forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 1
/
types.go
74 lines (59 loc) · 2.81 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package api
import (
kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api"
)
// Route encapsulates the inputs needed to connect an alias to endpoints.
type Route struct {
kapi.TypeMeta `json:",inline"`
kapi.ObjectMeta `json:"metadata,omitempty"`
// Required: Alias/DNS that points to the service
// Can be host or host:port
// host and port are combined to follow the net/url URL struct
Host string `json:"host"`
// Optional: Path that the router watches for, to route traffic for to the service
Path string `json:"path,omitempty"`
// the name of the service that this route points to
ServiceName string `json:"serviceName"`
//TLS provides the ability to configure certificates and termination for the route
TLS *TLSConfig `json:"tls,omitempty"`
}
// RouteList is a collection of Routes.
type RouteList struct {
kapi.TypeMeta `json:",inline"`
kapi.ListMeta `json:"metadata,omitempty"`
Items []Route `json:"items"`
}
// RouterShard has information of a routing shard and is used to
// generate host names and routing table entries when a routing shard is
// allocated for a specific route.
type RouterShard struct {
// Shard name uniquely identifies a router shard in the "set" of
// routers used for routing traffic to the services.
ShardName string
// The DNS suffix for the shard ala: shard-1.v3.openshift.com
DNSSuffix string
}
// TLSConfig defines config used to secure a route and provide termination
type TLSConfig struct {
// Termination indicates termination type. If termination type is not set, any termination config will be ignored
Termination TLSTerminationType `json:"termination,omitempty"`
// Certificate provides certificate contents
Certificate string `json:"certificate,omitempty"`
// Key provides key file contents
Key string `json:"key,omitempty"`
// CACertificate provides the cert authority certificate contents
CACertificate string `json:"caCertificate,omitempty"`
// DestinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt
// termination this file should be provided in order to have routers use it for health checks on the secure connection
DestinationCACertificate string `json:"destinationCACertificate,omitempty"`
}
// TLSTerminationType dictates where the secure communication will stop
type TLSTerminationType string
const (
// TLSTerminationEdge terminate encryption at the edge router.
TLSTerminationEdge TLSTerminationType = "edge"
// TLSTerminationPassthrough terminate encryption at the destination, the destination is responsible for decrypting traffic
TLSTerminationPassthrough TLSTerminationType = "passthrough"
// TLSTerminationReencrypt terminate encryption at the edge router and re-encrypt it with a new certificate supplied by the destination
TLSTerminationReencrypt TLSTerminationType = "reencrypt"
)