v1beta1

package
v1.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 26, 2022 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Copyright The Voyager Authors.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright The Voyager Authors.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright The Voyager Authors.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source
const (
	EngressKey = "ingress.appscode.com"

	APISchema        = EngressKey + "/" + "api-schema" // APISchema = {APIGroup}/{APIVersion}
	APISchemaEngress = "voyager.appscode.com" + "/v1beta1"
	APISchemaIngress = "extensions/v1beta1"

	VoyagerPrefix = "voyager-"

	// LB stats options
	StatsOn          = EngressKey + "/" + "stats"
	StatsPort        = EngressKey + "/" + "stats-port"
	StatsSecret      = EngressKey + "/" + "stats-secret-name"
	StatsServiceName = EngressKey + "/" + "stats-service-name"
	DefaultStatsPort = 56789

	LBTypeHostPort     = "HostPort"
	LBTypeNodePort     = "NodePort"
	LBTypeLoadBalancer = "LoadBalancer" // default
	LBTypeInternal     = "Internal"
	LBType             = EngressKey + "/" + "type"

	// Replicas specify # of HAProxy pods run (default 1)
	Replicas = EngressKey + "/" + "replicas"

	// IP to be assigned to cloud load balancer
	LoadBalancerIP = EngressKey + "/" + "load-balancer-ip" // IP or empty

	// BackendWeight is the weight value of a Pod that was
	// addressed by the Endpoint, this weight will be added to server backend.
	// Traffic will be forwarded according to there weight.
	BackendWeight = EngressKey + "/" + "backend-weight"

	// https://github.com/appscode/voyager/issues/103
	// ServiceAnnotations is user provided annotations map that will be
	// applied to the service of that LoadBalancer.
	// ex: "ingress.appscode.com/annotations-service": {"key": "val"}
	ServiceAnnotations        = EngressKey + "/" + "annotations-service"
	LastAppliedAnnotationKeys = EngressKey + "/" + "last-applied-annotation-keys"

	// PodAnnotations is user provided annotations map that will be
	// applied to the Pods (Deployment/ DaemonSet) of that LoadBalancer.
	// ex: "ingress.appscode.com/annotations-pod": {"key": "val"}
	PodAnnotations = EngressKey + "/" + "annotations-pod"

	// Preserves source IP for LoadBalancer type ingresses. The actual configuration
	// generated depends on the underlying cloud provider.
	//
	// - gce, gke, azure: Sets "ExternalTrafficPolicy" to "Local" for HAProxy services.
	// Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
	//
	// - aws: Enables accept-proxy.
	// Enforces the use of the PROXY protocol over any connection accepted by any of
	// the sockets declared on the same line. Versions 1 and 2 of the PROXY protocol
	// are supported and correctly detected. The PROXY protocol dictates the layer
	// 3/4 addresses of the incoming connection to be used everywhere an address is
	// used, with the only exception of "tcp-request connection" rules which will
	// only see the real connection address. Logs will reflect the addresses
	// indicated in the protocol, unless it is violated, in which case the real
	// address will still be used.  This keyword combined with support from external
	// components can be used as an efficient and reliable alternative to the
	// X-Forwarded-For mechanism which is not always reliable and not even always
	// usable. See also "tcp-request connection expect-proxy" for a finer-grained
	// setting of which client is allowed to use the protocol.
	// Ref: https://github.com/kubernetes/kubernetes/blob/release-1.5/pkg/cloudprovider/providers/aws/aws.go#L79
	KeepSourceIP = EngressKey + "/" + "keep-source-ip"

	// https://github.com/appscode/voyager/issues/1128
	HealthCheckNodeport = EngressKey + "/" + "health-check-nodeport"

	// Enforces the use of the PROXY protocol over any connection accepted by HAProxy.
	AcceptProxy = EngressKey + "/" + "accept-proxy"

	// Enforces use of the PROXY protocol over any connection established to this server.
	// Possible values are "v1", "v2", "v2-ssl" and "v2-ssl-cn"
	SendProxy = EngressKey + "/" + "send-proxy"

	// Annotations applied to resources offshoot from an ingress
	OriginAPISchema = EngressKey + "/" + "origin-api-schema" // APISchema = {APIGroup}/{APIVersion}
	OriginName      = EngressKey + "/" + "origin-name"

	// https://github.com/appscode/voyager/issues/280
	// Supports all valid timeout option for defaults section of HAProxy
	// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-timeout%20check
	// expects a json encoded map
	// ie: "ingress.appscode.com/default-timeout": {"client": "5s"}
	//
	// If the annotation is not set default values used to config defaults section will be:
	//
	// timeout  connect         5s
	// timeout  client          50s
	// timeout  client-fin      50s
	// timeout  server          50s
	// timeout  tunnel          50s
	DefaultsTimeOut = EngressKey + "/" + "default-timeout"

	// Defines the maximum time allowed to perform a clean soft-stop.
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#hard-stop-after
	HardStopAfter        = EngressKey + "/" + "hard-stop-after"
	DefaultHardStopAfter = "30s"

	// https://github.com/appscode/voyager/issues/343
	// Supports all valid options for defaults section of HAProxy config
	// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-option%20abortonclose
	// from the list from here
	// expects a json encoded map
	// ie: "ingress.appscode.com/default-option": '{"http-keep-alive": "true", "dontlognull": "true", "clitcpka": "false"}'
	// This will be appended in the defaults section of HAProxy as
	//
	//   option http-keep-alive
	//   option dontlognull
	//   no option clitcpka
	//
	DefaultsOption = EngressKey + "/" + "default-option"

	// Available Options:
	//
	// ssl: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.2-ssl
	// 		Creates a TLS/SSL socket when connecting to this server in order to cipher/decipher the traffic.
	//   	If verify not set the following error may occurred:
	//    		[/etc/haproxy/haproxy.cfg:49] verify is enabled by default but no CA file specified.
	//    		If you're running on a LAN where you're certain to trust the server's certificate,
	//    		please set an explicit 'verify none' statement on the 'server' line, or use
	//    		'ssl-server-verify none' in the global section to disable server-side verifications by default.
	//
	// verify [none|required]: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.2-verify
	//   	Sets HAProxy‘s behavior regarding the certificated presented by the server:
	//     		- none : Doesn’t verify the certificate of the server
	//     		- required (default value) : TLS handshake is aborted if the validation of the certificate presented by the server returns an error.
	//
	// verifyhost <hostname>: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.2-verifyhost
	//    	Sets a <hostname> to look for in the Subject and SubjectAlternateNames fields provided in the
	//    	certificate sent by the server. If <hostname> can’t be found, then the TLS handshake is aborted.
	//    	This only applies when verify required is configured.
	//
	// Example: ingress.appscode.com/backend-tls: "ssl verify none"
	//
	// If this annotation is not set HAProxy will connect to backend as http.
	// This value should not be set if the backend do not support https resolution.
	BackendTLSOptions = EngressKey + "/backend-tls"

	// Specify a method to stick clients to origins across requests.
	// Only supported value is "cookie".
	// Annotations could  be applied to either Ingress or backend Service
	// If applied to Ingress, all the backend connections would be sticky
	// If applied to Service and Ingress do not have this annotation only
	// connection to that backend service will be sticky.
	IngressAffinity = EngressKey + "/affinity"
	// When affinity is set to "cookie", the name of the cookie to use.
	IngressAffinitySessionCookieName = EngressKey + "/session-cookie-name"
	// When affinity is set to "cookie", the hash algorithm used: md5, sha, index.
	IngressAffinitySessionCookieHash = EngressKey + "/session-cookie-hash"

	// Basic Auth: Follows ingress controller standard
	// https://github.com/kubernetes/ingress/tree/master/examples/auth/basic/haproxy
	// HAProxy Ingress read user and password from auth file stored on secrets, one
	// user and password per line.
	// Each line of the auth file should have:
	// user and insecure password separated with a pair of colons: <username>::<plain-text-passwd>; or
	// user and an encrypted password separated with colons: <username>:<encrypted-passwd>
	// Secret name, realm and type are configured with annotations in the ingress
	// Auth can only be applied to HTTP backends.
	// Only supported type is basic
	AuthType = EngressKey + "/auth-type"

	// an optional string with authentication realm
	AuthRealm = EngressKey + "/auth-realm"

	// name of the auth secret
	AuthSecret = EngressKey + "/auth-secret"

	// Name of secret for TLS client certification validation.
	AuthTLSSecret = EngressKey + "/auth-tls-secret"

	// The page that user should be redirected in case of Auth error
	AuthTLSErrorPage = EngressKey + "/auth-tls-error-page"

	// Enables verification of client certificates.
	AuthTLSVerifyClient = EngressKey + "/auth-tls-verify-client"

	// Enables CORS headers in response.
	// Setting this annotations in ingress will add CORS headers to all HTTP
	// frontend. If we need to add cors headers only on specific frontend we can also
	// configure this using FrontendRules for specific frontend.
	// http://blog.nasrulhazim.com/2017/07/haproxy-setting-up-cors/
	CORSEnabled          = EngressKey + "/enable-cors"
	CORSAllowedMethods   = EngressKey + "/cors-allow-methods"
	CORSAllowedHeaders   = EngressKey + "/cors-allow-headers"
	CORSAllowedOrigin    = EngressKey + "/cors-allow-origin"
	CORSAllowCredentials = EngressKey + "/cors-allow-credentials"

	// Maximum http request body size. This returns the advertised length of the HTTP request's body in bytes. It
	// will represent the advertised Content-Length header
	// http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7.3.6-req.body_size
	//
	ProxyBodySize = EngressKey + "/proxy-body-size"

	// Pass TLS connections directly to backend; do not offload.
	SSLPassthrough = EngressKey + "/ssl-passthrough"

	EnableHSTS = EngressKey + "/hsts"
	// This specifies the time (in seconds) the browser should connect to the server using the HTTPS connection.
	// https://blog.stackpath.com/glossary/hsts/
	HSTSMaxAge  = EngressKey + "/hsts-max-age"
	HSTSPreload = EngressKey + "/hsts-preload"
	// If specified, this HSTS rule applies to all of the site's subdomains as well.
	HSTSIncludeSubDomains = EngressKey + "/hsts-include-subdomains"

	WhitelistSourceRange = EngressKey + "/whitelist-source-range"
	MaxConnections       = EngressKey + "/max-connections"

	// https://github.com/appscode/voyager/issues/552
	UseNodePort      = EngressKey + "/use-node-port"
	SSLRedirect      = EngressKey + "/ssl-redirect"
	ForceSSLRedirect = EngressKey + "/force-ssl-redirect"

	// https://github.com/appscode/voyager/issues/525
	ErrorFiles = EngressKey + "/errorfiles"

	// Limit requests per second per IP address
	// http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.3-sc_conn_rate
	// https://serverfault.com/a/679172/349346
	// https://discourse.haproxy.org/t/solved-how-to-configure-basic-ddos-protection-when-behind-aws-elb-x-forwarded-for/932
	// https://www.haproxy.com/blog/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
	LimitRPS = EngressKey + "/limit-rps"
	// Limit requests per minute per IP address
	LimitRPM = EngressKey + "/limit-rpm"

	// http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.3-src_conn_cur
	// https://www.haproxy.com/blog/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
	LimitConnection = EngressKey + "/limit-connection"

	// https://github.com/appscode/voyager/issues/683
	// https://www.haproxy.com/documentation/aloha/7-0/haproxy/healthchecks/
	CheckHealth     = EngressKey + "/" + "check"
	CheckHealthPort = EngressKey + "/" + "check-port"

	// https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/rewrite/README.md
	RewriteTarget = EngressKey + "/" + "rewrite-target"

	// Workload controller to use run HAProxy pods
	WorkloadKind = EngressKey + "/" + "workload-kind"

	// ref: https://github.com/appscode/voyager/issues/1054
	NodeSelector = EngressKey + "/" + "node-selector"
	Tolerations  = EngressKey + "/" + "tolerations"

	// https://github.com/appscode/voyager/issues/1210
	// http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#agent-check
	AgentPort     = EngressKey + "/" + "agent-port"
	AgentInterval = EngressKey + "/" + "agent-interval"
)
View Source
const (
	ACMEUserEmail        = "ACME_EMAIL"
	ACMEUserPrivatekey   = "ACME_USER_PRIVATE_KEY"
	ACMERegistrationData = "ACME_REGISTRATION_DATA"
	ACMEServerURL        = "ACME_SERVER_URL"
)
View Source
const (
	// ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md#cors-related
	CORSDefaultAllowedMethods = "GET,PUT,POST,DELETE,PATCH,OPTIONS"
	CORSDefaultAllowedHeaders = "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization"
)
View Source
const (
	ResourceKindCertificate = "Certificate"
	ResourceCertificate     = "certificate"
	ResourceCertificates    = "certificates"
)
View Source
const (
	ProviderMinikube = "minikube"
	ProviderAWS      = "aws"
	ProviderGCE      = "gce"
	ProviderGKE      = "gke"
	ProviderAzure    = "azure"
	ProviderAKS      = "aks"
	ProviderACS      = "acs"
	ProviderHTTP     = "http"
)
View Source
const (
	ResourceKindIngress = "Ingress"
	ResourceIngress     = "ingress"
	ResourceIngresses   = "ingresses"
)
View Source
const (
	MatchAll = "*"
)

Variables

View Source
var (
	// TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api.
	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
	SchemeBuilder runtime.SchemeBuilder

	AddToScheme = localSchemeBuilder.AddToScheme
)
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: "voyager.appscode.com", Version: "v1beta1"}

Functions

func ProxyProtocolCommand

func ProxyProtocolCommand(version string) string

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type ACMECertificateDetails

type ACMECertificateDetails struct {
	Domain        string `json:"domain"`
	CertURL       string `json:"certUrl"`
	CertStableURL string `json:"certStableUrl"`
	AccountRef    string `json:"accountRef,omitempty"`
}

func (*ACMECertificateDetails) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMECertificateDetails.

func (*ACMECertificateDetails) DeepCopyInto

func (in *ACMECertificateDetails) DeepCopyInto(out *ACMECertificateDetails)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthOption

type AuthOption struct {
	Basic *BasicAuth `json:"basic,omitempty"`
	TLS   *TLSAuth   `json:"tls,omitempty"`
	OAuth []OAuth    `json:"oauth,omitempty"`
}

func (*AuthOption) DeepCopy

func (in *AuthOption) DeepCopy() *AuthOption

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthOption.

func (*AuthOption) DeepCopyInto

func (in *AuthOption) DeepCopyInto(out *AuthOption)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BasicAuth

type BasicAuth struct {
	SecretName string `json:"secretName,omitempty"`
	Realm      string `json:"realm,omitempty"`
}

func (*BasicAuth) DeepCopy

func (in *BasicAuth) DeepCopy() *BasicAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BasicAuth.

func (*BasicAuth) DeepCopyInto

func (in *BasicAuth) DeepCopyInto(out *BasicAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Certificate

type Certificate struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              CertificateSpec   `json:"spec,omitempty"`
	Status            CertificateStatus `json:"status,omitempty"`
}

+kubebuilder:object:root=true +kubebuilder:resource:path=certificates,singular=certificate,shortName=cert,categories={networking,appscode,all} +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Domains",type="string",JSONPath=".spec.domains[0]" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"

func (*Certificate) DeepCopy

func (in *Certificate) DeepCopy() *Certificate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate.

func (*Certificate) DeepCopyInto

func (in *Certificate) DeepCopyInto(out *Certificate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Certificate) DeepCopyObject

func (in *Certificate) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CertificateCondition

type CertificateCondition struct {
	// request approval state, currently Approved or Denied.
	Type RequestConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=RequestConditionType"`
	// brief reason for the request state
	// +optional
	Reason string `json:"reason,omitempty" protobuf:"bytes,2,opt,name=reason"`
	// human readable message with details about the request state
	// +optional
	Message string `json:"message,omitempty" protobuf:"bytes,3,opt,name=message"`
	// timestamp for the last update to this condition
	// +optional
	LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty" protobuf:"bytes,4,opt,name=lastUpdateTime"`
}

func (*CertificateCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateCondition.

func (*CertificateCondition) DeepCopyInto

func (in *CertificateCondition) DeepCopyInto(out *CertificateCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateDetails

type CertificateDetails struct {
	SerialNumber  string      `json:"serialNumber,omitempty"`
	NotBefore     metav1.Time `json:"notBefore,omitempty"`
	NotAfter      metav1.Time `json:"notAfter,omitempty"`
	CertURL       string      `json:"certURL"`
	CertStableURL string      `json:"certStableURL"`
	AccountRef    string      `json:"accountRef,omitempty"`
}

func (*CertificateDetails) DeepCopy

func (in *CertificateDetails) DeepCopy() *CertificateDetails

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateDetails.

func (*CertificateDetails) DeepCopyInto

func (in *CertificateDetails) DeepCopyInto(out *CertificateDetails)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateList

type CertificateList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Certificate `json:"items,omitempty"`
}

func (*CertificateList) DeepCopy

func (in *CertificateList) DeepCopy() *CertificateList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateList.

func (*CertificateList) DeepCopyInto

func (in *CertificateList) DeepCopyInto(out *CertificateList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateList) DeepCopyObject

func (in *CertificateList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CertificateSpec

type CertificateSpec struct {
	// Tries to obtain a single certificate using all domains passed into Domains.
	// The first domain in domains is used for the CommonName field of the certificate, all other
	// domains are added using the Subject Alternate Names extension.
	Domains []string `json:"domains,omitempty"`

	// ChallengeProvider details to verify domains
	ChallengeProvider ChallengeProvider `json:"challengeProvider"`

	// Secret contains ACMEUser information. Secret must contain a key `email`
	// If empty tries to find an Secret via domains
	// if not found create an ACMEUser and stores as a secret.
	// Secrets key to be expected:
	//  ACME_EMAIL -> required, if not provided it will through error.
	//  ACME_SERVER_URL -> custom server url to generate certificates, default is lets encrypt.
	//  ACME_USER_DATA -> user data, if not found one will be created for the provided email,
	//    and stored in the key.
	ACMEUserSecretName string `json:"acmeUserSecretName"`

	// Storage backend to store the certificates currently, kubernetes secret and vault.
	Storage CertificateStorage `json:"storage,omitempty"`

	// Indicates that the certificate is paused.
	// +optional
	Paused bool `json:"paused,omitempty"`

	// Configure certificate renewal buffer period in days. Default 15 days.
	RenewalBufferDays int32 `json:"renewalBufferDays,omitempty"`
}

func (*CertificateSpec) DeepCopy

func (in *CertificateSpec) DeepCopy() *CertificateSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.

func (*CertificateSpec) DeepCopyInto

func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateStatus

type CertificateStatus struct {
	// observedGeneration is the most recent generation observed for this resource. It corresponds to the
	// resource's generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	CreationTime          *metav1.Time           `json:"creationTime,omitempty"`
	Conditions            []CertificateCondition `json:"conditions,omitempty"`
	LastIssuedCertificate *CertificateDetails    `json:"lastIssuedCertificate,omitempty"`
}

func (*CertificateStatus) DeepCopy

func (in *CertificateStatus) DeepCopy() *CertificateStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStatus.

func (*CertificateStatus) DeepCopyInto

func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateStorage

type CertificateStorage struct {
	Secret *core.LocalObjectReference `json:"secret,omitempty"`
	Vault  *VaultStore                `json:"vault,omitempty"`
}

func (*CertificateStorage) DeepCopy

func (in *CertificateStorage) DeepCopy() *CertificateStorage

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStorage.

func (*CertificateStorage) DeepCopyInto

func (in *CertificateStorage) DeepCopyInto(out *CertificateStorage)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ChallengeProvider

type ChallengeProvider struct {
	HTTP *HTTPChallengeProvider `json:"http,omitempty"`
	DNS  *DNSChallengeProvider  `json:"dns,omitempty"`
}

func (*ChallengeProvider) DeepCopy

func (in *ChallengeProvider) DeepCopy() *ChallengeProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeProvider.

func (*ChallengeProvider) DeepCopyInto

func (in *ChallengeProvider) DeepCopyInto(out *ChallengeProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DNSChallengeProvider

type DNSChallengeProvider struct {
	// DNS Provider from the list https://github.com/appscode/voyager/blob/master/docs/tasks/certificate/providers.md
	Provider             string `json:"provider,omitempty"`
	CredentialSecretName string `json:"credentialSecretName,omitempty"`
}

func (*DNSChallengeProvider) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSChallengeProvider.

func (*DNSChallengeProvider) DeepCopyInto

func (in *DNSChallengeProvider) DeepCopyInto(out *DNSChallengeProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FrontendRule

type FrontendRule struct {
	// Port indicates the frontend port where HAProxy is listening for connection
	Port intstr.IntOrString `json:"port,omitempty"`
	// Serialized rules
	Rules []string `json:"rules,omitempty"`

	Auth *AuthOption `json:"auth,omitempty"`
}

func (*FrontendRule) DeepCopy

func (in *FrontendRule) DeepCopy() *FrontendRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FrontendRule.

func (*FrontendRule) DeepCopyInto

func (in *FrontendRule) DeepCopyInto(out *FrontendRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPChallengeProvider

type HTTPChallengeProvider struct {
	Ingress LocalTypedReference `json:"ingress,omitempty"`
}

func (*HTTPChallengeProvider) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPChallengeProvider.

func (*HTTPChallengeProvider) DeepCopyInto

func (in *HTTPChallengeProvider) DeepCopyInto(out *HTTPChallengeProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPIngressBackend

type HTTPIngressBackend struct {
	IngressBackend `json:",inline,omitempty"`

	// Path rewrite rules with haproxy formatted regex.
	//
	// Deprecated: Use backendRule, will be removed.
	RewriteRules []string `json:"rewriteRules,omitempty"`

	// Header rules to modifies the header.
	//
	// Deprecated: Use backendRule, will be removed.
	HeaderRules []string `json:"headerRules,omitempty"`
}

func (*HTTPIngressBackend) DeepCopy

func (in *HTTPIngressBackend) DeepCopy() *HTTPIngressBackend

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPIngressBackend.

func (*HTTPIngressBackend) DeepCopyInto

func (in *HTTPIngressBackend) DeepCopyInto(out *HTTPIngressBackend)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPIngressPath

type HTTPIngressPath struct {
	// Path is a extended POSIX regex as defined by IEEE Std 1003.1,
	// (i.e this follows the egrep/unix syntax, not the perl syntax)
	// matched against the path of an incoming request. Currently it can
	// contain characters disallowed from the conventional "path"
	// part of a URL as defined by RFC 3986. Paths must begin with
	// a '/'. If unspecified, the path defaults to a catch all sending
	// traffic to the backend.
	Path string `json:"path,omitempty"`

	// Backend defines the referenced service endpoint to which the traffic
	// will be forwarded to.
	Backend HTTPIngressBackend `json:"backend,omitempty"`
}

HTTPIngressPath associates a path regex with a backend. Incoming urls matching the path are forwarded to the backend.

func (*HTTPIngressPath) DeepCopy

func (in *HTTPIngressPath) DeepCopy() *HTTPIngressPath

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPIngressPath.

func (*HTTPIngressPath) DeepCopyInto

func (in *HTTPIngressPath) DeepCopyInto(out *HTTPIngressPath)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPIngressRuleValue

type HTTPIngressRuleValue struct {
	// The network address to listen HTTP(s) connections on.
	Address string `json:"address,omitempty"`

	// port to listen http(s) connections.
	Port intstr.IntOrString `json:"port,omitempty"`

	// Set noTLS = true to force plain text. Else, auto detect like present
	NoTLS bool `json:"noTLS,omitempty"`

	// Specifies the node port of the referenced service.
	NodePort intstr.IntOrString `json:"nodePort,omitempty"`

	// Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS)
	// extension for application layer protocol negotiation. ALPN allows the application
	// layer to negotiate which protocol should be performed over a secure connection in a
	// manner which avoids additional round trips and which is independent of the application
	// layer protocols. It is used by HTTP/2.
	// If provided a list of alpn will be added to port as alpn option1,option2,...
	// If SecretName is Provided this secret will be used to terminate SSL with alpn options.
	// If Secret name is not provided backend server is responsible for handling SSL.
	// Note that, the order of the options indicates the preference
	// If the ALPN list contains "h2",  "option http-use-htx" will be added to enable HTX mode
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#option%20http-use-htx
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#alpn
	ALPN []string `json:"alpn,omitempty"`

	// HTTP protocol to use
	// If the Proto contains "h2",  "option http-use-htx" will be added to enable HTX mode
	// https://www.haproxy.com/blog/haproxy-1-9-2-adds-grpc-support/
	Proto string `json:"proto,omitempty"`

	// A collection of paths that map requests to backends.
	Paths []HTTPIngressPath `json:"paths"`
}

HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http://<host>/<path>?<searchpart> -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'.

func (*HTTPIngressRuleValue) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPIngressRuleValue.

func (*HTTPIngressRuleValue) DeepCopyInto

func (in *HTTPIngressRuleValue) DeepCopyInto(out *HTTPIngressRuleValue)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Ingress

type Ingress struct {
	metav1.TypeMeta `json:",inline"`
	// Standard object's metadata.
	// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#metadata
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec is the desired state of the Ingress.
	// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#spec-and-status
	Spec IngressSpec `json:"spec,omitempty"`

	// Status is the current state of the Ingress.
	// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#spec-and-status
	Status IngressStatus `json:"status,omitempty"`
}

+kubebuilder:object:root=true +kubebuilder:resource:path=ingresses,singular=ingress,shortName=ing,categories={networking,appscode,all} +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Hosts",type="string",JSONPath=".spec.rules[0].host" +kubebuilder:printcolumn:name="LOAD_BALANCER_IP",type="string",JSONPath=".status.loadBalancer.ingress" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"

func (*Ingress) DeepCopy

func (in *Ingress) DeepCopy() *Ingress

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ingress.

func (*Ingress) DeepCopyInto

func (in *Ingress) DeepCopyInto(out *Ingress)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Ingress) DeepCopyObject

func (in *Ingress) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (Ingress) OffshootName

func (r Ingress) OffshootName() string

type IngressBackend

type IngressBackend struct {
	// User can specify backend name for using it with custom acl
	// Otherwise it will be generated
	Name string `json:"name,omitempty"`

	// Host names to forward traffic to. If empty traffic will be
	// forwarded to all subsets instance.
	// If set only matched hosts will get the traffic.
	// This is an handy way to send traffic to Specific
	// StatefulSet pod.
	// IE. Setting [web-0] will send traffic to only web-0 host
	// for this StatefulSet, https://kubernetes.io/docs/tasks/stateful-application/basic-stateful-set/#creating-a-statefulset
	HostNames []string `json:"hostNames,omitempty"`

	// Specifies the name of the referenced service.
	ServiceName string `json:"serviceName,omitempty"`

	// Specifies the port of the referenced service.
	ServicePort intstr.IntOrString `json:"servicePort,omitempty"`

	// Serialized HAProxy rules to apply on server backend including
	// request, response or header rewrite. acls also can be used.
	// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#1
	BackendRules []string `json:"backendRules,omitempty"`

	// Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS)
	// extension for application layer protocol negotiation. ALPN allows the application
	// layer to negotiate which protocol should be performed over a secure connection in a
	// manner which avoids additional round trips and which is independent of the application
	// layer protocols. It is used by HTTP/2.
	// If provided a list of alpn will be added to port as alpn option1,option2,...
	// If SecretName is Provided this secret will be used to terminate SSL with alpn options.
	// If Secret name is not provided backend server is responsible for handling SSL.
	// Note that, the order of the options indicates the preference
	// If the ALPN list contains "h2",  "option http-use-htx" will be added to enable HTX mode
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#option%20http-use-htx
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#alpn
	ALPN []string `json:"alpn,omitempty"`

	// HTTP protocol to use
	// If the Proto contains "h2",  "option http-use-htx" will be added to enable HTX mode
	// https://www.haproxy.com/blog/haproxy-1-9-2-adds-grpc-support/
	Proto string `json:"proto,omitempty"`

	// Define the load balancing algorithm to be used in a backend.
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#balance
	LoadBalanceOn string `json:"loadBalanceOn,omitempty"`
}

IngressBackend describes all endpoints for a given service and port.

func (*IngressBackend) DeepCopy

func (in *IngressBackend) DeepCopy() *IngressBackend

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressBackend.

func (*IngressBackend) DeepCopyInto

func (in *IngressBackend) DeepCopyInto(out *IngressBackend)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IngressList

type IngressList struct {
	metav1.TypeMeta `json:",inline"`
	// Standard object's metadata.
	// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#metadata
	metav1.ListMeta `json:"metadata,omitempty"`

	// Items is the list of Ingress.
	Items []Ingress `json:"items"`
}

IngressList is a collection of Ingress.

func (*IngressList) DeepCopy

func (in *IngressList) DeepCopy() *IngressList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressList.

func (*IngressList) DeepCopyInto

func (in *IngressList) DeepCopyInto(out *IngressList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*IngressList) DeepCopyObject

func (in *IngressList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type IngressRef

type IngressRef struct {
	APISchema string `json:"apiSchema"`
	Name      string `json:"name"`
	Namespace string `json:"namespace"`
}

func (*IngressRef) DeepCopy

func (in *IngressRef) DeepCopy() *IngressRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressRef.

func (*IngressRef) DeepCopyInto

func (in *IngressRef) DeepCopyInto(out *IngressRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IngressRule

type IngressRule struct {
	// Host is the fully qualified domain name of a network host, as defined
	// by RFC 3986. Note the following deviations from the "host" part of the
	// URI as defined in the RFC:
	// 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the
	//	  IP in the Spec of the parent Ingress.
	// 2. The `:` delimiter is not respected because ports are not allowed.
	//	  Currently the port of an Ingress is implicitly :80 for http and
	//	  :443 for https.
	// Both these may change in the future.
	// Incoming requests are matched against the host before the IngressRuleValue.
	// If the host is unspecified, the Ingress routes all traffic based on the
	// specified IngressRuleValue.
	Host string `json:"host,omitempty"`
	// IngressRuleValue represents a rule to route requests for this IngressRule.
	// If unspecified, the rule defaults to a http catch-all. Whether that sends
	// just traffic matching the host to the default backend or all traffic to the
	// default backend, is left to the controller fulfilling the Ingress. Http and TCP are
	// currently supported IngressRuleValue.
	IngressRuleValue `json:",inline,omitempty"`
}

IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue.

func (*IngressRule) DeepCopy

func (in *IngressRule) DeepCopy() *IngressRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressRule.

func (*IngressRule) DeepCopyInto

func (in *IngressRule) DeepCopyInto(out *IngressRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IngressRuleValue

type IngressRuleValue struct {
	HTTP *HTTPIngressRuleValue `json:"http,omitempty"`

	TCP *TCPIngressRuleValue `json:"tcp,omitempty"`
}

IngressRuleValue represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. Currently mixing different types of rules in a single Ingress is disallowed, so exactly one of the following must be set.

func (*IngressRuleValue) DeepCopy

func (in *IngressRuleValue) DeepCopy() *IngressRuleValue

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressRuleValue.

func (*IngressRuleValue) DeepCopyInto

func (in *IngressRuleValue) DeepCopyInto(out *IngressRuleValue)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IngressSpec

type IngressSpec struct {
	// A default backend capable of servicing requests that don't match any
	// rule. At least one of 'backend' or 'rules' must be specified. This field
	// is optional to allow the loadbalancer controller or defaulting logic to
	// specify a global default.
	Backend *HTTPIngressBackend `json:"backend,omitempty"`

	// TLS is the TLS configuration. Currently the Ingress only supports a single TLS
	// port, 443, and assumes TLS termination. If multiple members of this
	// list specify different hosts, they will be multiplexed on the same
	// port according to the hostname specified through the SNI TLS extension.
	TLS []IngressTLS `json:"tls,omitempty"`

	// Config volumes are used to mount any secret or configmap into HAProxy pods.
	ConfigVolumes []VolumeSource `json:"configVolumes,omitempty"`

	// Frontend rules specifies a set of rules that should be applied in
	// HAProxy frontend configuration. The set of keywords are from here
	// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.1
	// Only frontend sections can be applied here. It is up to user to
	// provide valid set of rules.
	// This allows acls or other options in frontend sections in HAProxy config.
	// Frontend rules will be mapped with Ingress Rules according to port.
	FrontendRules []FrontendRule `json:"frontendRules,omitempty"`

	// A list of host rules used to configure the Ingress. If unspecified, or
	// no rule matches, all traffic is sent to the default backend.
	Rules []IngressRule `json:"rules,omitempty"`

	// Optional: If specified and supported by the platform, this will restrict traffic through the cloud-provider
	// load-balancer will be restricted to the specified client IPs. This field will be ignored if the
	// cloud-provider does not support the feature.
	// https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
	LoadBalancerSourceRanges []string `json:"loadBalancerSourceRanges,omitempty"`

	// Compute Resources required by the sidecar container.
	Resources core.ResourceRequirements `json:"resources,omitempty"`

	// NodeSelector is a selector which must be true for the pod to fit on a node.
	// Selector which must match a node's labels for the pod to be scheduled on that node.
	// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
	NodeSelector map[string]string `json:"nodeSelector,omitempty"`

	// If specified, the pod's scheduling constraints
	// +optional
	Affinity *core.Affinity `json:"affinity,omitempty"`

	// If specified, the pod will be dispatched by specified scheduler.
	// If not specified, the pod will be dispatched by default scheduler.
	// +optional
	SchedulerName string `json:"schedulerName,omitempty"`

	// If specified, the pod's tolerations.
	// +optional
	Tolerations []core.Toleration `json:"tolerations,omitempty"`

	// ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
	// If specified, these secrets will be passed to individual puller implementations for them to use. For example,
	// in the case of docker, only DockerConfig type secrets are honored.
	// More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
	// +optional
	ImagePullSecrets []core.LocalObjectReference `json:"imagePullSecrets,omitempty"`

	// If specified, indicates the pod's priority. "system-node-critical" and
	// "system-cluster-critical" are two special keywords which indicate the
	// highest priorities with the former being the highest priority. Any other
	// name must be defined by creating a PriorityClass object with that name.
	// If not specified, the pod priority will be default or zero if there is no
	// default.
	// +optional
	PriorityClassName string `json:"priorityClassName,omitempty"`
	// The priority value. Various system components use this field to find the
	// priority of the pod. When Priority Admission Controller is enabled, it
	// prevents users from setting this field. The admission controller populates
	// this field from PriorityClassName.
	// The higher the value, the higher the priority.
	// +optional
	Priority *int32 `json:"priority,omitempty"`

	// SecurityContext holds pod-level security attributes and common container settings.
	// Optional: Defaults to empty.  See type description for default values of each field.
	// +optional
	SecurityContext *core.PodSecurityContext `json:"securityContext,omitempty"`

	// externalIPs is a list of IP addresses for which nodes in the cluster
	// will also accept traffic for this service.  These IPs are not managed by
	// Kubernetes.  The user is responsible for ensuring that traffic arrives
	// at a node with this IP.  A common example is external load-balancers
	// that are not part of the Kubernetes system.
	// +optional
	ExternalIPs []string `json:"externalIPs,omitempty"`

	// Periodic probe of container liveness.
	// Container will be restarted if the probe fails.
	// Cannot be updated.
	// +optional
	LivenessProbe *core.Probe `json:"livenessProbe,omitempty"`

	// Periodic probe of container service readiness.
	// Container will be removed from service endpoints if the probe fails.
	// Cannot be updated.
	// +optional
	ReadinessProbe *core.Probe `json:"readinessProbe,omitempty"`

	// Set this value longer than the expected cleanup time for your process.
	// Defaults to 30 seconds.
	// +optional
	TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"`
}

IngressSpec describes the Ingress the user wishes to exist.

func (*IngressSpec) DeepCopy

func (in *IngressSpec) DeepCopy() *IngressSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressSpec.

func (*IngressSpec) DeepCopyInto

func (in *IngressSpec) DeepCopyInto(out *IngressSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IngressStatus

type IngressStatus struct {
	// observedGeneration is the most recent generation observed for this resource. It corresponds to the
	// resource's generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// LoadBalancer contains the current status of the load-balancer.
	LoadBalancer core.LoadBalancerStatus `json:"loadBalancer,omitempty"`
}

IngressStatus describe the current state of the Ingress.

func (*IngressStatus) DeepCopy

func (in *IngressStatus) DeepCopy() *IngressStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressStatus.

func (*IngressStatus) DeepCopyInto

func (in *IngressStatus) DeepCopyInto(out *IngressStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IngressTLS

type IngressTLS struct {
	// Hosts are a list of hosts included in the TLS certificate. The values in
	// this list must match the name/s used in the tlsSecret. Defaults to the
	// wildcard host setting for the loadbalancer controller fulfilling this
	// Ingress, if left unspecified.
	Hosts []string `json:"hosts,omitempty"`
	// SecretName is the name of the secret used to terminate SSL traffic on 443.
	// Field is left optional to allow SSL routing based on SNI hostname alone.
	// If the SNI host in a listener conflicts with the "Host" header field used
	// by an IngressRule, the SNI host is used for termination and value of the
	// Host header is used for routing.
	// Deprecated
	SecretName string `json:"secretName,omitempty"`

	// Ref to used tls termination.
	Ref *LocalTypedReference `json:"ref,omitempty"`
}

IngressTLS describes the transport layer security associated with an Ingress.

func (*IngressTLS) DeepCopy

func (in *IngressTLS) DeepCopy() *IngressTLS

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressTLS.

func (*IngressTLS) DeepCopyInto

func (in *IngressTLS) DeepCopyInto(out *IngressTLS)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LocalTypedReference

type LocalTypedReference struct {
	// Kind of the referent.
	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
	// +optional
	Kind string `json:"kind,omitempty" protobuf:"bytes,1,opt,name=kind"`
	// Name of the referent.
	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
	// +optional
	Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"`
	// API version of the referent.
	// +optional
	APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,5,opt,name=apiVersion"`
}

LocalTypedReference contains enough information to let you inspect or modify the referred object.

func (*LocalTypedReference) DeepCopy

func (in *LocalTypedReference) DeepCopy() *LocalTypedReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalTypedReference.

func (*LocalTypedReference) DeepCopyInto

func (in *LocalTypedReference) DeepCopyInto(out *LocalTypedReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OAuth

type OAuth struct {
	Host        string   `json:"host,omitempty"`
	AuthBackend string   `json:"authBackend,omitempty"`
	AuthPath    string   `json:"authPath,omitempty"`
	SigninPath  string   `json:"signinPath,omitempty"`
	Paths       []string `json:"paths,omitempty"`
}

func (*OAuth) DeepCopy

func (in *OAuth) DeepCopy() *OAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth.

func (*OAuth) DeepCopyInto

func (in *OAuth) DeepCopyInto(out *OAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyProtocolVersion

type ProxyProtocolVersion string

type RequestConditionType

type RequestConditionType string
const (
	CertificateIssued      RequestConditionType = "Issued"
	CertificateFailed      RequestConditionType = "Failed"
	CertificateRateLimited RequestConditionType = "RateLimited"
)

These are the possible conditions for a certificate create request.

type TCPIngressRuleValue

type TCPIngressRuleValue struct {
	// The network address to listen TCP connections on.
	Address string `json:"address,omitempty"`

	// port to listen tcp connections.
	Port intstr.IntOrString `json:"port,omitempty"`

	// Set noTLS = true to force plain text. Else, auto detect like present
	NoTLS bool `json:"noTLS,omitempty"`

	// Specifies the node port of the referenced service.
	NodePort intstr.IntOrString `json:"nodePort,omitempty"`

	// Backend to forward the requests.
	Backend IngressBackend `json:"backend,omitempty"`

	// Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS)
	// extension for application layer protocol negotiation. ALPN allows the application
	// layer to negotiate which protocol should be performed over a secure connection in a
	// manner which avoids additional round trips and which is independent of the application
	// layer protocols. It is used by HTTP/2.
	// If provided a list of alpn will be added to port as alpn option1,option2,...
	// If SecretName is Provided this secret will be used to terminate SSL with alpn options.
	// If Secret name is not provided backend server is responsible for handling SSL.
	// Note that, the order of the options indicates the preference
	// If the ALPN list contains "h2",  "option http-use-htx" will be added to enable HTX mode
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#option%20http-use-htx
	// https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#alpn
	ALPN []string `json:"alpn,omitempty"`

	// HTTP protocol to use
	// If the Proto contains "h2",  "option http-use-htx" will be added to enable HTX mode
	// https://www.haproxy.com/blog/haproxy-1-9-2-adds-grpc-support/
	Proto string `json:"proto,omitempty"`
}

func (*TCPIngressRuleValue) DeepCopy

func (in *TCPIngressRuleValue) DeepCopy() *TCPIngressRuleValue

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIngressRuleValue.

func (*TCPIngressRuleValue) DeepCopyInto

func (in *TCPIngressRuleValue) DeepCopyInto(out *TCPIngressRuleValue)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSAuth

type TLSAuth struct {
	SecretName   string              `json:"secretName,omitempty"`
	VerifyClient TLSAuthVerifyOption `json:"verifyClient,omitempty"`
	Headers      map[string]string   `json:"headers,omitempty"`
	ErrorPage    string              `json:"errorPage,omitempty"`
}

func (*TLSAuth) DeepCopy

func (in *TLSAuth) DeepCopy() *TLSAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSAuth.

func (*TLSAuth) DeepCopyInto

func (in *TLSAuth) DeepCopyInto(out *TLSAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSAuthVerifyOption

type TLSAuthVerifyOption string
const (
	TLSAuthVerifyOptional TLSAuthVerifyOption = "optional"
	TLSAuthVerifyRequired TLSAuthVerifyOption = "required"
)

type VaultStore

type VaultStore struct {
	Name   string `json:"name,omitempty"`
	Prefix string `json:"prefix,omitempty"`
}

func (*VaultStore) DeepCopy

func (in *VaultStore) DeepCopy() *VaultStore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultStore.

func (*VaultStore) DeepCopyInto

func (in *VaultStore) DeepCopyInto(out *VaultStore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VolumeSource

type VolumeSource struct {
	Name string `json:"name,omitempty"`
	// Secret represents a secret that should populate this volume.
	// More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
	// +optional
	Secret *core.SecretVolumeSource `json:"secret,omitempty"`
	// ConfigMap represents a configMap that should populate this volume
	// +optional
	ConfigMap *core.ConfigMapVolumeSource `json:"configMap,omitempty"`
	// Items for all in one resources secrets, configmaps, and downward API
	// +optional
	Projected *core.ProjectedVolumeSource `json:"projected,omitempty"`
	// Path within the container at which the volume should be mounted.  Must
	// not contain ':'.
	MountPath string `json:"mountPath"`
}

Represents the source of a volume to mount. Only one of its members may be specified.

func (*VolumeSource) DeepCopy

func (in *VolumeSource) DeepCopy() *VolumeSource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeSource.

func (*VolumeSource) DeepCopyInto

func (in *VolumeSource) DeepCopyInto(out *VolumeSource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL