This repository has been archived by the owner on Jul 11, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 278
/
egress.go
89 lines (73 loc) · 2.96 KB
/
egress.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package v1alpha1
import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// Egress is the type used to represent an Egress traffic policy.
// An Egress policy allows applications to access endpoints
// external to the service mesh or cluster based on the specified
// rules in the policy.
// +genclient
// +genclient:noStatus
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type Egress struct {
// Object's type metadata
metav1.TypeMeta `json:",inline"`
// Object's metadata
// +optional
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec is the Egress policy specification
// +optional
Spec EgressSpec `json:"spec,omitempty"`
}
// EgressSpec is the type used to represent the Egress policy specification.
type EgressSpec struct {
// Sources defines the list of sources the Egress policy applies to.
Sources []SourceSpec `json:"sources"`
// Hosts defines the list of external hosts the Egress policy will allow
// access to.
//
// - For HTTP traffic, the HTTP Host/Authority header is matched against the
// list of Hosts specified.
//
// - For HTTPS traffic, the Server Name Indication (SNI) indicated by the client
// in the TLS handshake is matched against the list of Hosts specified.
//
// - For non-HTTP(s) based protocols, the Hosts field is ignored.
// +optional
Hosts []string `json:"hosts,omitempty"`
// IPAddresses defines the list of external IP address ranges the Egress policy
// applies to. The destination IP address of the traffic is matched against the
// list of IPAddresses specified as a CIDR range.
// +optional
IPAddresses []string `json:"ipAddresses,omitempty"`
// Ports defines the list of ports the Egress policy is applies to.
// The destination port of the traffic is matched against the list of Ports specified.
Ports []PortSpec `json:"ports"`
// Matches defines the list of object references the Egress policy should match on.
// +optional
Matches []corev1.TypedLocalObjectReference `json:"matches,omitempty"`
}
// SourceSpec is the type used to represent the Source in the list of Sources specified in an Egress policy specification.
type SourceSpec struct {
// Kind defines the kind for the source in the Egress policy, ex. ServiceAccount.
Kind string `json:"kind"`
// Name defines the name of the source for the given Kind.
Name string `json:"name"`
// Namespace defines the namespace for the given source.
Namespace string `json:"namespace"`
}
// PortSpec is the type used to represent the Port in the list of Ports specified in an Egress policy specification.
type PortSpec struct {
// Number defines the port number.
Number int `json:"number"`
// Protocol defines the protocol served by the port.
Protocol string `json:"protocol"`
}
// EgressList defines the list of Egress objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type EgressList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Egress `json:"items"`
}