forked from kubernetes/ingress-gce
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ingress.go
148 lines (124 loc) · 4.64 KB
/
ingress.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package annotations
import (
"strconv"
extensions "k8s.io/api/extensions/v1beta1"
)
const (
// StatusPrefix is the prefix used in annotations used to record
// debug information in the Ingress annotations.
StatusPrefix = "ingress.kubernetes.io"
// AllowHTTPKey tells the Ingress controller to allow/block HTTP access.
// If either unset or set to true, the controller will create a
// forwarding-rule for port 80, and any additional rules based on the TLS
// section of the Ingress. If set to false, the controller will only create
// rules for port 443 based on the TLS section.
AllowHTTPKey = "kubernetes.io/ingress.allow-http"
// StaticIPNameKey tells the Ingress controller to use a specific GCE
// static ip for its forwarding rules. If specified, the Ingress controller
// assigns the static ip by this name to the forwarding rules of the given
// Ingress. The controller *does not* manage this ip, it is the users
// responsibility to create/delete it.
StaticIPNameKey = "kubernetes.io/ingress.global-static-ip-name"
// PreSharedCertKey represents the specific pre-shared SSL
// certicate for the Ingress controller to use. The controller *does not*
// manage this certificate, it is the users responsibility to create/delete it.
// In GCP, the Ingress controller assigns the SSL certificate with this name
// to the target proxies of the Ingress.
PreSharedCertKey = "ingress.gcp.kubernetes.io/pre-shared-cert"
// IngressClassKey picks a specific "class" for the Ingress. The controller
// only processes Ingresses with this annotation either unset, or set
// to either gceIngessClass or the empty string.
IngressClassKey = "kubernetes.io/ingress.class"
GceIngressClass = "gce"
GceMultiIngressClass = "gce-multi-cluster"
// Label key to denote which GCE zone a Kubernetes node is in.
ZoneKey = "failure-domain.beta.kubernetes.io/zone"
DefaultZone = ""
// InstanceGroupsAnnotationKey is the annotation key used by controller to
// specify the name and zone of instance groups created for the ingress.
// This is read only for users. Controller will overrite any user updates.
// This is only set for ingresses with ingressClass = "gce-multi-cluster"
InstanceGroupsAnnotationKey = "ingress.gcp.kubernetes.io/instance-groups"
// ManagedCertificates represents the specific ManagedCertificate resources for
// the Ingress controller to use to terminate SSL. The controller *does not*
// manage ManagedCertificate resources, it is the user's responsibility to
// create/delete them.
ManagedCertificates = "gke.googleapis.com/managed-certificates"
// SuppressFirewallXPNErrorKey is the annotation key used by firewall
// controller whether to supress firewallXPNError.
SuppressFirewallXPNErrorKey = "networking.gke.io/suppress-firewall-xpn-error"
)
// Ingress represents ingress annotations.
type Ingress struct {
v map[string]string
}
// FromIngress extracts the annotations from an Ingress definition.
func FromIngress(ing *extensions.Ingress) *Ingress {
return &Ingress{ing.Annotations}
}
// AllowHTTP returns the allowHTTP flag. True by default.
func (ing *Ingress) AllowHTTP() bool {
val, ok := ing.v[AllowHTTPKey]
if !ok {
return true
}
v, err := strconv.ParseBool(val)
if err != nil {
return true
}
return v
}
// UseNamedTLS returns the name of the GCE SSL certificate. Empty by default.
func (ing *Ingress) UseNamedTLS() string {
val, ok := ing.v[PreSharedCertKey]
if !ok {
return ""
}
return val
}
func (ing *Ingress) StaticIPName() string {
val, ok := ing.v[StaticIPNameKey]
if !ok {
return ""
}
return val
}
func (ing *Ingress) IngressClass() string {
val, ok := ing.v[IngressClassKey]
if !ok {
return ""
}
return val
}
func (ing *Ingress) ManagedCertificates() string {
val, ok := ing.v[ManagedCertificates]
if !ok {
return ""
}
return val
}
// SuppressFirewallXPNError returns the SuppressFirewallXPNErrorKey flag.
// False by default.
func (ing *Ingress) SuppressFirewallXPNError() bool {
val, ok := ing.v[SuppressFirewallXPNErrorKey]
if !ok {
return false
}
v, err := strconv.ParseBool(val)
if err != nil {
return false
}
return v
}