of the access log.
//
// Values: `info` (default, all requests are logged), `error` (all non-success requests, i.e. 300+ response code, are logged), `critical` (all 5xx requests are logged) and `disabled`.
//
// Other values will produce an error.
// +optional
AccessLogLevel AccessLogLevel `json:"accessLogLevel,omitempty"`
}
EnvoyLogging defines how Envoy's logs can be configured.
func (*EnvoyLogging) AccessLogFormatterExtensions ¶ added in v1.22.0
func (e *EnvoyLogging) AccessLogFormatterExtensions() []string
AccessLogFormatterExtensions returns a list of formatter extension names required by the access log format.
Note: When adding support for new formatter, update the list of extensions here and add corresponding configuration in internal/envoy/v3/accesslog.go extensionConfig(). Currently only one extension exist in Envoy.
func (*EnvoyLogging) DeepCopy ¶ added in v1.19.0
func (in *EnvoyLogging) DeepCopy() *EnvoyLogging
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyLogging.
func (*EnvoyLogging) DeepCopyInto ¶ added in v1.19.0
func (in *EnvoyLogging) DeepCopyInto(out *EnvoyLogging)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyLogging) Validate ¶ added in v1.21.0
func (e *EnvoyLogging) Validate() error
type EnvoySettings ¶ added in v1.21.0
type EnvoySettings struct {
// WorkloadType is the type of workload to install Envoy
// as. Choices are DaemonSet and Deployment. If unset, defaults
// to DaemonSet.
//
// +optional
WorkloadType WorkloadType `json:"workloadType,omitempty"`
// Deprecated: Use `DeploymentSettings.Replicas` instead.
//
// Replicas is the desired number of Envoy replicas. If WorkloadType
// is not "Deployment", this field is ignored. Otherwise, if unset,
// defaults to 2.
//
// if both `DeploymentSettings.Replicas` and this one is set, use `DeploymentSettings.Replicas`.
//
// +kubebuilder:validation:Minimum=0
// +optional
Replicas int32 `json:"replicas,omitempty"`
// NetworkPublishing defines how to expose Envoy to a network.
//
// +optional.
NetworkPublishing *NetworkPublishing `json:"networkPublishing,omitempty"`
// NodePlacement describes node scheduling configuration of Envoy pods.
//
// +optional
NodePlacement *NodePlacement `json:"nodePlacement,omitempty"`
// ExtraVolumes holds the extra volumes to add.
// +optional
ExtraVolumes []corev1.Volume `json:"extraVolumes,omitempty"`
// ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes).
// +optional
ExtraVolumeMounts []corev1.VolumeMount `json:"extraVolumeMounts,omitempty"`
// PodAnnotations defines annotations to add to the Envoy pods.
// the annotations for Prometheus will be appended or overwritten with predefined value.
// +optional
PodAnnotations map[string]string `json:"podAnnotations,omitempty"`
// Compute Resources required by envoy container.
// Cannot be updated.
// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
// +optional
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
// LogLevel sets the log level for Envoy.
// Allowed values are "trace", "debug", "info", "warn", "error", "critical", "off".
//
// +optional
LogLevel LogLevel `json:"logLevel,omitempty"`
// DaemonSet describes the settings for running envoy as a `DaemonSet`.
// if `WorkloadType` is `Deployment`,it's must be nil
// +optional
DaemonSet *DaemonSetSettings `json:"daemonSet,omitempty"`
// Deployment describes the settings for running envoy as a `Deployment`.
// if `WorkloadType` is `DaemonSet`,it's must be nil
// +optional
Deployment *DeploymentSettings `json:"deployment,omitempty"`
// The base ID to use when allocating shared memory regions.
// if Envoy needs to be run multiple times on the same machine, each running Envoy will need a unique base ID
// so that the shared memory regions do not conflict.
// defaults to 0.
//
// +kubebuilder:validation:Minimum=0
// +optional
BaseID int32 `json:"baseID,omitempty"`
// OverloadMaxHeapSize defines the maximum heap memory of the envoy controlled by the overload manager.
// When the value is greater than 0, the overload manager is enabled,
// and when envoy reaches 95% of the maximum heap size, it performs a shrink heap operation,
// When it reaches 98% of the maximum heap size, Envoy Will stop accepting requests.
// More info: https://projectcontour.io/docs/main/config/overload-manager/
//
// +optional
OverloadMaxHeapSize uint64 `json:"overloadMaxHeapSize,omitempty"`
}
EnvoySettings contains settings for the Envoy part of the installation, i.e. the xDS client/data plane and associated resources.
func (*EnvoySettings) DeepCopy ¶ added in v1.21.0
func (in *EnvoySettings) DeepCopy() *EnvoySettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoySettings.
func (*EnvoySettings) DeepCopyInto ¶ added in v1.21.0
func (in *EnvoySettings) DeepCopyInto(out *EnvoySettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyTLS ¶ added in v1.19.0
type EnvoyTLS struct {
// MinimumProtocolVersion is the minimum TLS version this vhost should
// negotiate.
//
// Values: `1.2` (default), `1.3`.
//
// Other values will produce an error.
// +optional
MinimumProtocolVersion string `json:"minimumProtocolVersion,omitempty"`
// MaximumProtocolVersion is the maximum TLS version this vhost should
// negotiate.
//
// Values: `1.2`, `1.3`(default).
//
// Other values will produce an error.
// +optional
MaximumProtocolVersion string `json:"maximumProtocolVersion,omitempty"`
// CipherSuites defines the TLS ciphers to be supported by Envoy TLS
// listeners when negotiating TLS 1.2. Ciphers are validated against the
// set that Envoy supports by default. This parameter should only be used
// by advanced users. Note that these will be ignored when TLS 1.3 is in
// use.
//
// This field is optional; when it is undefined, a Contour-managed ciphersuite list
// will be used, which may be updated to keep it secure.
//
// Contour's default list is:
// - "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]"
// - "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]"
// - "ECDHE-ECDSA-AES256-GCM-SHA384"
// - "ECDHE-RSA-AES256-GCM-SHA384"
//
// Ciphers provided are validated against the following list:
// - "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]"
// - "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]"
// - "ECDHE-ECDSA-AES128-GCM-SHA256"
// - "ECDHE-RSA-AES128-GCM-SHA256"
// - "ECDHE-ECDSA-AES128-SHA"
// - "ECDHE-RSA-AES128-SHA"
// - "AES128-GCM-SHA256"
// - "AES128-SHA"
// - "ECDHE-ECDSA-AES256-GCM-SHA384"
// - "ECDHE-RSA-AES256-GCM-SHA384"
// - "ECDHE-ECDSA-AES256-SHA"
// - "ECDHE-RSA-AES256-SHA"
// - "AES256-GCM-SHA384"
// - "AES256-SHA"
//
// Contour recommends leaving this undefined unless you are sure you must.
//
// See: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters
// Note: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS.
// +optional
CipherSuites []string `json:"cipherSuites,omitempty"`
}
EnvoyTLS describes tls parameters for Envoy listneners.
func (*EnvoyTLS) DeepCopy ¶ added in v1.19.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyTLS.
func (*EnvoyTLS) DeepCopyInto ¶ added in v1.19.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyTLS) SanitizedCipherSuites ¶ added in v1.22.0
SanitizedCipherSuites returns a deduplicated list of TLS ciphers. Order is maintained.
type ExtensionProtocolVersion ¶
type ExtensionProtocolVersion string
ExtensionProtocolVersion is the version of the GRPC protocol used to access extension services. The only version currently supported is "v3".
const ( // SupportProtocolVersion2 requests the "v2" support protocol version. // // Deprecated: this protocol version is no longer supported and the // constant is retained for backwards compatibility only. SupportProtocolVersion2 ExtensionProtocolVersion = "v2" // SupportProtocolVersion3 requests the "v3" support protocol version. SupportProtocolVersion3 ExtensionProtocolVersion = "v3" )
type ExtensionService ¶
type ExtensionService struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ExtensionServiceSpec `json:"spec,omitempty"`
Status ExtensionServiceStatus `json:"status,omitempty"`
}
ExtensionService is the schema for the Contour extension services API. An ExtensionService resource binds a network service to the Contour API so that Contour API features can be implemented by collaborating components.
func (*ExtensionService) DeepCopy ¶
func (in *ExtensionService) DeepCopy() *ExtensionService
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionService.
func (*ExtensionService) DeepCopyInto ¶
func (in *ExtensionService) DeepCopyInto(out *ExtensionService)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExtensionService) DeepCopyObject ¶
func (in *ExtensionService) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExtensionServiceList ¶
type ExtensionServiceList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ExtensionService `json:"items"`
}
ExtensionServiceList contains a list of ExtensionService resources.
func (*ExtensionServiceList) DeepCopy ¶
func (in *ExtensionServiceList) DeepCopy() *ExtensionServiceList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionServiceList.
func (*ExtensionServiceList) DeepCopyInto ¶
func (in *ExtensionServiceList) DeepCopyInto(out *ExtensionServiceList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExtensionServiceList) DeepCopyObject ¶
func (in *ExtensionServiceList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExtensionServiceSpec ¶
type ExtensionServiceSpec struct {
// Services specifies the set of Kubernetes Service resources that
// receive GRPC extension API requests.
// If no weights are specified for any of the entries in
// this array, traffic will be spread evenly across all the
// services.
// Otherwise, traffic is balanced proportionally to the
// Weight field in each entry.
//
// +required
// +kubebuilder:validation:MinItems=1
Services []ExtensionServiceTarget `json:"services"`
// UpstreamValidation defines how to verify the backend service's certificate
// +optional
UpstreamValidation *contour_api_v1.UpstreamValidation `json:"validation,omitempty"`
// Protocol may be used to specify (or override) the protocol used to reach this Service.
// Values may be h2 or h2c. If omitted, protocol-selection falls back on Service annotations.
//
// +optional
// +kubebuilder:validation:Enum=h2;h2c
Protocol *string `json:"protocol,omitempty"`
// The policy for load balancing GRPC service requests. Note that the
// `Cookie` and `RequestHash` load balancing strategies cannot be used
// here.
//
// +optional
LoadBalancerPolicy *contour_api_v1.LoadBalancerPolicy `json:"loadBalancerPolicy,omitempty"`
// The timeout policy for requests to the services.
//
// +optional
TimeoutPolicy *contour_api_v1.TimeoutPolicy `json:"timeoutPolicy,omitempty"`
// This field sets the version of the GRPC protocol that Envoy uses to
// send requests to the extension service. Since Contour always uses the
// v3 Envoy API, this is currently fixed at "v3". However, other
// protocol options will be available in future.
//
// +optional
// +kubebuilder:validation:Enum=v3
ProtocolVersion ExtensionProtocolVersion `json:"protocolVersion,omitempty"`
}
ExtensionServiceSpec defines the desired state of an ExtensionService resource.
func (*ExtensionServiceSpec) DeepCopy ¶
func (in *ExtensionServiceSpec) DeepCopy() *ExtensionServiceSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionServiceSpec.
func (*ExtensionServiceSpec) DeepCopyInto ¶
func (in *ExtensionServiceSpec) DeepCopyInto(out *ExtensionServiceSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExtensionServiceStatus ¶
type ExtensionServiceStatus struct {
// Conditions contains the current status of the ExtensionService resource.
//
// Contour will update a single condition, `Valid`, that is in normal-true polarity.
//
// Contour will not modify any other Conditions set in this block,
// in case some other controller wants to add a Condition.
//
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
// +listType=map
// +listMapKey=type
Conditions []contour_api_v1.DetailedCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}
ExtensionServiceStatus defines the observed state of an ExtensionService resource.
func (*ExtensionServiceStatus) DeepCopy ¶
func (in *ExtensionServiceStatus) DeepCopy() *ExtensionServiceStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionServiceStatus.
func (*ExtensionServiceStatus) DeepCopyInto ¶
func (in *ExtensionServiceStatus) DeepCopyInto(out *ExtensionServiceStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExtensionServiceStatus) GetConditionFor ¶ added in v1.9.0
func (status *ExtensionServiceStatus) GetConditionFor(condType string) *contour_api_v1.DetailedCondition
GetConditionFor returns the a pointer to the condition for a given type, or nil if there are none currently present.
type ExtensionServiceTarget ¶ added in v1.9.0
type ExtensionServiceTarget struct {
// Name is the name of Kubernetes service that will accept service
// traffic.
//
// +required
Name string `json:"name"`
// Port (defined as Integer) to proxy traffic to since a service can have multiple defined.
//
// +required
// +kubebuilder:validation:Minimum=1
// +kubebuilder:validation:Maximum=65536
// +kubebuilder:validation:ExclusiveMinimum=false
// +kubebuilder:validation:ExclusiveMaximum=true
Port int `json:"port"`
// Weight defines proportion of traffic to balance to the Kubernetes Service.
//
// +optional
Weight uint32 `json:"weight,omitempty"`
}
ExtensionServiceTarget defines an Kubernetes Service to target with extension service traffic.
func (*ExtensionServiceTarget) DeepCopy ¶ added in v1.9.0
func (in *ExtensionServiceTarget) DeepCopy() *ExtensionServiceTarget
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionServiceTarget.
func (*ExtensionServiceTarget) DeepCopyInto ¶ added in v1.9.0
func (in *ExtensionServiceTarget) DeepCopyInto(out *ExtensionServiceTarget)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FeatureFlags ¶ added in v1.27.0
type FeatureFlags []string
FeatureFlags defines the set of feature flags to toggle new contour features.
func (FeatureFlags) DeepCopy ¶ added in v1.27.0
func (in FeatureFlags) DeepCopy() FeatureFlags
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureFlags.
func (FeatureFlags) DeepCopyInto ¶ added in v1.27.0
func (in FeatureFlags) DeepCopyInto(out *FeatureFlags)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (FeatureFlags) IsEndpointSliceEnabled ¶ added in v1.27.0
func (f FeatureFlags) IsEndpointSliceEnabled() bool
func (FeatureFlags) Validate ¶ added in v1.27.0
func (f FeatureFlags) Validate() error
type GatewayConfig ¶ added in v1.19.0
type GatewayConfig struct {
// ControllerName is used to determine whether Contour should reconcile a
// GatewayClass. The string takes the form of "projectcontour.io/<namespace>/contour".
// If unset, the gatewayclass controller will not be started.
// Exactly one of ControllerName or GatewayRef must be set.
//
// Deprecated: users should use GatewayRef, or the Gateway provisioner,
// in place of this field. This field will be removed in a future release.
// +optional
ControllerName string `json:"controllerName,omitempty"`
// GatewayRef defines a specific Gateway that this Contour
// instance corresponds to. If set, Contour will reconcile
// only this gateway, and will not reconcile any gateway
// classes.
// Exactly one of ControllerName or GatewayRef must be set.
// +optional
GatewayRef *NamespacedName `json:"gatewayRef,omitempty"`
}
GatewayConfig holds the config for Gateway API controllers.
func (*GatewayConfig) DeepCopy ¶ added in v1.19.0
func (in *GatewayConfig) DeepCopy() *GatewayConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfig.
func (*GatewayConfig) DeepCopyInto ¶ added in v1.19.0
func (in *GatewayConfig) DeepCopyInto(out *GatewayConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GatewayConfig) Validate ¶ added in v1.21.0
func (g *GatewayConfig) Validate() error
Validate ensures that exactly one of ControllerName or GatewayRef are specified.
type GlobalCircuitBreakerDefaults ¶ added in v1.28.0
type GlobalCircuitBreakerDefaults struct {
// The maximum number of connections that a single Envoy instance allows to the Kubernetes Service; defaults to 1024.
// +optional
MaxConnections uint32 `json:"maxConnections,omitempty" yaml:"max-connections,omitempty"`
// The maximum number of pending requests that a single Envoy instance allows to the Kubernetes Service; defaults to 1024.
// +optional
MaxPendingRequests uint32 `json:"maxPendingRequests,omitempty" yaml:"max-pending-requests,omitempty"`
// The maximum parallel requests a single Envoy instance allows to the Kubernetes Service; defaults to 1024
// +optional
MaxRequests uint32 `json:"maxRequests,omitempty" yaml:"max-requests,omitempty"`
// The maximum number of parallel retries a single Envoy instance allows to the Kubernetes Service; defaults to 3.
// +optional
MaxRetries uint32 `json:"maxRetries,omitempty" yaml:"max-retries,omitempty"`
}
func (*GlobalCircuitBreakerDefaults) DeepCopy ¶ added in v1.28.0
func (in *GlobalCircuitBreakerDefaults) DeepCopy() *GlobalCircuitBreakerDefaults
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalCircuitBreakerDefaults.
func (*GlobalCircuitBreakerDefaults) DeepCopyInto ¶ added in v1.28.0
func (in *GlobalCircuitBreakerDefaults) DeepCopyInto(out *GlobalCircuitBreakerDefaults)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPProxyConfig ¶ added in v1.19.0
type HTTPProxyConfig struct {
// DisablePermitInsecure disables the use of the
// permitInsecure field in HTTPProxy.
//
// Contour's default is false.
// +optional
DisablePermitInsecure *bool `json:"disablePermitInsecure,omitempty"`
// Restrict Contour to searching these namespaces for root ingress routes.
// +optional
RootNamespaces []string `json:"rootNamespaces,omitempty"`
// FallbackCertificate defines the namespace/name of the Kubernetes secret to
// use as fallback when a non-SNI request is received.
// +optional
FallbackCertificate *NamespacedName `json:"fallbackCertificate,omitempty"`
}
HTTPProxyConfig defines parameters on HTTPProxy.
func (*HTTPProxyConfig) DeepCopy ¶ added in v1.19.0
func (in *HTTPProxyConfig) DeepCopy() *HTTPProxyConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPProxyConfig.
func (*HTTPProxyConfig) DeepCopyInto ¶ added in v1.19.0
func (in *HTTPProxyConfig) DeepCopyInto(out *HTTPProxyConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPVersionType ¶ added in v1.19.0
type HTTPVersionType string
HTTPVersionType is the name of a supported HTTP version.
const ( // HTTPVersion1 is the name of the HTTP/1.1 version. HTTPVersion1 HTTPVersionType = "HTTP/1.1" // HTTPVersion2 is the name of the HTTP/2 version. HTTPVersion2 HTTPVersionType = "HTTP/2" )
type HeadersPolicy ¶ added in v1.19.0
type HeadersPolicy struct {
// +optional
Set map[string]string `json:"set,omitempty"`
// +optional
Remove []string `json:"remove,omitempty"`
}
func (*HeadersPolicy) DeepCopy ¶ added in v1.19.0
func (in *HeadersPolicy) DeepCopy() *HeadersPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeadersPolicy.
func (*HeadersPolicy) DeepCopyInto ¶ added in v1.19.0
func (in *HeadersPolicy) DeepCopyInto(out *HeadersPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HealthConfig ¶ added in v1.19.0
type HealthConfig struct {
// Defines the health address interface.
// +kubebuilder:validation:MinLength=1
// +optional
Address string `json:"address,omitempty"`
// Defines the health port.
// +optional
Port int `json:"port,omitempty"`
}
HealthConfig defines the endpoints to enable health checks.
func (*HealthConfig) DeepCopy ¶ added in v1.19.0
func (in *HealthConfig) DeepCopy() *HealthConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthConfig.
func (*HealthConfig) DeepCopyInto ¶ added in v1.19.0
func (in *HealthConfig) DeepCopyInto(out *HealthConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IngressConfig ¶ added in v1.19.0
type IngressConfig struct {
// Ingress Class Names Contour should use.
// +optional
ClassNames []string `json:"classNames,omitempty"`
// Address to set in Ingress object status.
// +optional
StatusAddress string `json:"statusAddress,omitempty"`
}
IngressConfig defines ingress specific config items.
func (*IngressConfig) DeepCopy ¶ added in v1.19.0
func (in *IngressConfig) DeepCopy() *IngressConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressConfig.
func (*IngressConfig) DeepCopyInto ¶ added in v1.19.0
func (in *IngressConfig) DeepCopyInto(out *IngressConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LogLevel ¶ added in v1.19.0
type LogLevel string
LogLevel is the logging levels available.
const ( // TraceLog sets the log level for Envoy to `trace`. TraceLog LogLevel = "trace" // DebugLog sets the log level for Contour/Envoy to `debug`. DebugLog LogLevel = "debug" // InfoLog sets the log level for Contour/Envoy to `info`. InfoLog LogLevel = "info" // WarnLog sets the log level for Envoy to `warn`. WarnLog LogLevel = "warn" // ErrorLog sets the log level for Envoy to `error`. ErrorLog LogLevel = "error" // CriticalLog sets the log level for Envoy to `critical`. CriticalLog LogLevel = "critical" // OffLog disable logging for Envoy. OffLog LogLevel = "off" )
type MetricsConfig ¶ added in v1.19.0
type MetricsConfig struct {
// Defines the metrics address interface.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
// +optional
Address string `json:"address,omitempty"`
// Defines the metrics port.
// +optional
Port int `json:"port,omitempty"`
// TLS holds TLS file config details.
// Metrics and health endpoints cannot have same port number when metrics is served over HTTPS.
// +optional
TLS *MetricsTLS `json:"tls,omitempty"`
}
MetricsConfig defines the metrics endpoint.
func (*MetricsConfig) DeepCopy ¶ added in v1.19.0
func (in *MetricsConfig) DeepCopy() *MetricsConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricsConfig.
func (*MetricsConfig) DeepCopyInto ¶ added in v1.19.0
func (in *MetricsConfig) DeepCopyInto(out *MetricsConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MetricsTLS ¶ added in v1.20.0
type MetricsTLS struct {
// CA filename.
// +optional
CAFile string `json:"caFile,omitempty"`
// Client certificate filename.
// +optional
CertFile string `json:"certFile,omitempty"`
// Client key filename.
// +optional
KeyFile string `json:"keyFile,omitempty"`
}
TLS holds TLS file config details.
func (*MetricsTLS) DeepCopy ¶ added in v1.20.0
func (in *MetricsTLS) DeepCopy() *MetricsTLS
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricsTLS.
func (*MetricsTLS) DeepCopyInto ¶ added in v1.20.0
func (in *MetricsTLS) DeepCopyInto(out *MetricsTLS)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NamespacedName ¶ added in v1.19.0
NamespacedName defines the namespace/name of the Kubernetes resource referred from the config file. Used for Contour config YAML file parsing, otherwise we could use K8s types.NamespacedName.
func (*NamespacedName) DeepCopy ¶ added in v1.19.0
func (in *NamespacedName) DeepCopy() *NamespacedName
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespacedName.
func (*NamespacedName) DeepCopyInto ¶ added in v1.19.0
func (in *NamespacedName) DeepCopyInto(out *NamespacedName)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkParameters ¶ added in v1.19.0
type NetworkParameters struct {
// XffNumTrustedHops defines the number of additional ingress proxy hops from the
// right side of the x-forwarded-for HTTP header to trust when determining the origin
// client’s IP address.
//
// See https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops
// for more information.
//
// Contour's default is 0.
// +optional
XffNumTrustedHops *uint32 `json:"numTrustedHops,omitempty"`
// Configure the port used to access the Envoy Admin interface.
// If configured to port "0" then the admin interface is disabled.
//
// Contour's default is 9001.
// +optional
EnvoyAdminPort *int `json:"adminPort,omitempty"`
}
NetworkParameters hold various configurable network values.
func (*NetworkParameters) DeepCopy ¶ added in v1.19.0
func (in *NetworkParameters) DeepCopy() *NetworkParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkParameters.
func (*NetworkParameters) DeepCopyInto ¶ added in v1.19.0
func (in *NetworkParameters) DeepCopyInto(out *NetworkParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkPublishing ¶ added in v1.21.0
type NetworkPublishing struct {
// NetworkPublishingType is the type of publishing strategy to use. Valid values are:
//
// * LoadBalancerService
//
// In this configuration, network endpoints for Envoy use container networking.
// A Kubernetes LoadBalancer Service is created to publish Envoy network
// endpoints.
//
// See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
//
// * NodePortService
//
// Publishes Envoy network endpoints using a Kubernetes NodePort Service.
//
// In this configuration, Envoy network endpoints use container networking. A Kubernetes
// NodePort Service is created to publish the network endpoints.
//
// See: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
//
// NOTE:
// When provisioning an Envoy `NodePortService`, use Gateway Listeners' port numbers to populate
// the Service's node port values, there's no way to auto-allocate them.
//
// See: https://github.com/projectcontour/contour/issues/4499
//
// * ClusterIPService
//
// Publishes Envoy network endpoints using a Kubernetes ClusterIP Service.
//
// In this configuration, Envoy network endpoints use container networking. A Kubernetes
// ClusterIP Service is created to publish the network endpoints.
//
// See: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
//
// If unset, defaults to LoadBalancerService.
//
// +optional
Type NetworkPublishingType `json:"type,omitempty"`
// ExternalTrafficPolicy describes how nodes distribute service traffic they
// receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs,
// and LoadBalancer IPs).
//
// If unset, defaults to "Local".
//
// +optional
ExternalTrafficPolicy corev1.ServiceExternalTrafficPolicyType `json:"externalTrafficPolicy,omitempty"`
// IPFamilyPolicy represents the dual-stack-ness requested or required by
// this Service. If there is no value provided, then this field will be set
// to SingleStack. Services can be "SingleStack" (a single IP family),
// "PreferDualStack" (two IP families on dual-stack configured clusters or
// a single IP family on single-stack clusters), or "RequireDualStack"
// (two IP families on dual-stack configured clusters, otherwise fail).
//
// +optional
IPFamilyPolicy corev1.IPFamilyPolicy `json:"ipFamilyPolicy,omitempty"`
// ServiceAnnotations is the annotations to add to
// the provisioned Envoy service.
//
// +optional
ServiceAnnotations map[string]string `json:"serviceAnnotations,omitempty"`
}
NetworkPublishing defines the schema for publishing to a network.
func (*NetworkPublishing) DeepCopy ¶ added in v1.21.0
func (in *NetworkPublishing) DeepCopy() *NetworkPublishing
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPublishing.
func (*NetworkPublishing) DeepCopyInto ¶ added in v1.21.0
func (in *NetworkPublishing) DeepCopyInto(out *NetworkPublishing)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkPublishingType ¶ added in v1.21.0
type NetworkPublishingType string
NetworkPublishingType is a way to publish network endpoints.
const ( // LoadBalancerServicePublishingType publishes a network endpoint using a Kubernetes // LoadBalancer Service. LoadBalancerServicePublishingType NetworkPublishingType = "LoadBalancerService" // NodePortServicePublishingType publishes a network endpoint using a Kubernetes // NodePort Service. NodePortServicePublishingType NetworkPublishingType = "NodePortService" // ClusterIPServicePublishingType publishes a network endpoint using a Kubernetes // ClusterIP Service. ClusterIPServicePublishingType NetworkPublishingType = "ClusterIPService" )
type NodePlacement ¶ added in v1.21.0
type NodePlacement struct {
// NodeSelector is the simplest recommended form of node selection constraint
// and specifies a map of key-value pairs. For the pod to be eligible
// to run on a node, the node must have each of the indicated key-value pairs
// as labels (it can have additional labels as well).
//
// If unset, the pod(s) will be scheduled to any available node.
//
// +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// Tolerations work with taints to ensure that pods are not scheduled
// onto inappropriate nodes. One or more taints are applied to a node; this
// marks that the node should not accept any pods that do not tolerate the
// taints.
//
// The default is an empty list.
//
// See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
// for additional details.
//
// +optional
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
}
NodePlacement describes node scheduling configuration for pods. If nodeSelector and tolerations are specified, the scheduler will use both to determine where to place the pod(s).
func (*NodePlacement) DeepCopy ¶ added in v1.21.0
func (in *NodePlacement) DeepCopy() *NodePlacement
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePlacement.
func (*NodePlacement) DeepCopyInto ¶ added in v1.21.0
func (in *NodePlacement) DeepCopyInto(out *NodePlacement)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyConfig ¶ added in v1.19.0
type PolicyConfig struct {
// RequestHeadersPolicy defines the request headers set/removed on all routes
// +optional
RequestHeadersPolicy *HeadersPolicy `json:"requestHeaders,omitempty"`
// ResponseHeadersPolicy defines the response headers set/removed on all routes
// +optional
ResponseHeadersPolicy *HeadersPolicy `json:"responseHeaders,omitempty"`
// ApplyToIngress determines if the Policies will apply to ingress objects
//
// Contour's default is false.
// +optional
ApplyToIngress *bool `json:"applyToIngress,omitempty"`
}
PolicyConfig holds default policy used if not explicitly set by the user
func (*PolicyConfig) DeepCopy ¶ added in v1.19.0
func (in *PolicyConfig) DeepCopy() *PolicyConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyConfig.
func (*PolicyConfig) DeepCopyInto ¶ added in v1.19.0
func (in *PolicyConfig) DeepCopyInto(out *PolicyConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitServiceConfig ¶ added in v1.19.0
type RateLimitServiceConfig struct {
// ExtensionService identifies the extension service defining the RLS.
ExtensionService NamespacedName `json:"extensionService"`
// Domain is passed to the Rate Limit Service.
// +optional
Domain string `json:"domain,omitempty"`
// FailOpen defines whether to allow requests to proceed when the
// Rate Limit Service fails to respond with a valid rate limit
// decision within the timeout defined on the extension service.
// +optional
FailOpen *bool `json:"failOpen,omitempty"`
// EnableXRateLimitHeaders defines whether to include the X-RateLimit
// headers X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset
// (as defined by the IETF Internet-Draft linked below), on responses
// to clients when the Rate Limit Service is consulted for a request.
//
// ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html
// +optional
EnableXRateLimitHeaders *bool `json:"enableXRateLimitHeaders,omitempty"`
// EnableResourceExhaustedCode enables translating error code 429 to
// grpc code RESOURCE_EXHAUSTED. When disabled it's translated to UNAVAILABLE
//
// +optional
EnableResourceExhaustedCode *bool `json:"enableResourceExhaustedCode,omitempty"`
// DefaultGlobalRateLimitPolicy allows setting a default global rate limit policy for every HTTPProxy.
// HTTPProxy can overwrite this configuration.
//
// +optional
DefaultGlobalRateLimitPolicy *contour_api_v1.GlobalRateLimitPolicy `json:"defaultGlobalRateLimitPolicy,omitempty"`
}
RateLimitServiceConfig defines properties of a global Rate Limit Service.
func (*RateLimitServiceConfig) DeepCopy ¶ added in v1.19.0
func (in *RateLimitServiceConfig) DeepCopy() *RateLimitServiceConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitServiceConfig.
func (*RateLimitServiceConfig) DeepCopyInto ¶ added in v1.19.0
func (in *RateLimitServiceConfig) DeepCopyInto(out *RateLimitServiceConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServerHeaderTransformationType ¶ added in v1.24.0
type ServerHeaderTransformationType string
ServerHeaderTransformation defines the action to be applied to the Server header on the response path
const ( // Overwrite any Server header with "envoy". // This is the default value. OverwriteServerHeader ServerHeaderTransformationType = "overwrite" // If no Server header is present, set it to "envoy". // If a Server header is present, pass it through. AppendIfAbsentServerHeader ServerHeaderTransformationType = "append_if_absent" // Pass through the value of the Server header, and do not append a header // if none is present. PassThroughServerHeader ServerHeaderTransformationType = "pass_through" )
type SocketOptions ¶ added in v1.26.0
type SocketOptions struct {
// Defines the value for IPv4 TOS field (including 6 bit DSCP field) for IP packets originating from Envoy listeners.
// Single value is applied to all listeners.
// If listeners are bound to IPv6-only addresses, setting this option will cause an error.
// +kubebuilder:validation:Minimum=0
// +kubebuilder:validation:Maximum=255
// +optional
TOS int32 `json:"tos,omitempty"`
// Defines the value for IPv6 Traffic Class field (including 6 bit DSCP field) for IP packets originating from the Envoy listeners.
// Single value is applied to all listeners.
// If listeners are bound to IPv4-only addresses, setting this option will cause an error.
// +kubebuilder:validation:Minimum=0
// +kubebuilder:validation:Maximum=255
// +optional
TrafficClass int32 `json:"trafficClass,omitempty"`
}
SocketOptions defines configurable socket options for Envoy listeners.
func (*SocketOptions) DeepCopy ¶ added in v1.26.0
func (in *SocketOptions) DeepCopy() *SocketOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SocketOptions.
func (*SocketOptions) DeepCopyInto ¶ added in v1.26.0
func (in *SocketOptions) DeepCopyInto(out *SocketOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLS ¶ added in v1.19.0
type TLS struct {
// CA filename.
// +optional
CAFile string `json:"caFile,omitempty"`
// Client certificate filename.
// +optional
CertFile string `json:"certFile,omitempty"`
// Client key filename.
// +optional
KeyFile string `json:"keyFile,omitempty"`
// Allow serving the xDS gRPC API without TLS.
// +optional
Insecure *bool `json:"insecure,omitempty"`
}
TLS holds TLS file config details.
func (*TLS) DeepCopy ¶ added in v1.19.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLS.
func (*TLS) DeepCopyInto ¶ added in v1.19.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TimeoutParameters ¶ added in v1.19.0
type TimeoutParameters struct {
// RequestTimeout sets the client request timeout globally for Contour. Note that
// this is a timeout for the entire request, not an idle timeout. Omit or set to
// "infinity" to disable the timeout entirely.
//
// See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-request-timeout
// for more information.
// +optional
RequestTimeout *string `json:"requestTimeout,omitempty"`
// ConnectionIdleTimeout defines how long the proxy should wait while there are
// no active requests (for HTTP/1.1) or streams (for HTTP/2) before terminating
// an HTTP connection. Set to "infinity" to disable the timeout entirely.
//
// See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout
// for more information.
// +optional
ConnectionIdleTimeout *string `json:"connectionIdleTimeout,omitempty"`
// StreamIdleTimeout defines how long the proxy should wait while there is no
// request activity (for HTTP/1.1) or stream activity (for HTTP/2) before
// terminating the HTTP request or stream. Set to "infinity" to disable the
// timeout entirely.
//
// See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-stream-idle-timeout
// for more information.
// +optional
StreamIdleTimeout *string `json:"streamIdleTimeout,omitempty"`
// MaxConnectionDuration defines the maximum period of time after an HTTP connection
// has been established from the client to the proxy before it is closed by the proxy,
// regardless of whether there has been activity or not. Omit or set to "infinity" for
// no max duration.
//
// See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-max-connection-duration
// for more information.
// +optional
MaxConnectionDuration *string `json:"maxConnectionDuration,omitempty"`
// DelayedCloseTimeout defines how long envoy will wait, once connection
// close processing has been initiated, for the downstream peer to close
// the connection before Envoy closes the socket associated with the connection.
//
// Setting this timeout to 'infinity' will disable it, equivalent to setting it to '0'
// in Envoy. Leaving it unset will result in the Envoy default value being used.
//
// See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-delayed-close-timeout
// for more information.
// +optional
DelayedCloseTimeout *string `json:"delayedCloseTimeout,omitempty"`
// ConnectionShutdownGracePeriod defines how long the proxy will wait between sending an
// initial GOAWAY frame and a second, final GOAWAY frame when terminating an HTTP/2 connection.
// During this grace period, the proxy will continue to respond to new streams. After the final
// GOAWAY frame has been sent, the proxy will refuse new streams.
//
// See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-drain-timeout
// for more information.
// +optional
ConnectionShutdownGracePeriod *string `json:"connectionShutdownGracePeriod,omitempty"`
// ConnectTimeout defines how long the proxy should wait when establishing connection to upstream service.
// If not set, a default value of 2 seconds will be used.
//
// See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-connect-timeout
// for more information.
// +optional
ConnectTimeout *string `json:"connectTimeout,omitempty"`
}
TimeoutParameters holds various configurable proxy timeout values.
func (*TimeoutParameters) DeepCopy ¶ added in v1.19.0
func (in *TimeoutParameters) DeepCopy() *TimeoutParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TimeoutParameters.
func (*TimeoutParameters) DeepCopyInto ¶ added in v1.19.0
func (in *TimeoutParameters) DeepCopyInto(out *TimeoutParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TracingConfig ¶ added in v1.25.0
type TracingConfig struct {
// IncludePodDetail defines a flag.
// If it is true, contour will add the pod name and namespace to the span of the trace.
// the default is true.
// Note: The Envoy pods MUST have the HOSTNAME and CONTOUR_NAMESPACE environment variables set for this to work properly.
// +optional
IncludePodDetail *bool `json:"includePodDetail,omitempty"`
// ServiceName defines the name for the service.
// contour's default is contour.
ServiceName *string `json:"serviceName,omitempty"`
// OverallSampling defines the sampling rate of trace data.
// contour's default is 100.
// +optional
OverallSampling *string `json:"overallSampling,omitempty"`
// MaxPathTagLength defines maximum length of the request path
// to extract and include in the HttpUrl tag.
// contour's default is 256.
// +optional
MaxPathTagLength *uint32 `json:"maxPathTagLength,omitempty"`
// CustomTags defines a list of custom tags with unique tag name.
// +optional
CustomTags []*CustomTag `json:"customTags,omitempty"`
// ExtensionService identifies the extension service defining the otel-collector.
ExtensionService *NamespacedName `json:"extensionService"`
}
TracingConfig defines properties for exporting trace data to OpenTelemetry.
func (*TracingConfig) DeepCopy ¶ added in v1.25.0
func (in *TracingConfig) DeepCopy() *TracingConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingConfig.
func (*TracingConfig) DeepCopyInto ¶ added in v1.25.0
func (in *TracingConfig) DeepCopyInto(out *TracingConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TracingConfig) Validate ¶ added in v1.25.0
func (t *TracingConfig) Validate() error
type WorkloadType ¶ added in v1.21.0
type WorkloadType string
WorkloadType is the type of Kubernetes workload to use for a component.
type XDSServerConfig ¶ added in v1.19.0
type XDSServerConfig struct {
// Defines the XDSServer to use for `contour serve`.
//
// Values: `contour` (default), `envoy`.
//
// Other values will produce an error.
// +optional
Type XDSServerType `json:"type,omitempty"`
// Defines the xDS gRPC API address which Contour will serve.
//
// Contour's default is "0.0.0.0".
// +kubebuilder:validation:MinLength=1
// +optional
Address string `json:"address,omitempty"`
// Defines the xDS gRPC API port which Contour will serve.
//
// Contour's default is 8001.
// +optional
Port int `json:"port,omitempty"`
// TLS holds TLS file config details.
//
// Contour's default is { caFile: "/certs/ca.crt", certFile: "/certs/tls.cert", keyFile: "/certs/tls.key", insecure: false }.
// +optional
TLS *TLS `json:"tls,omitempty"`
}
XDSServerConfig holds the config for the Contour xDS server.
func (*XDSServerConfig) DeepCopy ¶ added in v1.19.0
func (in *XDSServerConfig) DeepCopy() *XDSServerConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XDSServerConfig.
func (*XDSServerConfig) DeepCopyInto ¶ added in v1.19.0
func (in *XDSServerConfig) DeepCopyInto(out *XDSServerConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type XDSServerType ¶ added in v1.19.0
type XDSServerType string
XDSServerType is the type of xDS server implementation.
const ( // Use Contour's xDS server. ContourServerType XDSServerType = "contour" // Use the upstream `go-control-plane`-based xDS server. EnvoyServerType XDSServerType = "envoy" )
func (XDSServerType) Validate ¶ added in v1.21.0
func (x XDSServerType) Validate() error
Source Files
Click to show internal directories.
Click to hide internal directories.