api

package
v0.0.0-...-d0c0f99 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 19, 2017 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	EngressKey = "ingress.appscode.com"

	APISchema        = EngressKey + "/" + "api-schema" // APISchema = {APIGroup}/{APIVersion}
	APISchemaEngress = GroupName + "/v1beta1"
	APISchemaIngress = "extension/v1beta1"

	VoyagerPrefix = "voyager-"

	StickySession = EngressKey + "/" + "sticky-session"

	// LB stats options
	StatsOn          = EngressKey + "/" + "stats"
	StatsPort        = EngressKey + "/" + "stats-port"
	StatsSecret      = EngressKey + "/" + "stats-secret-name"
	StatsServiceName = EngressKey + "/" + "stats-service-name"
	DefaultStatsPort = 56789

	LBTypeHostPort     = "HostPort"
	LBTypeNodePort     = "NodePort"
	LBTypeLoadBalancer = "LoadBalancer" // default
	LBType             = EngressKey + "/" + "type"

	// Runs HAProxy on a specific set of a hosts.
	NodeSelector = EngressKey + "/" + "node-selector"

	// Replicas specify # of HAProxy pods run (default 1)
	Replicas = EngressKey + "/" + "replicas"

	// IP to be assigned to cloud load balancer
	LoadBalancerIP = EngressKey + "/" + "load-balancer-ip" // IP or empty

	// BackendWeight is the weight value of a Pod that was
	// addressed by the Endpoint, this weight will be added to server backend.
	// Traffic will be forwarded according to there weight.
	BackendWeight = EngressKey + "/" + "backend-weight"

	// https://github.com/appscode/voyager/issues/103
	// ServiceAnnotations is user provided annotations map that will be
	// applied to the service of that LoadBalancer.
	// ex: "ingress.appscode.com/annotations-service": {"key": "val"}
	ServiceAnnotations = EngressKey + "/" + "annotations-service"

	// PodAnnotations is user provided annotations map that will be
	// applied to the Pods (Deployment/ DaemonSet) of that LoadBalancer.
	// ex: "ingress.appscode.com/annotations-pod": {"key": "val"}
	PodAnnotations = EngressKey + "/" + "annotations-pod"

	// Preserves source IP for LoadBalancer type ingresses. The actual configuration
	// generated depends on the underlying cloud provider.
	//
	//  - gce, gke, azure: Adds annotation service.beta.kubernetes.io/external-traffic: OnlyLocal
	// to services used to expose HAProxy.
	// ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
	//
	// - aws: Enforces the use of the PROXY protocol over any connection accepted by any of
	// the sockets declared on the same line. Versions 1 and 2 of the PROXY protocol
	// are supported and correctly detected. The PROXY protocol dictates the layer
	// 3/4 addresses of the incoming connection to be used everywhere an address is
	// used, with the only exception of "tcp-request connection" rules which will
	// only see the real connection address. Logs will reflect the addresses
	// indicated in the protocol, unless it is violated, in which case the real
	// address will still be used.  This keyword combined with support from external
	// components can be used as an efficient and reliable alternative to the
	// X-Forwarded-For mechanism which is not always reliable and not even always
	// usable. See also "tcp-request connection expect-proxy" for a finer-grained
	// setting of which client is allowed to use the protocol.
	// ref: https://github.com/kubernetes/kubernetes/blob/release-1.5/pkg/cloudprovider/providers/aws/aws.go#L79
	KeepSourceIP = EngressKey + "/" + "keep-source-ip"

	// Annotations applied to resources offshoot from an ingress
	OriginAPISchema = EngressKey + "/" + "origin-api-schema" // APISchema = {APIGroup}/{APIVersion}
	OriginName      = EngressKey + "/" + "origin-name"

	EgressPoints = EngressKey + "/" + "egress-points"

	// https://github.com/appscode/voyager/issues/280
	// Supports all valid timeout option for defaults section of HAProxy
	// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-timeout%20check
	// expects a json encoded map
	// ie: "ingress.appscode.com/default-timeout": {"client": "5s"}
	//
	// If the annotation is not set default values used to config defaults section will be:
	//
	// timeout  connect         50000
	// timeout  client          50000
	// timeout  client-fin      50000
	// timeout  server          50000
	// timeout  tunnel          50000
	DefaultsTimeOut = EngressKey + "/" + "default-timeout"
)
View Source 
const (
	ResourceKindCertificate = "Certificate"
	ResourceNameCertificate = "certificate"
	ResourceTypeCertificate = "certificates"
)
View Source 
const (
	/*
		// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.3
			resolvers mydns
			  nameserver dns1 10.0.0.1:53
			  nameserver dns2 10.0.0.2:53
			  resolve_retries       3
			  timeout retry         1s
			  hold other           30s
			  hold refused         30s
			  hold nx              30s
			  hold timeout         30s
			  hold valid           10s
	*/
	UseDNSResolver         = EngressKey + "/" + "use-dns-resolver"          // Bool
	DNSResolverNameservers = EngressKey + "/" + "dns-resolver-nameservers"  // ["", ""]
	DNSResolverCheckHealth = EngressKey + "/" + "dns-resolver-check-health" // bool
	DNSResolverRetries     = EngressKey + "/" + "dns-resolver-retries"      // int
	DNSResolverTimeout     = EngressKey + "/" + "dns-resolver-timeout"      // {"event":"time","event":"time"}
	DNSResolverHold        = EngressKey + "/" + "dns-resolver-hold"         // {"status":"period","status":"period"}
)
View Source 
const (
	ResourceKindIngress = "Ingress"
	ResourceNameIngress = "ingress"
	ResourceTypeIngress = "ingresses"
)
View Source 
const (
	AgentCoreosPrometheus     = "coreos-prometheus-operator"
	StatsPortName             = "stats"
	ExporterPortName          = "http"
	DefaultExporterPortNumber = 56790

	MonitoringAgent              = EngressKey + "/monitoring-agent"                         // Name of monitoring agent
	ServiceMonitorNamespace      = EngressKey + "/service-monitor-namespace"                // Kube NS where service monitors will be created
	ServiceMonitorLabels         = EngressKey + "/service-monitor-labels"                   // map[string]string used to select Prometheus instance
	ServiceMonitorPort           = EngressKey + "/service-monitor-endpoint-port"            // Port on stats service used to expose metrics
	ServiceMonitorScrapeInterval = EngressKey + "/service-monitor-endpoint-scrape-interval" // scrape interval
)
View Source 
const GroupName = "voyager.appscode.com"

GroupName is the group name use in this package

Variables

View Source 
var (
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	AddToScheme   = SchemeBuilder.AddToScheme
)
View Source 
var (
	V1beta1SchemeBuilder = runtime.NewSchemeBuilder(v1addKnownTypes, addConversionFuncs)
	V1beta1AddToScheme   = V1beta1SchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

SchemeGroupVersion is group version used to register these objects

View Source 
var V1beta1SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}

SchemeGroupVersion is group version used to register these objects

Functions

func Kind 

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind

func NewIngressFromEngress 

func NewIngressFromEngress(ing interface{}) (*extensions.Ingress, error)

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns back a Group qualified GroupResource

Types

type ACMECertificateDetails 

type ACMECertificateDetails struct {
	Domain        string `json:"domain"`
	CertURL       string `json:"certUrl"`
	CertStableURL string `json:"certStableUrl"`
	AccountRef    string `json:"accountRef,omitempty"`
}

type Certificate 

type Certificate struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              CertificateSpec   `json:"spec,omitempty"`
	Status            CertificateStatus `json:"status,omitempty"`
}

func (*Certificate) GetObjectKind 

func (obj *Certificate) GetObjectKind() schema.ObjectKind

type CertificateList 

type CertificateList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Certificate `json:"items,omitempty"`
}

func (*CertificateList) GetObjectKind 

func (obj *CertificateList) GetObjectKind() schema.ObjectKind

type CertificateSpec 

type CertificateSpec struct {
	// Tries to obtain a single certificate using all domains passed into Domains.
	// The first domain in domains is used for the CommonName field of the certificate, all other
	// domains are added using the Subject Alternate Names extension.
	Domains []string `json:"domains,omitempty"`

	// DNS Provider.
	Provider string `json:"provider,omitempty"`
	Email    string `json:"email,omitempty"`

	// This is the ingress Reference that will be used if provider is http
	HTTPProviderIngressReference apiv1.ObjectReference `json:"httpProviderIngressReference,omitempty"`

	// ProviderCredentialSecretName is used to create the acme client, that will do
	// needed processing in DNS.
	ProviderCredentialSecretName string `json:"providerCredentialSecretName,omitempty"`

	// Secret contains ACMEUser information. If empty tries to find an Secret via domains
	// if not found create an ACMEUser and stores as a secret.
	ACMEUserSecretName string `json:"acmeUserSecretName"`

	// ACME server that will be used to obtain this certificate.
	ACMEServerURL string `json:"acmeStagingURL"`
}

type CertificateStatus 

type CertificateStatus struct {
	CertificateObtained bool                   `json:"certificateObtained"`
	Message             string                 `json:"message"`
	CreationTime        *metav1.Time           `json:"creationTime,omitempty"`
	ACMEUserSecretName  string                 `json:"acmeUserSecretName,omitempty"`
	Details             ACMECertificateDetails `json:"details,omitempty"`
}

type DNSResolver 

type DNSResolver struct {
	Name        string
	NameServer  []string          `json:"nameserver"`
	CheckHealth bool              `json:"checkHealth"`
	Retries     int               `json:"retries"`
	Timeout     map[string]string `json:"timeout"`
	Hold        map[string]string `json:"hold"`
}

func DNSResolverForService 

func DNSResolverForService(svc apiv1.Service) (useDNSResolver bool, resolver *DNSResolver, err error)

type HTTPIngressPath 

type HTTPIngressPath struct {
	// Path is a extended POSIX regex as defined by IEEE Std 1003.1,
	// (i.e this follows the egrep/unix syntax, not the perl syntax)
	// matched against the path of an incoming request. Currently it can
	// contain characters disallowed from the conventional "path"
	// part of a URL as defined by RFC 3986. Paths must begin with
	// a '/'. If unspecified, the path defaults to a catch all sending
	// traffic to the backend.
	Path string `json:"path,omitempty"`

	// Backend defines the referenced service endpoint to which the traffic
	// will be forwarded to.
	Backend IngressBackend `json:"backend,omitempty"`
}

HTTPIngressPath associates a path regex with a backend. Incoming urls matching the path are forwarded to the backend.

type HTTPIngressRuleValue 

type HTTPIngressRuleValue struct {
	// A collection of paths that map requests to backends.
	Paths []HTTPIngressPath `json:"paths"`
}

HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http://<host>/<path>?<searchpart> -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'.

type Ingress 

type Ingress struct {
	metav1.TypeMeta `json:",inline"`
	// Standard object's metadata.
	// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#metadata
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec is the desired state of the Ingress.
	// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#spec-and-status
	Spec IngressSpec `json:"spec,omitempty"`

	// Status is the current state of the Ingress.
	// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#spec-and-status
	Status IngressStatus `json:"status,omitempty"`
}

Custom Ingress type for Voyager.

func NewEngressFromIngress 

func NewEngressFromIngress(ing interface{}) (*Ingress, error)

func (Ingress) APISchema 

func (r Ingress) APISchema() string

func (Ingress) BackendServices 

func (r Ingress) BackendServices() map[string]metav1.ObjectMeta

func (*Ingress) GetObjectKind 

func (r *Ingress) GetObjectKind() schema.ObjectKind

func (Ingress) HasBackendService 

func (r Ingress) HasBackendService(name, namespace string) bool

func (Ingress) HasChanged 

func (r Ingress) HasChanged(o Ingress) (bool, error)

func (Ingress) IsKeepSourceChanged 

func (r Ingress) IsKeepSourceChanged(o Ingress, cloudProvider string) bool

func (Ingress) IsLoadBalancerSourceRangeChanged 

func (r Ingress) IsLoadBalancerSourceRangeChanged(o Ingress) bool

func (Ingress) IsPortChanged 

func (r Ingress) IsPortChanged(o Ingress) bool

func (Ingress) IsSecretChanged 

func (r Ingress) IsSecretChanged(o Ingress) bool

func (Ingress) IsStatsChanged 

func (r Ingress) IsStatsChanged(o Ingress) bool

func (Ingress) IsStatsSecretChanged 

func (r Ingress) IsStatsSecretChanged(o Ingress) bool

func (Ingress) KeepSourceIP 

func (r Ingress) KeepSourceIP() bool

func (Ingress) LBType 

func (r Ingress) LBType() string

func (Ingress) LoadBalancerIP 

func (r Ingress) LoadBalancerIP() net.IP

func (Ingress) MonitorSpec 

func (r Ingress) MonitorSpec() (*MonitorSpec, error)

func (Ingress) NodeSelector 

func (r Ingress) NodeSelector() map[string]string

func (Ingress) OffshootLabels 

func (r Ingress) OffshootLabels() map[string]string

func (Ingress) OffshootName 

func (r Ingress) OffshootName() string

func (Ingress) PodsAnnotations 

func (r Ingress) PodsAnnotations() (map[string]string, bool)

func (Ingress) Replicas 

func (r Ingress) Replicas() int32

func (Ingress) ServiceAnnotations 

func (r Ingress) ServiceAnnotations(provider string) (map[string]string, bool)

func (Ingress) ShouldHandleIngress 

func (r Ingress) ShouldHandleIngress(ingressClass string) bool

if ingressClass == "voyager", then only handle ingress that has voyager annotation if ingressClass == "", then handle no annotaion or voyager annotation

func (Ingress) Stats 

func (r Ingress) Stats() bool

func (Ingress) StatsLabels 

func (r Ingress) StatsLabels() map[string]string

func (Ingress) StatsPort 

func (r Ingress) StatsPort() int

func (Ingress) StatsSecretName 

func (r Ingress) StatsSecretName() string

func (Ingress) StatsServiceName 

func (r Ingress) StatsServiceName() string

func (Ingress) StickySession 

func (r Ingress) StickySession() bool

func (Ingress) Timeouts 

func (r Ingress) Timeouts() map[string]string

type IngressBackend 

type IngressBackend struct {

	// Host names to forward traffic to. If empty traffic will be
	// forwarded to all subsets instance.
	// If set only matched hosts will get the traffic.
	// This is an handy way to send traffic to Specific
	// StatefulSet pod.
	// IE. Setting [web-0] will send traffic to only web-0 host
	// for this StatefulSet, https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#creating-a-statefulset
	HostNames []string `json:"hostNames,omitempty"`

	// Specifies the name of the referenced service.
	ServiceName string `json:"serviceName,omitempty"`

	// Specifies the port of the referenced service.
	ServicePort intstr.IntOrString `json:"servicePort,omitempty"`

	// Serialized HAProxy rules to apply on server backend including
	// request, response or header rewrite. acls also can be used.
	// https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#1
	BackendRule []string `json:"backendRule,omitempty"`

	// Path rewrite rules with haproxy formatted regex.
	//
	// Deprecated: Use backendRule, will be removed.
	RewriteRule []string `json:"rewriteRule,omitempty"`

	// Header rules to modifies the header.
	//
	// Deprecated: Use backendRule, will be removed.
	HeaderRule []string `json:"headerRule,omitempty"`
}

IngressBackend describes all endpoints for a given service and port.

type IngressList 

type IngressList struct {
	metav1.TypeMeta `json:",inline"`
	// Standard object's metadata.
	// More info: http://releases.k8s.io/release-1.2/docs/devel/api-conventions.md#metadata
	metav1.ListMeta `json:"metadata,omitempty"`

	// Items is the list of Ingress.
	Items []Ingress `json:"items"`
}

IngressList is a collection of Ingress.

func (*IngressList) GetObjectKind 

func (obj *IngressList) GetObjectKind() schema.ObjectKind

type IngressRef 

type IngressRef struct {
	APISchema string `json:"apiSchema"`
	Name      string `json:"name"`
	Namespace string `json:"namespace"`
}

type IngressRule 

type IngressRule struct {
	// Host is the fully qualified domain name of a network host, as defined
	// by RFC 3986. Note the following deviations from the "host" part of the
	// URI as defined in the RFC:
	// 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the
	//	  IP in the Spec of the parent Ingress.
	// 2. The `:` delimiter is not respected because ports are not allowed.
	//	  Currently the port of an Ingress is implicitly :80 for http and
	//	  :443 for https.
	// Both these may change in the future.
	// Incoming requests are matched against the host before the IngressRuleValue.
	// If the host is unspecified, the Ingress routes all traffic based on the
	// specified IngressRuleValue.
	Host string `json:"host,omitempty"`
	// IngressRuleValue represents a rule to route requests for this IngressRule.
	// If unspecified, the rule defaults to a http catch-all. Whether that sends
	// just traffic matching the host to the default backend or all traffic to the
	// default backend, is left to the controller fulfilling the Ingress. Http is
	// currently the only supported IngressRuleValue.
	IngressRuleValue `json:",inline,omitempty"`
}

IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue.

type IngressRuleValue 

type IngressRuleValue struct {
	HTTP *HTTPIngressRuleValue `json:"http,omitempty"`

	TCP []TCPIngressRuleValue `json:"tcp,omitempty"`
}

IngressRuleValue represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. Currently mixing different types of rules in a single Ingress is disallowed, so exactly one of the following must be set.

type IngressSpec 

type IngressSpec struct {
	// A default backend capable of servicing requests that don't match any
	// rule. At least one of 'backend' or 'rules' must be specified. This field
	// is optional to allow the loadbalancer controller or defaulting logic to
	// specify a global default.
	Backend *IngressBackend `json:"backend,omitempty"`

	// TLS is the TLS configuration. Currently the Ingress only supports a single TLS
	// port, 443, and assumes TLS termination. If multiple members of this
	// list specify different hosts, they will be multiplexed on the same
	// port according to the hostname specified through the SNI TLS extension.
	TLS []IngressTLS `json:"tls,omitempty"`

	// A list of host rules used to configure the Ingress. If unspecified, or
	// no rule matches, all traffic is sent to the default backend.
	Rules []IngressRule `json:"rules,omitempty"`

	// Optional: If specified and supported by the platform, this will restrict traffic through the cloud-provider
	// load-balancer will be restricted to the specified client IPs. This field will be ignored if the
	// cloud-provider does not support the feature.
	// https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
	LoadBalancerSourceRanges []string `json:"loadBalancerSourceRanges,omitempty"`

	// Compute Resources required by the sidecar container.
	Resources apiv1.ResourceRequirements `json:"resources,omitempty"`
}

IngressSpec describes the Ingress the user wishes to exist.

type IngressStatus 

type IngressStatus struct {
	// LoadBalancer contains the current status of the load-balancer.
	LoadBalancer apiv1.LoadBalancerStatus `json:"loadBalancer,omitempty"`
}

IngressStatus describe the current state of the Ingress.

type IngressTLS 

type IngressTLS struct {
	// Hosts are a list of hosts included in the TLS certificate. The values in
	// this list must match the name/s used in the tlsSecret. Defaults to the
	// wildcard host setting for the loadbalancer controller fulfilling this
	// Ingress, if left unspecified.
	Hosts []string `json:"hosts,omitempty"`
	// SecretName is the name of the secret used to terminate SSL traffic on 443.
	// Field is left optional to allow SSL routing based on SNI hostname alone.
	// If the SNI host in a listener conflicts with the "Host" header field used
	// by an IngressRule, the SNI host is used for termination and value of the
	// Host header is used for routing.
	SecretName string `json:"secretName,omitempty"`
}

IngressTLS describes the transport layer security associated with an Ingress.

type MonitorSpec 

type MonitorSpec struct {
	Prometheus *PrometheusSpec `json:"prometheus,omitempty"`
}

type PrometheusSpec 

type PrometheusSpec struct {
	// Port number for the exporter side car.
	Port int `json:"port,omitempty"`

	// Namespace of Prometheus. Service monitors will be created in this namespace.
	Namespace string `json:"namespace,omitempty"`
	// Labels are key value pairs that is used to select Prometheus instance via ServiceMonitor labels.
	// +optional
	Labels map[string]string `json:"labels,omitempty"`

	// Interval at which metrics should be scraped
	Interval string `json:"interval,omitempty"`
}

type TCPIngressRuleValue 

type TCPIngressRuleValue struct {
	// port to listen tcp connections.
	Port intstr.IntOrString `json:"port,omitempty"`

	// SSl cert used to terminate ssl in this port
	SecretName string `json:"secretName,omitempty"`

	// Backend to forward the requests.
	Backend IngressBackend `json:"backend,omitempty"`

	// Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS)
	// extension for application layer protocol negotiation. ALPN allows the application
	// layer to negotiate which protocol should be performed over a secure connection in a
	// manner which avoids additional round trips and which is independent of the application
	// layer protocols. It is used by HTTP/2.
	// If provided a list of alpn will be added to port as alpn option1,option2,...
	// If SecretName is Provided this secret will be used to terminate SSL with alpn options.
	// If Secret name is not provided backend server is responsible for handling SSL.
	ALPN []string `json:"alpn,omitempty"`
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.