common

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 15, 2024 License: Apache-2.0 Imports: 0 Imported by: 0

Documentation

Index

Constants

View Source
const (
	MseVersion                            = "mse-1.2.18"
	MseProviderName                       = "MSE"
	MseDefaultServerEndpoint              = "mse.cn-hangzhou.aliyuncs.com"
	MseBurstMultiplier1X                  = "1"
	MseBurstMultiplier2X                  = "2"
	MseBurstMultiplier3X                  = "3"
	MseBurstMultiplier4X                  = "4"
	MseIngressControllerAckNamespace      = "mse-ingress-controller"
	MseIngressControllerAckDeploymentName = "ack-mse-ingress-controller"
	MseNeedDropAnnotation                 = "need_drop_annotation"
)
View Source
const (
	//Plugin name
	MsePluginKeyAuth         string = "key-auth"
	MsePluginBasicAuth       string = "basic-auth"
	MsePluginHmacAuth        string = "hmac-auth"
	MsePluginCustomResponse  string = "custom-response"
	MsePluginRequestBlock    string = "request-block"
	MsePluginBotDetect       string = "bot-detect"
	MsePluginKeyRateLimit    string = "key-rate-limit"
	MsePluginHttp2Misdirect  string = "http2-misdirect"
	MsePluginJwtAuth         string = "jwt-auth"
	MsePluginHttpRealIP      string = "http-real-ip"
	MsePluginEDASServiceAuth string = "edas-service-auth"
	MsePluginWaf             string = "waf"
	MsePluginParaSignAuth    string = "erda-para-sign-auth"
	MsePluginIP              string = "erda-ip"
	MsePluginSbac            string = "erda-sbac"
	MsePluginCsrf            string = "erda-csrf"
)

MSE 支持的插件名称及ID (通过 MSE 的获取网关插件列表的 API 获取,并非随意自定义)

View Source
const (
	MseErdaIpRouteSwitch         = "MSE_ERDA_IP_ROUTE_SWITCH"
	MseErdaIpIpSource            = "IP_SOURCE"
	MseErdaIpAclType             = "ACL_TYPE"
	MseErdaIpAclList             = "ACL_LIST"
	MseErdaIpAclBlack            = "black"
	MseErdaIpAclWhite            = "white"
	MseErdaIpSourceRemoteIP      = "remote-ip"
	MseErdaIpSourceXRealIP       = "x-real-ip"
	MseErdaIpSourceXForwardedFor = "x-forwarded-for"

	MseErdaSBACRouteSwitch               = "MSE_ERDA_SBAC_ROUTE_SWITCH"
	MseErdaSBACAccessControlAPI          = "http://test-sbac.default.svc.cluster.local:8080/"
	MseErdaSBACConfigAccessControlAPI    = "access_control_api"
	MseErdaSBACConfigMatchPatterns       = "patterns"
	MseErdaSBACConfigHttpMethods         = "methods"
	MseErdaSBACConfigWithHeaders         = "with_headers"
	MseErdaSBACConfigWithCookie          = "with_cookie"
	MseErdaSBACConfigDefaultMatchPattern = "^/"
	MseErdaSBACConfigDefaultWithHeader   = "*"

	MseErdaCSRFRouteSwitch          = "MSE_ERDA_CSRF_ROUTE_SWITCH"
	MseErdaCSRFConfigUserCookie     = "biz_cookie"
	MseErdaCSRFConfigExcludedMethod = "excluded_method"
	MseErdaCSRFConfigTokenKey       = "token_key"
	MseErdaCSRFConfigTokenCookie    = "token_cookie"
	MseErdaCSRFConfigTokenDomain    = "biz_domain"
	MseErdaCSRFConfigCookieSecure   = "secure_cookie"
	MseErdaCSRFConfigValidTTL       = "valid_ttl"
	MseErdaCSRFConfigRefreshTTL     = "refresh_ttl"
	MseErdaCSRFConfigErrStatus      = "err_status"
	MseErdaCSRFConfigErrMsg         = "err_message"
	MseErdaCSRFConfigSecret         = "jwt_secret"

	MseErdaCSRFDefaultUserCookie   = "uc-token"
	MseErdaCSRFDefaultTokenName    = "csrf-token"
	MseErdaCSRFDefaultTokenDomain  = ""
	MseErdaCSRFDefaultCookieSecure = false
	MseErdaCSRFDefaultValidTTL     = int64(1800)
	MseErdaCSRFDefaultRefreshTTL   = int64(10)
	MseErdaCSRFDefaultErrStatus    = int64(403)
	MseErdaCSRFDefaultErrMsg       = `{"message":"This form has expired. Please refresh and try again."}`
	MseErdaCSRFDefaultJWTSecret    = "e796dce47e561ff926d2916144b8e4bf"
)

MSE 自定义插件使用到的一些常量名称

Variables

View Source
var MapClusterNameToMSEPluginNameToPluginID map[string]map[string]*int64

Functions

This section is empty.

Types

type Annotation

type Annotation string
const (

	// 流量治理--Header 控制 header control
	AnnotationMSEHeaderControlRequestHeaderControlAdd     Annotation = "mse.ingress.kubernetes.io/request-header-control-add"     // Ingress  请求在转发给后端服务时,添加指定Header。若该Header存在,则其值拼接在原有值后面
	AnnotationMSEHeaderControlRequestHeaderControlUpdate  Annotation = "mse.ingress.kubernetes.io/request-header-control-update"  // Ingress  请求在转发给后端服务时,修改指定Header。若该Header存在,则其值覆盖原有值
	AnnotationMSEHeaderControlRequestHeaderControlRemove  Annotation = "mse.ingress.kubernetes.io/request-header-control-remove"  // Ingress  请求在转发给后端服务时,删除指定Header
	AnnotationMSEHeaderControlResponseHeaderControlAdd    Annotation = "mse.ingress.kubernetes.io/response-header-control-add"    // Ingress  请求收到后端服务响应后,在转发响应给客户端之前需要添加指定Header。若该Header存在,则其值拼接在原有值后面
	AnnotationMSEHeaderControlResponseHeaderControlUpdate Annotation = "mse.ingress.kubernetes.io/response-header-control-update" // Ingress  请求收到后端服务响应后,在转发响应给客户端之前需要修改指定Header。若该Header存在,则其值覆盖原有值
	AnnotationMSEHeaderControlResponseHeaderControlRemove Annotation = "mse.ingress.kubernetes.io/response-header-control-remove" // Ingress  请求收到后端服务响应后,在转发响应给客户端之前需要删除指定Header

	// 流量治理--超时 timeout
	AnnotationMSETimeOut Annotation = "mse.ingress.kubernetes.io/timeout" // Ingress  请求的超时时间,单位为秒。默认未配置超时时间 (说明:超时设置作用在应用层,非传输层TCP。)

	// 流量治理--单机限流 limit
	AnnotationMSELimitRouteLimitRPM             Annotation = "mse.ingress.kubernetes.io/route-limit-rpm"              // Ingress  该Ingress定义的路由在每个网关实例上每分钟最大请求次数。瞬时最大请求次数为该值乘以limit-burst-multiplier
	AnnotationMSELimitRouteLimitRPS             Annotation = "mse.ingress.kubernetes.io/route-limit-rps"              // Ingress  该Ingress定义的路由在每个网关实例上每秒最大请求次数。瞬时最大请求次数为该值乘以limit-burst-multiplier
	AnnotationMSELimitRouteLimitBurstMultiplier Annotation = "mse.ingress.kubernetes.io/route-limit-burst-multiplier" // Ingress  瞬时最大请求次数的因子,默认为5

	// 流量治理--服务预热 warmup
	AnnotationMSEServiceWarmUp Annotation = "mse.ingress.kubernetes.io/warmup" // Service   服务预热时间,单位为秒。默认不开启。

	// 流量治理--IP 访问控制 blacklist/whitelist
	AnnotationMSEBlackListSourceRange       Annotation = "mse.ingress.kubernetes.io/blacklist-source-range"        // Ingress  指定路由上的IP黑名单,支持IP地址或CIDR地址块,以英文逗号分隔
	AnnotationMSEDomainWhitelistSourceRange Annotation = "mse.ingress.kubernetes.io/domain-whitelist-source-range" // Ingress  指定域名上的IP白名单,域名优先级低于路由级别,支持IP地址或CIDR地址块,以英文逗号分隔
	AnnotationMSEDomainBlacklistSourceRange Annotation = "mse.ingress.kubernetes.io/domain-blacklist-source-range" // Ingress  指定域名上的IP黑名单,域名优先级低于路由级别,支持IP地址或CIDR地址块,以英文逗号分隔。

	// 安全防护--客户端与网关之间加密通信
	AnnotationMSETLSMinProtocolVersion Annotation = "mse.ingress.kubernetes.io/tls-min-protocol-version" // Domain  指定TLS的最小版本,默认值为TLSv1.0。合法值如下: TLSv1.0  TLSv1.1  TLSv1.2 TLSv1.3
	AnnotationMSETLSMaxProtocolVersion Annotation = "mse.ingress.kubernetes.io/tls-max-protocol-version" // Domain  指定TLS的最小版本,默认值为TLSv1.0。合法值如下: TLSv1.0  TLSv1.1  TLSv1.2 TLSv1.3
	AnnotationMSEAuthTLSSecret         Annotation = "mse.ingress.kubernetes.io/auth-tls-secret"          // Domain  网关使用的CA证书,用于验证MTLS握手期间,客户端提供的证书。该注解主要应用于网关需要验证客户端身份的场景。
)

https://help.aliyun.com/document_detail/424813.htm

func (Annotation) String

func (in Annotation) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL