ingress

package
v2.5.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 7, 2023 License: Apache-2.0 Imports: 52 Imported by: 0

Documentation

Overview

Package ingress is a generated GoMock package.

Index

Constants

View Source 
const (
	// IndexKeyServiceRefName is index key for services referenced by Ingress.
	IndexKeyServiceRefName = "ingress.serviceRef.name"
	// IndexKeySecretRefName is index key for secrets referenced by Ingress or Service.
	IndexKeySecretRefName = "ingress.secretRef.name"
	// IndexKeyIngressClassRefName is index key for ingressClass referenced by Ingress.
	IndexKeyIngressClassRefName = "ingress.ingressClassRef.name"
	// IndexKeyIngressClassParamsRefName is index key for ingressClassParams referenced by IngressClass.
	IndexKeyIngressClassParamsRefName = "ingressClass.ingressClassParamsRef.name"
)
View Source 
const (
	// the controller name used in IngressClass for ALB.
	IngressClassControllerALB = "ingress.k8s.aws/alb"
)

Variables

View Source 
var ErrInvalidIngressClass = errors.New("invalid ingress class")

ErrInvalidIngressClass is an sentinel error that represents the IngressClass configuration for Ingress is invalid.

Functions

func EncodeGroupIDToReconcileRequest 

func EncodeGroupIDToReconcileRequest(gID GroupID) ctrl.Request

EncodeGroupIDToReconcileRequest encodes a GroupID into a controller-runtime reconcile request

func NewACMCertDiscovery 

func NewACMCertDiscovery(acmClient services.ACM, logger logr.Logger) *acmCertDiscovery

NewACMCertDiscovery constructs new acmCertDiscovery

func NewDefaultAuthConfigBuilder 

func NewDefaultAuthConfigBuilder(annotationParser annotations.Parser) *defaultAuthConfigBuilder

NewDefaultAuthConfigBuilder constructs new defaultAuthConfigBuilder.

func NewDefaultEnhancedBackendBuilder 

func NewDefaultEnhancedBackendBuilder(k8sClient client.Client, annotationParser annotations.Parser, authConfigBuilder AuthConfigBuilder) *defaultEnhancedBackendBuilder

NewDefaultEnhancedBackendBuilder constructs new defaultEnhancedBackendBuilder.

func NewDefaultFinalizerManager 

func NewDefaultFinalizerManager(k8sFinalizerManager k8s.FinalizerManager) *defaultFinalizerManager

NewDefaultFinalizerManager constructs new defaultFinalizerManager

func NewDefaultGroupLoader 

func NewDefaultGroupLoader(client client.Client, eventRecorder record.EventRecorder, annotationParser annotations.Parser, classLoader ClassLoader, classAnnotationMatcher ClassAnnotationMatcher, manageIngressesWithoutIngressClass bool) *defaultGroupLoader

NewDefaultGroupLoader constructs new GroupLoader instance.

func NewDefaultModelBuilder 

func NewDefaultModelBuilder(k8sClient client.Client, eventRecorder record.EventRecorder,
	ec2Client services.EC2, acmClient services.ACM,
	annotationParser annotations.Parser, subnetsResolver networkingpkg.SubnetsResolver,
	authConfigBuilder AuthConfigBuilder, enhancedBackendBuilder EnhancedBackendBuilder,
	trackingProvider tracking.Provider, elbv2TaggingManager elbv2deploy.TaggingManager, featureGates config.FeatureGates,
	vpcID string, clusterName string, defaultTags map[string]string, externalManagedTags []string, defaultSSLPolicy string, defaultTargetType string,
	backendSGProvider networkingpkg.BackendSGProvider, sgResolver networkingpkg.SecurityGroupResolver,
	enableBackendSG bool, disableRestrictedSGRules bool, enableIPTargetType bool, logger logr.Logger) *defaultModelBuilder

NewDefaultModelBuilder constructs new defaultModelBuilder.

func NewDefaultReferenceIndexer 

func NewDefaultReferenceIndexer(enhancedBackendBuilder EnhancedBackendBuilder, authConfigBuilder AuthConfigBuilder, logger logr.Logger) *defaultReferenceIndexer

NewDefaultReferenceIndexer constructs new defaultReferenceIndexer.

func NewDefaultRuleOptimizer 

func NewDefaultRuleOptimizer(logger logr.Logger) *defaultRuleOptimizer

NewDefaultRuleOptimizer constructs new defaultRuleOptimizer.

Types

type Action 

type Action struct {
	// The type of action.
	Type ActionType `json:"type"`

	// The Amazon Resource Name (ARN) of the target group. Specify only when Type
	// is forward and you want to route to a single target group. To route to one
	// or more target groups, use ForwardConfig instead.
	TargetGroupARN *string `json:"targetGroupARN"`

	// [Application Load Balancer] Information for creating an action that returns a custom HTTP response.
	// +optional
	FixedResponseConfig *FixedResponseActionConfig `json:"fixedResponseConfig,omitempty"`

	// [Application Load Balancer] Information for creating a redirect action.
	// +optional
	RedirectConfig *RedirectActionConfig `json:"redirectConfig,omitempty"`

	// Information for creating an action that distributes requests among one or more target groups.
	// +optional
	ForwardConfig *ForwardActionConfig `json:"forwardConfig,omitempty"`
}

type ActionType 

type ActionType string

The type of action. 

const (
	ActionTypeFixedResponse ActionType = "fixed-response"
	ActionTypeForward       ActionType = "forward"
	ActionTypeRedirect      ActionType = "redirect"
)

type AuthConfig 

type AuthConfig struct {
	Type                     AuthType
	IDPConfigCognito         *AuthIDPConfigCognito
	IDPConfigOIDC            *AuthIDPConfigOIDC
	OnUnauthenticatedRequest string
	Scope                    string
	SessionCookieName        string
	SessionTimeout           int64
}

Auth config for Service / Ingresses

type AuthConfigBuilder 

type AuthConfigBuilder interface {
	Build(ctx context.Context, svcAndIngAnnotations map[string]string) (AuthConfig, error)
}

AuthConfig builder can build auth configuration for service or ingresses.

type AuthIDPConfigCognito 

type AuthIDPConfigCognito struct {
	// The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
	UserPoolARN string `json:"userPoolARN"`

	// The ID of the Amazon Cognito user pool client.
	UserPoolClientID string `json:"userPoolClientID"`

	// The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
	UserPoolDomain string `json:"userPoolDomain"`

	// The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
	// +optional
	AuthenticationRequestExtraParams map[string]string `json:"authenticationRequestExtraParams,omitempty"`
}

type AuthIDPConfigOIDC 

type AuthIDPConfigOIDC struct {
	// The OIDC issuer identifier of the IdP.
	Issuer string `json:"issuer"`

	// The authorization endpoint of the IdP.
	AuthorizationEndpoint string `json:"authorizationEndpoint"`

	// The token endpoint of the IdP.
	TokenEndpoint string `json:"tokenEndpoint"`

	// The user info endpoint of the IdP.
	UserInfoEndpoint string `json:"userInfoEndpoint"`

	// The k8s secretName.
	SecretName string `json:"secretName"`

	// The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
	// +optional
	AuthenticationRequestExtraParams map[string]string `json:"authenticationRequestExtraParams,omitempty"`
}

configuration for IDP of OIDC

type AuthType 

type AuthType string
const (
	AuthTypeNone    AuthType = "none"
	AuthTypeCognito AuthType = "cognito"
	AuthTypeOIDC    AuthType = "oidc"
)

type CertDiscovery 

type CertDiscovery interface {
	// Discover will try to find valid certificateARNs for each tlsHost.
	Discover(ctx context.Context, tlsHosts []string) ([]string, error)
}

CertDiscovery is responsible for auto-discover TLS certificates for tls hosts.

type ClassAnnotationMatcher 

type ClassAnnotationMatcher interface {
	Matches(ingClassAnnotation string) bool
}

ClassAnnotationMatcher tests whether the kubernetes.io/ingress.class annotation on Ingresses matches the IngressClass of this controller.

func NewDefaultClassAnnotationMatcher 

func NewDefaultClassAnnotationMatcher(ingressClass string) ClassAnnotationMatcher

NewDefaultClassAnnotationMatcher constructs new defaultClassAnnotationMatcher.

type ClassConfiguration 

type ClassConfiguration struct {
	// The IngressClass for Ingress if any.
	IngClass *networking.IngressClass

	// The IngressClassParams for Ingress if any.
	IngClassParams *elbv2api.IngressClassParams
}

ClassConfiguration contains configurations for IngressClass

type ClassLoader 

type ClassLoader interface {
	// Load loads the ClassConfiguration for Ingress with IngressClassName.
	Load(ctx context.Context, ing *networking.Ingress) (ClassConfiguration, error)
}

ClassLoader loads IngressClass configurations for Ingress.

func NewDefaultClassLoader 

func NewDefaultClassLoader(client client.Client, loadParams bool) ClassLoader

NewDefaultClassLoader constructs new defaultClassLoader instance.

type ClassifiedIngress 

type ClassifiedIngress struct {
	Ing            *networking.Ingress
	IngClassConfig ClassConfiguration
}

ClassifiedIngress is Ingress with it's associated IngressClass Configuration

func (ClassifiedIngress) GetObjectMeta 

func (c ClassifiedIngress) GetObjectMeta() metav1.Object

type EnhancedBackend 

type EnhancedBackend struct {
	Conditions []RuleCondition
	Action     Action
	AuthConfig AuthConfig
}

EnhancedBackend is an enhanced version of Ingress backend. It contains additional routing conditions and authentication configurations we parsed from annotations. Also, when magic string `use-annotation` is specified as backend, the actions will be parsed from annotations as well.

type EnhancedBackendBuildOption 

type EnhancedBackendBuildOption func(opts *EnhancedBackendBuildOptions)

func WithLoadAuthConfig 

func WithLoadAuthConfig(loadAuthConfig bool) EnhancedBackendBuildOption

WithLoadAuthConfig is a option that sets the LoadAuthConfig.

func WithLoadBackendServices 

func WithLoadBackendServices(loadBackendServices bool, backendServices map[types.NamespacedName]*corev1.Service) EnhancedBackendBuildOption

WithLoadBackendServices is a option that sets the WithLoadBackendServices and BackendServices.

type EnhancedBackendBuildOptions 

type EnhancedBackendBuildOptions struct {
	// whether to load backend services
	LoadBackendServices bool

	// BackendServices contains all services referenced in Action, indexed by service's key.
	// Note: we support to pass BackendServices during backend build, so that we can use the same service snapshot for same service during entire Ingress build process.
	BackendServices map[types.NamespacedName]*corev1.Service

	// whether to load auth configuration. when load authConfiguration, LoadBackendServices must be enabled as well.
	LoadAuthConfig bool
}

func (*EnhancedBackendBuildOptions) ApplyOptions 

func (opts *EnhancedBackendBuildOptions) ApplyOptions(options ...EnhancedBackendBuildOption)

type EnhancedBackendBuilder 

type EnhancedBackendBuilder interface {
	Build(ctx context.Context, ing *networking.Ingress, backend networking.IngressBackend, opts ...EnhancedBackendBuildOption) (EnhancedBackend, error)
}

EnhancedBackendBuilder is capable of build EnhancedBackend for Ingress backend.

type FinalizerManager 

type FinalizerManager interface {
	// AddGroupFinalizer add Ingress group finalizer for active member Ingresses.
	// Ingresses will be in-place updated.
	AddGroupFinalizer(ctx context.Context, groupID GroupID, members []ClassifiedIngress) error

	// RemoveGroupFinalizer remove Ingress group finalizer from inactive member Ingresses.
	// Ingresses will be in-place updated.
	RemoveGroupFinalizer(ctx context.Context, groupID GroupID, inactiveMembers []*networking.Ingress) error
}

FinalizerManager manages finalizer for ingresses.

type FixedResponseActionConfig 

type FixedResponseActionConfig struct {
	// The content type.
	// +optional
	ContentType *string `json:"contentType,omitempty"`

	// The message.
	// +optional
	MessageBody *string `json:"messageBody,omitempty"`

	// The HTTP response code.
	StatusCode string `json:"statusCode"`
}

Information about an action that returns a custom HTTP response.

type ForwardActionConfig 

type ForwardActionConfig struct {
	// One or more target groups.
	// [Network Load Balancers] you can specify a single target group.
	TargetGroups []TargetGroupTuple `json:"targetGroups"`

	// The target group stickiness for the rule.
	// +optional
	TargetGroupStickinessConfig *TargetGroupStickinessConfig `json:"targetGroupStickinessConfig,omitempty"`
}

Information about a forward action.

type Group 

type Group struct {
	ID GroupID

	// Members are Ingresses that is belong to this group.
	Members []ClassifiedIngress

	// InactiveMembers are Ingresses that no longer belong to this group, but still hold the finalizers.
	InactiveMembers []*networking.Ingress
}

An Ingress Group is an group of Ingresses that should be hosted by a single LoadBalancer. It's our customization for Kubernetes's Ingress Spec, an Ingress group represents an "LoadBalancer", where each member Ingress defines rules for that LoadBalancer. There are two types of group: explicit and implicit. Explicit groups are defined by either annotation(group.name) on Ingress or field(group.name) on associated IngressClassParams Implicit groups are for ingresses without explicit group, each ingress become a standalone group of itself.

type GroupID 

type GroupID types.NamespacedName

GroupID is the unique identifier for an IngressGroup within cluster.

func DecodeGroupIDFromReconcileRequest 

func DecodeGroupIDFromReconcileRequest(request ctrl.Request) GroupID

DecodeGroupIDFromReconcileRequest decodes a GroupID from a controller-runtime reconcile request

func NewGroupIDForExplicitGroup 

func NewGroupIDForExplicitGroup(groupName string) GroupID

NewGroupIDForExplicitGroup generates GroupID for an explicit group.

func NewGroupIDForImplicitGroup 

func NewGroupIDForImplicitGroup(ingKey types.NamespacedName) GroupID

NewGroupIDForImplicitGroup generates GroupID for an implicit group.

func (GroupID) IsExplicit 

func (groupID GroupID) IsExplicit() bool

IsExplicit tests whether this is an explicit group. Explicit groups are defined by either:

  • annotation on Ingress: `group.name`
  • field on associated IngressClassParams: `group.name`

func (GroupID) String 

func (groupID GroupID) String() string

String returns the string representation of a GroupID.

type GroupLoader 

type GroupLoader interface {
	// Load returns an Ingress group given groupID.
	Load(ctx context.Context, groupID GroupID) (Group, error)

	// LoadGroupIDIfAny loads the groupID for Ingress if Ingress belong to any IngressGroup.
	// Ingresses that is not managed by this controller or in deletion state won't have a groupID.
	LoadGroupIDIfAny(ctx context.Context, ing *networking.Ingress) (*GroupID, error)

	// LoadGroupIDsPendingFinalization returns groupIDs that have associated finalizer on Ingress.
	LoadGroupIDsPendingFinalization(ctx context.Context, ing *networking.Ingress) []GroupID
}

GroupLoader loads Ingress groups.

type HTTPHeaderConditionConfig 

type HTTPHeaderConditionConfig struct {
	// The name of the HTTP header field.
	HTTPHeaderName string `json:"httpHeaderName"`
	// One or more strings to compare against the value of the HTTP header.
	Values []string `json:"values"`
}

Information for an HTTP header condition.

type HTTPRequestMethodConditionConfig 

type HTTPRequestMethodConditionConfig struct {
	// The name of the request method.
	Values []string `json:"values"`
}

Information for an HTTP method condition.

type HostHeaderConditionConfig 

type HostHeaderConditionConfig struct {
	// One or more host names.
	Values []string `json:"values"`
}

Information for a host header condition.

type MockCertDiscovery 

type MockCertDiscovery struct {
	// contains filtered or unexported fields
}

MockCertDiscovery is a mock of CertDiscovery interface.

func NewMockCertDiscovery 

func NewMockCertDiscovery(ctrl *gomock.Controller) *MockCertDiscovery

NewMockCertDiscovery creates a new mock instance.

func (*MockCertDiscovery) Discover 

func (m *MockCertDiscovery) Discover(arg0 context.Context, arg1 []string) ([]string, error)

Discover mocks base method.

func (*MockCertDiscovery) EXPECT 

func (m *MockCertDiscovery) EXPECT() *MockCertDiscoveryMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

type MockCertDiscoveryMockRecorder 

type MockCertDiscoveryMockRecorder struct {
	// contains filtered or unexported fields
}

MockCertDiscoveryMockRecorder is the mock recorder for MockCertDiscovery.

func (*MockCertDiscoveryMockRecorder) Discover 

func (mr *MockCertDiscoveryMockRecorder) Discover(arg0, arg1 interface{}) *gomock.Call

Discover indicates an expected call of Discover.

type ModelBuilder 

type ModelBuilder interface {
	// build mode stack for a IngressGroup.
	Build(ctx context.Context, ingGroup Group) (core.Stack, *elbv2model.LoadBalancer, []types.NamespacedName, bool, error)
}

ModelBuilder is responsible for build mode stack for a IngressGroup.

type PathPatternConditionConfig 

type PathPatternConditionConfig struct {
	// One or more path patterns to compare against the request URL.
	Values []string `json:"values"`
}

Information about a path pattern condition.

type QueryStringConditionConfig 

type QueryStringConditionConfig struct {
	// One or more key/value pairs or values to find in the query string.
	Values []QueryStringKeyValuePair `json:"values"`
}

Information about a query string condition.

type QueryStringKeyValuePair 

type QueryStringKeyValuePair struct {
	// The key.
	// +optional
	Key *string `json:"key,omitempty"`

	// The value.
	Value string `json:"value"`
}

Information about a key/value pair.

type RedirectActionConfig 

type RedirectActionConfig struct {
	// The hostname.
	// +optional
	Host *string `json:"host,omitempty"`

	// The absolute path.
	// +optional
	Path *string `json:"path,omitempty"`

	// The port.
	// +optional
	Port *string `json:"port,omitempty"`

	// The protocol.
	// +optional
	Protocol *string `json:"protocol,omitempty"`

	// The query parameters
	// +optional
	Query *string `json:"query,omitempty"`

	// The HTTP redirect code.
	StatusCode string `json:"statusCode"`
}

Information about a redirect action.

type ReferenceIndexer 

type ReferenceIndexer interface {
	// BuildServiceRefIndexes returns the name of related Service objects.
	BuildServiceRefIndexes(ctx context.Context, ing *networking.Ingress) []string
	// BuildSecretRefIndexes returns the name of related Secret objects.
	BuildSecretRefIndexes(ctx context.Context, ingOrSvc client.Object) []string
	// BuildIngressClassRefIndexes returns the name of related IngressClass objects.
	BuildIngressClassRefIndexes(ctx context.Context, ing *networking.Ingress) []string
	// BuildIngressClassParamsRefIndexes returns the name of related IngressClassParams objects.
	BuildIngressClassParamsRefIndexes(ctx context.Context, ingClass *networking.IngressClass) []string
}

ReferenceIndexer has the ability to index Ingresses with referenced objects.

type Rule 

type Rule struct {
	Conditions []elbv2model.RuleCondition
	Actions    []elbv2model.Action
	Tags       map[string]string
}

type RuleCondition 

type RuleCondition struct {
	// The field in the HTTP request.
	Field RuleConditionField `json:"field"`
	// Information for a host header condition.
	HostHeaderConfig *HostHeaderConditionConfig `json:"hostHeaderConfig"`
	// Information for an HTTP header condition.
	HTTPHeaderConfig *HTTPHeaderConditionConfig `json:"httpHeaderConfig"`
	// Information for an HTTP method condition.
	HTTPRequestMethodConfig *HTTPRequestMethodConditionConfig `json:"httpRequestMethodConfig"`
	// Information for a path pattern condition.
	PathPatternConfig *PathPatternConditionConfig `json:"pathPatternConfig"`
	// Information for a query string condition.
	QueryStringConfig *QueryStringConditionConfig `json:"queryStringConfig"`
	// Information for a source IP condition.
	SourceIPConfig *SourceIPConditionConfig `json:"sourceIPConfig"`
}

Information about a condition for a rule.

func (*RuleCondition) Validate 

func (c *RuleCondition) Validate() error

type RuleConditionField 

type RuleConditionField string
const (
	RuleConditionFieldHTTPHeader        RuleConditionField = "http-header"
	RuleConditionFieldHTTPRequestMethod RuleConditionField = "http-request-method"
	RuleConditionFieldHostHeader        RuleConditionField = "host-header"
	RuleConditionFieldPathPattern       RuleConditionField = "path-pattern"
	RuleConditionFieldQueryString       RuleConditionField = "query-string"
	RuleConditionFieldSourceIP          RuleConditionField = "source-ip"
)

type RuleOptimizer 

type RuleOptimizer interface {
	Optimize(ctx context.Context, port int64, protocol elbv2model.Protocol, rules []Rule) ([]Rule, error)
}

RuleOptimizer will optimize the listener Rules for a single Listener.

type SSLRedirectConfig 

type SSLRedirectConfig struct {
	// The SSLPort to redirect to for all HTTP port
	SSLPort int64
	// The HTTP response code.
	StatusCode string
}

SSLRedirectConfig contains configuration for SSLRedirect feature.

type SourceIPConditionConfig 

type SourceIPConditionConfig struct {
	// One or more source IP addresses, in CIDR format.
	Values []string `json:"values"`
}

Information about a source IP condition.

type TargetGroupStickinessConfig 

type TargetGroupStickinessConfig struct {
	// Indicates whether target group stickiness is enabled.
	// +optional
	Enabled *bool `json:"enabled,omitempty"`

	// The time period, in seconds, during which requests from a client should be routed to the same target group.
	// +optional
	DurationSeconds *int64 `json:"durationSeconds,omitempty"`
}

Information about the target group stickiness for a rule.

type TargetGroupTuple 

type TargetGroupTuple struct {
	// The Amazon Resource Name (ARN) of the target group.
	TargetGroupARN *string `json:"targetGroupARN"`

	// the K8s service Name
	ServiceName *string `json:"serviceName"`

	// the K8s service port
	ServicePort *intstr.IntOrString `json:"servicePort"`

	// The weight.
	// +optional
	Weight *int64 `json:"weight,omitempty"`
}

Information about how traffic will be distributed between multiple target groups in a forward rule.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.