Documentation ¶
Index ¶
- Constants
- Variables
- func HasRBSAnnotation(service *v1.Service) bool
- func OnlyStatusAnnotationsChanged(oldService, newService *v1.Service) bool
- func WantsL4ILB(service *v1.Service) (bool, string)
- func WantsL4NetLB(service *v1.Service) (bool, string)
- type AppProtocol
- type BackendConfigs
- type DestinationRuleNEGStatus
- type Ingress
- func (ing *Ingress) AllowHTTP() bool
- func (ing *Ingress) FrontendConfig() string
- func (ing *Ingress) GlobalStaticIPName() string
- func (ing *Ingress) IngressClass() string
- func (ing *Ingress) RegionalStaticIPName() string
- func (ing *Ingress) StaticIPName() (string, error)
- func (ing *Ingress) SuppressFirewallXPNError() bool
- func (ing *Ingress) UseNamedTLS() string
- type LoadBalancerType
- type NegAnnotation
- type NegAttributes
- type NegStatus
- type PortNegMap
- type PortSubsetNegMap
- type Service
- func (svc *Service) ApplicationProtocols() (map[string]AppProtocol, error)
- func (svc *Service) GetBackendConfigs() (*BackendConfigs, error)
- func (svc *Service) GetExternalLoadBalancerAnnotationSubnet() string
- func (svc *Service) GetInternalLoadBalancerAnnotationSubnet() string
- func (svc *Service) IsThcAnnotated() (bool, error)
- func (svc *Service) NEGAnnotation() (*NegAnnotation, bool, error)
- func (svc *Service) NEGStatus() (*NegStatus, bool, error)
- type THCAnnotation
Constants ¶
const ( // StatusPrefix is the prefix used in annotations used to record // debug information in the Ingress annotations. StatusPrefix = "ingress.kubernetes.io" // AllowHTTPKey tells the Ingress controller to allow/block HTTP access. // If either unset or set to true, the controller will create a // forwarding-rule for port 80, and any additional rules based on the TLS // section of the Ingress. If set to false, the controller will only create // rules for port 443 based on the TLS section. AllowHTTPKey = "kubernetes.io/ingress.allow-http" // GlobalStaticIPNameKey tells the Ingress controller to use a specific GCE // static ip for its forwarding rules. If specified, the Ingress controller // assigns the static ip by this name to the forwarding rules of the given // Ingress. The controller *does not* manage this ip, it is the users // responsibility to create/delete it. GlobalStaticIPNameKey = "kubernetes.io/ingress.global-static-ip-name" // RegionalStaticIPNameKey tells the Ingress controller to use a specific GCE // internal static ip for its forwarding rules. If specified, the Ingress controller // assigns the static ip by this name to the forwarding rules of the given // Ingress. The controller *does not* manage this ip, it is the users // responsibility to create/delete it. RegionalStaticIPNameKey = "kubernetes.io/ingress.regional-static-ip-name" // certificate for the Ingress controller to use. The controller *does not* // manage this certificate, it is the users responsibility to create/delete it. // In GCP, the Ingress controller assigns the SSL certificate with this name // to the target proxies of the Ingress. PreSharedCertKey = "ingress.gcp.kubernetes.io/pre-shared-cert" // IngressClassKey picks a specific "class" for the Ingress. The controller // only processes Ingresses with this annotation either unset, or set // to either gceIngressClass or the empty string. IngressClassKey = "kubernetes.io/ingress.class" GceIngressClass = "gce" GceMultiIngressClass = "gce-multi-cluster" GceL7ILBIngressClass = "gce-internal" // Label key to denote which GCE zone a Kubernetes node is in. ZoneKey = "topology.kubernetes.io/zone" DefaultZone = "" // InstanceGroupsAnnotationKey is the annotation key used by controller to // specify the name and zone of instance groups created for the ingress. // This is read only for users. Controller will overwrite any user updates. // This is only set for ingresses with ingressClass = "gce-multi-cluster" InstanceGroupsAnnotationKey = "ingress.gcp.kubernetes.io/instance-groups" // SuppressFirewallXPNErrorKey is the annotation key used by firewall // controller whether to suppress firewallXPNError. SuppressFirewallXPNErrorKey = "networking.gke.io/suppress-firewall-xpn-error" // FrontendConfigKey is the annotation key used by controller to specify // the FrontendConfig resource which should be associated with the Ingress. // The value of the annotation is the name of the FrontendConfig resource. // Examples: // - annotations: // networking.gke.io/v1beta1.FrontendConfig: 'my-frontendconfig' FrontendConfigKey = "networking.gke.io/v1beta1.FrontendConfig" // UrlMapKey is the annotation key used by controller to record GCP URL map. UrlMapKey = StatusPrefix + "/url-map" // UrlMapKey is the annotation key used by controller to record GCP URL map used for Https Redirects only. RedirectUrlMapKey = StatusPrefix + "/redirect-url-map" // HttpForwardingRuleKey is the annotation key used by controller to record // GCP http forwarding rule. HttpForwardingRuleKey = StatusPrefix + "/forwarding-rule" // HttpsForwardingRuleKey is the annotation key used by controller to record // GCP https forwarding rule. HttpsForwardingRuleKey = StatusPrefix + "/https-forwarding-rule" // TargetHttpProxyKey is the annotation key used by controller to record // GCP target http proxy. TargetHttpProxyKey = StatusPrefix + "/target-proxy" // TargetHttpsProxyKey is the annotation key used by controller to record // GCP target https proxy. TargetHttpsProxyKey = StatusPrefix + "/https-target-proxy" // SSLCertKey is the annotation key used by controller to record GCP ssl cert. SSLCertKey = StatusPrefix + "/ssl-cert" // StaticIPKey is the annotation key used by controller to record GCP static ip. StaticIPKey = StatusPrefix + "/static-ip" )
const ( // ServiceApplicationProtocolKey and GoogleServiceApplicationProtocolKey // is a stringified JSON map of port names to protocol strings. // Possible values are HTTP, HTTPS and HTTP2. // Example: // '{"my-https-port":"HTTPS","my-http-port":"HTTP"}' // Note: ServiceApplicationProtocolKey will be deprecated. ServiceApplicationProtocolKey = "service.alpha.kubernetes.io/app-protocols" GoogleServiceApplicationProtocolKey = "cloud.google.com/app-protocols" // NEGAnnotationKey is the annotation key to enable GCE NEG. // The value of the annotation must be a valid JSON string in the format // specified by type NegAnnotation. To enable, must have either Ingress: true // or a non-empty ExposedPorts map referencing valid ServicePorts. // examples: // - `{"exposed_ports":{"80":{},"443":{}}}` // - `{"ingress":true}` // - `{"ingress": true,"exposed_ports":{"3000":{},"4000":{}}}` NEGAnnotationKey = "cloud.google.com/neg" // NEGStatusKey is the annotation key whose value is the status of the NEGs // on the Service, and is applied by the NEG Controller. NEGStatusKey = "cloud.google.com/neg-status" // BetaBackendConfigKey is a stringified JSON with two fields: // - "ports": a map of port names or port numbers to backendConfig names // - "default": denotes the default backendConfig name for all ports except // those are explicitly referenced. // Examples: // - '{"ports":{"my-https-port":"config-https","my-http-port":"config-http"}}' // - '{"default":"config-default","ports":{"my-https-port":"config-https"}}' BetaBackendConfigKey = "beta.cloud.google.com/backend-config" // BackendConfigKey is GA version of backend config key. BackendConfigKey = "cloud.google.com/backend-config" // NetworkTierAnnotationKey is annotated on a Service object to indicate which // network tier a GCP LB should use. // The valid values are "Standard" and "Premium" (default, if unspecified). NetworkTierAnnotationKey = "cloud.google.com/network-tier" // THCAnnotationKey is the boolean annotation key to enable Transparent Health Checks. THCAnnotationKey = "networking.gke.io/transparent-health-checker" // ProtocolHTTP protocol for a service ProtocolHTTP AppProtocol = "HTTP" // ProtocolHTTPS protocol for a service ProtocolHTTPS AppProtocol = "HTTPS" // ProtocolHTTP2 protocol for a service ProtocolHTTP2 AppProtocol = "HTTP2" IPv6Suffix = "-ipv6" // ServiceStatusPrefix is the prefix used in annotations used to record // debug information in the Service annotations. This is applicable to L4 ILB services. ServiceStatusPrefix = "service.kubernetes.io" // TCPForwardingRuleKey is the annotation key used by l4 controller to record // GCP TCP forwarding rule name. TCPForwardingRuleKey = ServiceStatusPrefix + "/tcp-" + ForwardingRuleResource // UDPForwardingRuleKey is the annotation key used by l4 controller to record // GCP UDP forwarding rule name. UDPForwardingRuleKey = ServiceStatusPrefix + "/udp-" + ForwardingRuleResource // TCPForwardingRuleIPv6Key is the annotation key used by l4 controller to record // GCP IPv6 TCP forwarding rule name. TCPForwardingRuleIPv6Key = TCPForwardingRuleKey + IPv6Suffix // UDPForwardingRuleIPv6Key is the annotation key used by l4 controller to record // GCP IPv6 UDP forwarding rule name. UDPForwardingRuleIPv6Key = UDPForwardingRuleKey + IPv6Suffix // BackendServiceKey is the annotation key used by l4 controller to record // GCP Backend service name. BackendServiceKey = ServiceStatusPrefix + "/" + BackendServiceResource // FirewallRuleKey is the annotation key used by l4 controller to record // GCP Firewall rule name. FirewallRuleKey = ServiceStatusPrefix + "/" + FirewallRuleResource // FirewallRuleIPv6Key is the annotation key used by l4 controller to record // GCP IPv6 Firewall rule name. FirewallRuleIPv6Key = FirewallRuleKey + IPv6Suffix // HealthcheckKey is the annotation key used by l4 controller to record // GCP Healthcheck name. HealthcheckKey = ServiceStatusPrefix + "/" + HealthcheckResource // FirewallRuleForHealthcheckKey is the annotation key used by l4 controller to record // the firewall rule name that allows healthcheck traffic. FirewallRuleForHealthcheckKey = ServiceStatusPrefix + "/" + FirewallForHealthcheckResource // FirewallRuleForHealthcheckIPv6Key is the annotation key used by l4 controller to record // the firewall rule name that allows IPv6 healthcheck traffic. FirewallRuleForHealthcheckIPv6Key = FirewallRuleForHealthcheckKey + IPv6Suffix ForwardingRuleResource = "forwarding-rule" ForwardingRuleIPv6Resource = ForwardingRuleResource + IPv6Suffix BackendServiceResource = "backend-service" FirewallRuleResource = "firewall-rule" FirewallRuleIPv6Resource = FirewallRuleResource + IPv6Suffix HealthcheckResource = "healthcheck" FirewallForHealthcheckResource = "firewall-rule-for-hc" FirewallForHealthcheckIPv6Resource = FirewallRuleForHealthcheckKey + IPv6Suffix AddressResource = "address" // TODO(slavik): import this from gce_annotations when it will be merged in k8s RBSAnnotationKey = "cloud.google.com/l4-rbs" RBSEnabled = "enabled" // CustomSubnetAnnotationKey is the new way to specify custom subnet both for ILB and NetLB (only for IPv6) // Replaces networking.gke.io/internal-load-balancer-subnet with backward compatibility. CustomSubnetAnnotationKey = "networking.gke.io/load-balancer-subnet" )
Variables ¶
var ( ErrBackendConfigNoneFound = errors.New("no BackendConfig's found in annotation") ErrBackendConfigInvalidJSON = errors.New("BackendConfig annotation is invalid json") ErrBackendConfigAnnotationMissing = errors.New("BackendConfig annotation is missing") ErrNEGAnnotationInvalid = errors.New("NEG annotation is invalid.") ErrTHCAnnotationInvalid = errors.New("THC annotation is invalid") )
Functions ¶
func HasRBSAnnotation ¶ added in v1.24.0
HasRBSAnnotation checks if the given service has the RBS annotation.
func OnlyStatusAnnotationsChanged ¶ added in v1.10.2
OnlyStatusAnnotationsChanged returns true if the only annotation change between the 2 services is the NEG or ILB resources annotations. Note : This assumes that the annotations in old and new service are different. If they are identical, this will return true.
func WantsL4ILB ¶ added in v1.9.0
WantsL4ILB checks if the given service requires L4 ILB. the function returns a boolean as well as the loadbalancer type(string).
Types ¶
type BackendConfigs ¶ added in v1.2.2
type DestinationRuleNEGStatus ¶ added in v1.7.0
type DestinationRuleNEGStatus struct { NetworkEndpointGroups PortSubsetNegMap `json:"network_endpoint_groups,omitempty"` // Zones is a list of zones where the NEGs exist. Zones []string `json:"zones,omitempty"` }
DestinationRuleNEGStatus holds the NEGs Zones info. NetworkEndpointGroups(PortSubsetNegMap) is the mapping between subset to NEG name. Structure: {
"subsetv1": { "9080": "somehash-default-reviews-v1-9080", } "v2": { "9080": "somehash-default-reviews-v2-9080", }
}
func NewDestinationRuleNegStatus ¶ added in v1.7.0
func NewDestinationRuleNegStatus(zones []string, portSubsetToNegs PortSubsetNegMap) DestinationRuleNEGStatus
NewDestinationRuleNegStatus generates a NegStatus denoting the current NEGs associated with the given PortSubsetNegMap.
func ParseDestinationRuleNEGStatus ¶ added in v1.8.0
func ParseDestinationRuleNEGStatus(annotation string) (DestinationRuleNEGStatus, error)
ParseDestinationRuleNEGStatus parses the given annotation into DestinationRuleNEGStatus struct
func (DestinationRuleNEGStatus) Marshal ¶ added in v1.7.0
func (ns DestinationRuleNEGStatus) Marshal() (string, error)
Marshal returns the DestinationRuleNEGStatus in json string.
type Ingress ¶
type Ingress struct {
// contains filtered or unexported fields
}
Ingress represents ingress annotations.
func FromIngress ¶
FromIngress extracts the annotations from an Ingress definition.
func (*Ingress) FrontendConfig ¶ added in v1.6.0
func (*Ingress) GlobalStaticIPName ¶ added in v1.9.9
func (*Ingress) IngressClass ¶
func (*Ingress) RegionalStaticIPName ¶ added in v1.9.9
func (*Ingress) StaticIPName ¶
func (*Ingress) SuppressFirewallXPNError ¶ added in v1.4.0
SuppressFirewallXPNError returns the SuppressFirewallXPNErrorKey flag. False by default.
func (*Ingress) UseNamedTLS ¶
UseNamedTLS returns the name of the GCE SSL certificate. Empty by default.
type LoadBalancerType ¶ added in v1.21.0
type LoadBalancerType string
LoadBalancerType defines a specific type for holding load balancer types (eg. Internal)
const ( // ServiceAnnotationLoadBalancerType is annotated on a service with type LoadBalancer // dictates what specific kind of GCP LB should be assembled. // Currently, only "Internal" is supported. ServiceAnnotationLoadBalancerType = "networking.gke.io/load-balancer-type" // LBTypeInternal is the constant for the official internal type. LBTypeInternal LoadBalancerType = "Internal" )
func GetLoadBalancerAnnotationType ¶ added in v1.21.0
func GetLoadBalancerAnnotationType(service *v1.Service) LoadBalancerType
GetLoadBalancerAnnotationType returns the type of GCP load balancer which should be assembled.
type NegAnnotation ¶ added in v1.2.2
type NegAnnotation struct { // "Ingress" indicates whether to enable NEG feature for Ingress referencing // the service. Each NEG correspond to a service port. // NEGs will be created and managed under the following conditions: // 1. Service is referenced by ingress // 2. "ingress" is set to "true". Default to "false" // When the above conditions are satisfied, Ingress will create a load balancer // and target corresponding NEGs as backends. Service Nodeport is not required. Ingress bool `json:"ingress,omitempty"` // ExposedPorts specifies the service ports to be exposed as stand-alone NEG. // The exposed NEGs will be created and managed by NEG controller. // ExposedPorts maps ServicePort to attributes of the NEG that should be // associated with the ServicePort. ExposedPorts map[int32]NegAttributes `json:"exposed_ports,omitempty"` }
NegAnnotation is the format of the annotation associated with the NEGAnnotationKey key.
func (*NegAnnotation) NEGEnabled ¶ added in v1.3.1
func (n *NegAnnotation) NEGEnabled() bool
NEGExposed is true if the service uses NEG
func (*NegAnnotation) NEGEnabledForIngress ¶ added in v1.3.1
func (n *NegAnnotation) NEGEnabledForIngress() bool
NEGEnabledForIngress returns true if the annotation is to be applied on Ingress-referenced ports
func (*NegAnnotation) NEGExposed ¶ added in v1.3.1
func (n *NegAnnotation) NEGExposed() bool
NEGExposed is true if the service exposes NEGs
func (*NegAnnotation) String ¶ added in v1.6.0
func (n *NegAnnotation) String() string
type NegAttributes ¶ added in v1.2.2
type NegAttributes struct { // Note - in the future, this will be used for custom naming of NEGs. // Currently has no effect. Name string `json:"name,omitempty"` }
NegAttributes houses the attributes of the NEGs that are associated with the service. Future extensions to the Expose NEGs annotation should be added here.
type NegStatus ¶ added in v1.6.0
type NegStatus struct { // NetworkEndpointGroups returns the mapping between service port and NEG // resource. key is service port, value is the name of the NEG resource. NetworkEndpointGroups PortNegMap `json:"network_endpoint_groups,omitempty"` // Zones is a list of zones where the NEGs exist. Zones []string `json:"zones,omitempty"` }
NegStatus contains name and zone of the Network Endpoint Group resources associated with this service
func NewNegStatus ¶ added in v1.6.0
func NewNegStatus(zones []string, portToNegs PortNegMap) NegStatus
NewNegStatus generates a NegStatus denoting the current NEGs associated with the given ports.
func ParseNegStatus ¶ added in v1.6.0
ParseNegStatus parses the given annotation into NEG status struct
type PortNegMap ¶ added in v1.6.0
PortNegMap is the mapping between service port to NEG name
type PortSubsetNegMap ¶ added in v1.7.0
PortSubsetNegMap is the mapping between subset to NEG name.
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service represents Service annotations.
func FromService ¶
FromService extracts the annotations from an Service definition.
func (*Service) ApplicationProtocols ¶
func (svc *Service) ApplicationProtocols() (map[string]AppProtocol, error)
ApplicationProtocols returns a map of port (name or number) to the protocol on the port.
func (*Service) GetBackendConfigs ¶ added in v1.2.2
func (svc *Service) GetBackendConfigs() (*BackendConfigs, error)
GetBackendConfigs returns BackendConfigs for the service.
func (*Service) GetExternalLoadBalancerAnnotationSubnet ¶ added in v1.24.0
GetExternalLoadBalancerAnnotationSubnet returns the configured subnet to assign LoadBalancer IP from. Currently useful only for IPv6 External LoadBalancers.
func (*Service) GetInternalLoadBalancerAnnotationSubnet ¶ added in v1.24.0
GetInternalLoadBalancerAnnotationSubnet returns the configured subnet to assign LoadBalancer IP from.
func (*Service) IsThcAnnotated ¶ added in v1.24.0
IsThcAnnotated returns true if a THC annotation is found and its value is true.
func (*Service) NEGAnnotation ¶ added in v1.3.1
func (svc *Service) NEGAnnotation() (*NegAnnotation, bool, error)
NEGAnnotation returns true if NEG annotation is found. If found, it also returns NEG annotation struct.
type THCAnnotation ¶ added in v1.24.0
type THCAnnotation struct { // "enabled" indicates whether to enable the Transparent Health Checks feature. Enabled bool `json:"enabled,omitempty"` }
THCAnnotation is the format of the annotation associated with the THCAnnotationKey key.