-
Notifications
You must be signed in to change notification settings - Fork 7
/
upstreamtls.go
83 lines (69 loc) · 2.77 KB
/
upstreamtls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
gwv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
gwv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1"
)
// UpstreamTLSPolicySpec defines the desired state of UpstreamTLSPolicy
type UpstreamTLSPolicySpec struct {
// TargetRef is the reference to the target resource to which the policy is applied
TargetRef gwv1alpha2.PolicyTargetReference `json:"targetRef"`
// +listType=map
// +listMapKey=port
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=16
// Ports is the session sticky configuration for ports
Ports []PortUpstreamTLS `json:"ports,omitempty"`
// +optional
// DefaultConfig is the default session sticky configuration for all ports
DefaultConfig *UpstreamTLSConfig `json:"config,omitempty"`
}
// PortUpstreamTLS defines the session sticky configuration for a port
type PortUpstreamTLS struct {
// Port is the port number of the target service
Port gwv1beta1.PortNumber `json:"port"`
// +optional
// Config is the session sticky configuration for the port
Config *UpstreamTLSConfig `json:"config,omitempty"`
}
// UpstreamTLSConfig defines the session sticky configuration
type UpstreamTLSConfig struct {
// CertificateRef is the reference to the certificate used for TLS connection to upstream
CertificateRef gwv1beta1.SecretObjectReference `json:"certificateRef"`
// +optional
// +kubebuilder:default=false
// MTLS is the flag to enable mutual TLS to upstream
MTLS *bool `json:"mTLS,omitempty"`
}
// UpstreamTLSPolicyStatus defines the observed state of UpstreamTLSPolicy
type UpstreamTLSPolicyStatus struct {
// Conditions describe the current conditions of the UpstreamTLSPolicy.
//
// +optional
// +listType=map
// +listMapKey=type
// +kubebuilder:validation:MaxItems=8
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:openapi-gen=true
// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// +kubebuilder:resource:scope=Namespaced
// +kubebuilder:metadata:labels={app.kubernetes.io/name=flomesh.io,gateway.networking.k8s.io/policy=true}
// UpstreamTLSPolicy is the Schema for the UpstreamTLSPolicy API
type UpstreamTLSPolicy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec UpstreamTLSPolicySpec `json:"spec,omitempty"`
Status UpstreamTLSPolicyStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// UpstreamTLSPolicyList contains a list of UpstreamTLSPolicy
type UpstreamTLSPolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []UpstreamTLSPolicy `json:"items"`
}