generated from kubernetes/kubernetes-template-project
-
Notifications
You must be signed in to change notification settings - Fork 430
/
gateway_types.go
283 lines (257 loc) · 10.3 KB
/
gateway_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
core "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +kubebuilder:object:root=true
// Gateway represents an instantiation of a service-traffic handling infrastructure.
type Gateway struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec GatewaySpec `json:"spec,omitempty"`
Status GatewayStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// GatewayList contains a list of Gateway
type GatewayList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Gateway `json:"items"`
}
// GatewaySpec defines the desired state of Gateway.
//
// The Spec is split into two major pieces: listeners describing
// client-facing properties and routes that describe application-level
// routing.
//
// Not all possible combinations of options specified in the Spec are
// valid. Some invalid configurations can be caught synchronously via a
// webhook, but there are many cases that will require asynchronous
// signaling via the GatewayStatus block.
type GatewaySpec struct {
// Class used for this Gateway. This is the name of a GatewayClass resource.
Class string `json:"class"`
// Listeners associated with this Gateway. Listeners define what addresses,
// ports, protocols are bound on this Gateway.
Listeners []Listener `json:"listeners"`
// Routes associated with this Gateway. Routes define
// protocol-specific routing to backends (e.g. Services).
Routes []core.TypedLocalObjectReference `json:"routes"`
}
const (
// HTTPProcotol constant.
HTTPProcotol = "HTTP"
// HTTPSProcotol constant.
HTTPSProcotol = "HTTPS"
)
// Listener defines a
type Listener struct {
// Name can be used to tie this Listener to a ListenerStatus entry with the
// same name. Each listener must have a unique name within a Gateway. This
// must be a valid DNS_LABEL.
Name string `json:"string"`
// Address requested for this listener. This is optional and behavior
// can depend on GatewayClass. If a value is set in the spec and
// the request address is invalid, the GatewayClass MUST indicate
// this in the associated entry in GatewayStatus.Listeners.
//
// Support:
//
// +optional
Address *ListenerAddress `json:"address,omitempty"`
// Port is a list of ports associated with the Address.
//
// Support:
// +optional
Port *int32 `json:"port,omitempty"`
// Protocol to use.
//
// Support:
// +optional
Protocol *string `json:"protocol,omitempty"`
// TLS configuraton for the Listener.
//
// Support:
// +optional
TLS *ListenerTLS `json:"tls,omitempty"`
// Extension for this Listener.
//
// Support: custom.
// +optional
Extension *core.TypedLocalObjectReference `json:"extension,omitempty"`
}
const (
// IPAddress is an address that is an IP address.
//
// Support: Extended.
IPAddress = "IPAddress"
// NamedAddress is an address selected by name. The interpretation of
// the name is depenedent on the controller.
//
// Support: Implementation-specific.
NamedAddress = "NamedAddress"
)
// ListenerAddress describes an address for the Listener.
type ListenerAddress struct {
// Type of the Address. This is one of the *AddressType constants.
//
// Support: Extended
Type string `json:"type"`
// Value. Examples: "1.2.3.4", "128::1", "my-ip-address". Validity of the
// values will depend on `Type` and support by the controller.
Value string `json:"value"`
}
const (
// TLS1_0 denotes the TLS v1.0.
TLS1_0 = "TLS1_0"
// TLS1_1 denotes the TLS v1.0.
TLS1_1 = "TLS1_1"
// TLS1_2 denotes the TLS v1.0.
TLS1_2 = "TLS1_2"
// TLS1_3 denotes the TLS v1.0.
TLS1_3 = "TLS1_3"
)
// ListenerTLS describes the TLS configuration for a given port.
//
// References
// - nginx: https://nginx.org/en/docs/http/configuring_https_servers.html
// - envoy: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/auth/cert.proto
// - haproxy: https://www.haproxy.com/documentation/aloha/9-5/traffic-management/lb-layer7/tls/
// - gcp: https://cloud.google.com/load-balancing/docs/use-ssl-policies#creating_an_ssl_policy_with_a_custom_profile
// - aws: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies
// - azure: https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-bindings#enforce-tls-1112
type ListenerTLS struct {
// Certificates is a list of certificates containing resources
// that are bound to the listener.
//
// If apiGroup and kind are empty, will default to Kubernetes Secrets resources.
//
// Support: Core (Kubernetes Secrets)
// Support: Implementation-specific (Other resource types)
Certificates []core.TypedLocalObjectReference `json:"certificates,omitempty"`
// MinimumVersion of TLS allowed. It is recommended to use one of
// the TLS_* constants above. Note: this is not strongly
// typed to allow implementation-specific versions to be used without
// requiring updates to the API types. String must be of the form
// "<protocol><major>_<minor>".
//
// Support: Core for TLS1_{1,2,3}. Implementation-specific for all other
// values.
//
// +optional
MinimumVersion *string `json:"minimumVersion"`
// Options are a list of key/value pairs to give extended options
// to the provider.
//
// There variation among providers as to how ciphersuites are
// expressed. If there is a common subset for expressing ciphers
// then it will make sense to loft that as a core API
// construct.
//
// Support: Implementation-specific.
Options map[string]string `json:"options"`
}
// GatewayStatus defines the observed state of Gateway.
type GatewayStatus struct {
// Conditions describe the current conditions of the Gateway.
Conditions []GatewayCondition `json:"conditions"`
// Listeners provide status for each listener defined in the Spec. The name
// in ListenerStatus refers to the corresponding Listener of the same name.
Listeners []ListenerStatus `json:"listeners"`
}
// GatewayConditionType is a type of condition associated with a Gateway.
type GatewayConditionType string
const (
// ConditionNoSuchGatewayClass indicates that the specified GatewayClass
// does not exist.
ConditionNoSuchGatewayClass GatewayConditionType = "NoSuchGatewayClass"
// ConditionGatewayNotScheduled indicates that the Gateway has not been
// scheduled.
ConditionGatewayNotScheduled GatewayConditionType = "GatewayNotScheduled"
// ConditionListenersNotReady indicates that at least one of the specified
// listeners is not ready. If this condition has a status of True, a more
// detailed ListenerCondition should be present in the corresponding
// ListenerStatus.
ConditionListenersNotReady GatewayConditionType = "ListenersNotReady"
// ConditionInvalidListeners indicates that at least one of the specified
// listeners is invalid. If this condition has a status of True, a more
// detailed ListenerCondition should be present in the corresponding
// ListenerStatus.
ConditionInvalidListeners GatewayConditionType = "InvalidListeners"
// ConditionRoutesNotReady indicates that at least one of the specified
// routes is not ready.
ConditionRoutesNotReady GatewayConditionType = "RoutesNotReady"
// ConditionInvalidRoutes indicates that at least one of the specified
// routes is invalid.
ConditionInvalidRoutes GatewayConditionType = "InvalidRoutes"
)
// GatewayCondition is an error status for a given route.
type GatewayCondition struct {
// Type indicates the type of condition.
Type GatewayConditionType `json:"type"`
// Status describes the current state of this condition. Can be "True",
// "False", or "Unknown".
Status core.ConditionStatus `json:"status"`
// Message is a human-understandable message describing the condition.
// +optional
Message string `json:"message,omitempty"`
// Reason indicates why the condition is in this state.
// +optional
Reason string `json:"reason,omitempty"`
// LastTransitionTime indicates the last time this condition changed.
// +optional
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}
// ListenerStatus is the status associated with each listener block.
type ListenerStatus struct {
// Name is the name of the listener this status refers to.
Name string `json:"name"`
// Address bound on this listener.
Address *ListenerAddress `json:"address"`
// Conditions describe the current condition of this listener.
Conditions []ListenerCondition `json:"conditions"`
}
// ListenerConditionType is a type of condition associated with the listener.
type ListenerConditionType string
const (
// ConditionInvalidListener is a generic condition that is a catch all for
// unsupported configurations that do not match a more specific condition.
// Implementors should try to use a more specific condition instead of this
// one to give users and automation more information.
ConditionInvalidListener ListenerConditionType = "InvalidListener"
// ConditionListenerNotReady indicates the listener is not ready.
ConditionListenerNotReady ListenerConditionType = "ListenerNotReady"
// ConditionInvalidAddress indicates the Address is invalid.
ConditionInvalidAddress ListenerConditionType = "InvalidAddress"
)
// ListenerCondition is an error status for a given listener.
type ListenerCondition struct {
// Type indicates the type of condition.
Type ListenerConditionType `json:"type"`
// Status describes the current state of this condition. Can be "True",
// "False", or "Unknown".
Status core.ConditionStatus `json:"status"`
// Message is a human-understandable message describing the condition.
// +optional
Message string `json:"message,omitempty"`
// Reason indicates why the condition is in this state.
// +optional
Reason string `json:"reason,omitempty"`
// LastTransitionTime indicates the last time this condition changed.
// +optional
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}
func init() {
SchemeBuilder.Register(&Gateway{}, &GatewayList{})
}