tunnelconfig

package
v0.34.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 24, 2026 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package tunnelconfig provides types and utilities for managing tunnel configuration via ConfigMaps. This replaces the SyncState-based approach with a simpler, more robust ConfigMap-based aggregation system.

Index

Constants

View Source 
const (
	// ConfigMapLabelTunnelID is the label key for tunnel ID.
	ConfigMapLabelTunnelID = "cloudflare-operator.io/tunnel-id"
	// ConfigMapLabelType is the label key for config type.
	ConfigMapLabelType = "cloudflare-operator.io/type"
	// ConfigMapTypeValue is the label value for tunnel config type.
	ConfigMapTypeValue = "tunnel-config"
	// ConfigDataKey is the key in ConfigMap.Data for the config JSON.
	ConfigDataKey = "config.json"

	// SourceKindTunnel represents a Tunnel source.
	SourceKindTunnel = "Tunnel"
	// SourceKindClusterTunnel represents a ClusterTunnel source.
	SourceKindClusterTunnel = "ClusterTunnel"
	// SourceKindIngress represents an Ingress source.
	SourceKindIngress = "Ingress"
	// SourceKindTunnelBinding represents a TunnelBinding source.
	SourceKindTunnelBinding = "TunnelBinding"
	// SourceKindHTTPRoute represents an HTTPRoute source.
	SourceKindHTTPRoute = "HTTPRoute"

	// PriorityTunnelSettings is the priority for Tunnel/ClusterTunnel settings (highest).
	PriorityTunnelSettings = 10
	// PriorityBinding is the priority for TunnelBinding rules.
	PriorityBinding = 50
	// PriorityIngress is the priority for Ingress rules.
	PriorityIngress = 100
	// PriorityGateway is the priority for Gateway API rules.
	PriorityGateway = 100
)

Variables

This section is empty.

Functions

func ConfigMapName 

func ConfigMapName(tunnelID string) string

ConfigMapName returns the ConfigMap name for a tunnel.

func NewConfigMap 

func NewConfigMap(namespace, tunnelID string, owner metav1.Object, ownerGVK metav1.GroupVersionKind) *corev1.ConfigMap

NewConfigMap creates a new ConfigMap for a tunnel configuration.

func SourceKey 

func SourceKey(kind, namespace, name string) string

SourceKey returns a unique key for a source.

Types

type AccessConfig 

type AccessConfig struct {
	// Required indicates if Access is required.
	Required bool `json:"required,omitempty"`

	// TeamName is the Access team name.
	TeamName string `json:"teamName,omitempty"`

	// AudTag is the Access audience tag.
	AudTag []string `json:"audTag,omitempty"`
}

AccessConfig contains Cloudflare Access settings.

type CredentialsRef 

type CredentialsRef struct {
	// Name is the CloudflareCredentials resource name.
	Name string `json:"name,omitempty"`
}

CredentialsRef references Cloudflare credentials.

type IPRule 

type IPRule struct {
	// Prefix is the IP prefix (CIDR).
	Prefix string `json:"prefix"`

	// Allow indicates if this prefix is allowed.
	Allow bool `json:"allow"`

	// Ports is the list of ports (optional).
	Ports []int `json:"ports,omitempty"`
}

IPRule defines an IP access rule.

type IngressRule 

type IngressRule struct {
	// Hostname is the hostname to match.
	Hostname string `json:"hostname,omitempty"`

	// Path is the path to match (optional).
	Path string `json:"path,omitempty"`

	// Service is the backend service URL.
	Service string `json:"service"`

	// OriginRequest contains rule-specific origin request settings.
	OriginRequest *OriginRequestConfig `json:"originRequest,omitempty"`

	// Priority is the rule priority (lower = higher priority).
	Priority int `json:"priority,omitempty"`
}

IngressRule defines a tunnel ingress rule.

type OriginRequestConfig 

type OriginRequestConfig struct {
	// ConnectTimeout is the timeout for connecting to the origin.
	ConnectTimeout string `json:"connectTimeout,omitempty"`

	// TLSTimeout is the timeout for TLS handshake.
	TLSTimeout string `json:"tlsTimeout,omitempty"`

	// TCPKeepAlive is the TCP keep-alive interval.
	TCPKeepAlive string `json:"tcpKeepAlive,omitempty"`

	// NoHappyEyeballs disables Happy Eyeballs.
	NoHappyEyeballs bool `json:"noHappyEyeballs,omitempty"`

	// KeepAliveConnections is the number of keep-alive connections.
	KeepAliveConnections int `json:"keepAliveConnections,omitempty"`

	// KeepAliveTimeout is the keep-alive timeout.
	KeepAliveTimeout string `json:"keepAliveTimeout,omitempty"`

	// HTTPHostHeader overrides the HTTP Host header.
	HTTPHostHeader string `json:"httpHostHeader,omitempty"`

	// OriginServerName is the TLS server name for the origin.
	OriginServerName string `json:"originServerName,omitempty"`

	// NoTLSVerify disables TLS verification.
	NoTLSVerify bool `json:"noTLSVerify,omitempty"`

	// DisableChunkedEncoding disables chunked transfer encoding.
	DisableChunkedEncoding bool `json:"disableChunkedEncoding,omitempty"`

	// BastionMode enables bastion mode.
	BastionMode bool `json:"bastionMode,omitempty"`

	// ProxyAddress is the address of the proxy.
	ProxyAddress string `json:"proxyAddress,omitempty"`

	// ProxyPort is the port of the proxy.
	ProxyPort int `json:"proxyPort,omitempty"`

	// ProxyType is the type of proxy.
	ProxyType string `json:"proxyType,omitempty"`

	// IPRules contains IP access rules.
	IPRules []IPRule `json:"ipRules,omitempty"`

	// HTTP2Origin enables HTTP/2 to the origin.
	HTTP2Origin bool `json:"http2Origin,omitempty"`

	// Access contains Access settings.
	Access *AccessConfig `json:"access,omitempty"`
}

OriginRequestConfig contains origin request settings.

type Reconciler 

type Reconciler struct {
	client.Client
	Scheme            *runtime.Scheme
	Recorder          record.EventRecorder
	APIFactory        *common.APIClientFactory
	OperatorNamespace string
}

Reconciler reconciles tunnel configuration stored in ConfigMaps. It watches ConfigMaps with the tunnel-config label and syncs aggregated configuration to Cloudflare.

func (*Reconciler) Reconcile 

func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile handles ConfigMap reconciliation for tunnel configuration.

func (*Reconciler) SetupWithManager 

func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

type SourceConfig 

type SourceConfig struct {
	// Kind is the source kind (Tunnel, Ingress, TunnelBinding, etc.).
	Kind string `json:"kind"`

	// Namespace is the source namespace (empty for cluster-scoped).
	Namespace string `json:"namespace,omitempty"`

	// Name is the source name.
	Name string `json:"name"`

	// Generation is the source's generation when this config was captured.
	Generation int64 `json:"generation,omitempty"`

	// Settings contains tunnel-level settings (from Tunnel/ClusterTunnel).
	Settings *TunnelSettings `json:"settings,omitempty"`

	// Rules contains ingress rules (from Ingress/TunnelBinding/HTTPRoute).
	Rules []IngressRule `json:"rules,omitempty"`

	// UpdatedAt is when this source was last updated.
	UpdatedAt *metav1.Time `json:"updatedAt,omitempty"`
}

SourceConfig contains configuration from a single source.

func (*SourceConfig) GetSourceKey 

func (s *SourceConfig) GetSourceKey() string

GetSourceKey returns the source key for this config.

type TunnelConfig 

type TunnelConfig struct {
	// TunnelID is the Cloudflare tunnel ID.
	TunnelID string `json:"tunnelId"`

	// AccountID is the Cloudflare account ID.
	AccountID string `json:"accountId"`

	// TunnelName is the human-readable tunnel name.
	TunnelName string `json:"tunnelName,omitempty"`

	// WARPRouting contains WARP routing settings.
	WARPRouting *WARPRoutingConfig `json:"warpRouting,omitempty"`

	// Sources contains configuration from each source (Tunnel, Ingress, etc.).
	Sources map[string]*SourceConfig `json:"sources"`

	// LastHash is the hash of the last synced configuration.
	LastHash string `json:"lastHash,omitempty"`

	// SyncStatus is the current sync status.
	SyncStatus string `json:"syncStatus,omitempty"`

	// LastSyncTime is the last time the configuration was synced.
	LastSyncTime *metav1.Time `json:"lastSyncTime,omitempty"`

	// CredentialsRef references the credentials to use for this tunnel.
	CredentialsRef *CredentialsRef `json:"credentialsRef,omitempty"`
}

TunnelConfig represents the aggregated tunnel configuration stored in a ConfigMap.

func ParseConfig 

func ParseConfig(cm *corev1.ConfigMap) (*TunnelConfig, error)

ParseConfig parses a TunnelConfig from a ConfigMap.

func (*TunnelConfig) AggregateRules 

func (c *TunnelConfig) AggregateRules() []IngressRule

AggregateRules aggregates all rules from all sources into a single list. Rules are sorted by priority and then by hostname.

func (*TunnelConfig) ComputeHash 

func (c *TunnelConfig) ComputeHash() string

ComputeHash computes a hash of the configuration for change detection.

func (*TunnelConfig) GetOriginRequestDefaults 

func (c *TunnelConfig) GetOriginRequestDefaults() *OriginRequestConfig

GetOriginRequestDefaults returns the default origin request settings from tunnel sources.

func (*TunnelConfig) IsWARPRoutingEnabled 

func (c *TunnelConfig) IsWARPRoutingEnabled() bool

IsWARPRoutingEnabled checks if any source has WARP routing enabled.

func (*TunnelConfig) ToConfigMapData 

func (c *TunnelConfig) ToConfigMapData() (map[string]string, error)

ToConfigMapData serializes the TunnelConfig to ConfigMap data.

type TunnelSettings 

type TunnelSettings struct {
	// WARPRouting indicates if WARP routing should be enabled.
	WARPRouting bool `json:"warpRouting,omitempty"`

	// OriginRequest contains default origin request settings.
	OriginRequest *OriginRequestConfig `json:"originRequest,omitempty"`
}

TunnelSettings contains tunnel-level settings.

type WARPRoutingConfig 

type WARPRoutingConfig struct {
	// Enabled indicates if WARP routing is enabled.
	Enabled bool `json:"enabled"`
}

WARPRoutingConfig contains WARP routing settings.

type Writer 

type Writer struct {
	// contains filtered or unexported fields
}

Writer provides methods for writing to tunnel configuration ConfigMaps.

func NewWriter 

func NewWriter(c client.Client, operatorNamespace string) *Writer

NewWriter creates a new Writer.

func (*Writer) DeleteConfigMap 

func (w *Writer) DeleteConfigMap(ctx context.Context, tunnelID string) error

DeleteConfigMap deletes the tunnel configuration ConfigMap.

func (*Writer) GetTunnelConfig 

func (w *Writer) GetTunnelConfig(ctx context.Context, tunnelID string) (*TunnelConfig, error)

GetTunnelConfig gets the current tunnel configuration.

func (*Writer) RemoveSourceConfig 

func (w *Writer) RemoveSourceConfig(
	ctx context.Context,
	tunnelID string,
	sourceKey string,
) error

RemoveSourceConfig removes a source configuration from the tunnel's ConfigMap.

func (*Writer) SetTunnelSettings 

func (w *Writer) SetTunnelSettings(
	ctx context.Context,
	tunnelID string,
	accountID string,
	tunnelName string,
	settings *TunnelSettings,
	credentialsRef *CredentialsRef,
	source *SourceConfig,
	owner metav1.Object,
	ownerGVK metav1.GroupVersionKind,
) error

SetTunnelSettings sets tunnel-level settings (from Tunnel/ClusterTunnel).

func (*Writer) WriteSourceConfig 

func (w *Writer) WriteSourceConfig(
	ctx context.Context,
	tunnelID string,
	accountID string,
	source *SourceConfig,
	owner metav1.Object,
	ownerGVK metav1.GroupVersionKind,
) error

WriteSourceConfig writes a source configuration to the tunnel's ConfigMap. If the ConfigMap doesn't exist, it will be created.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.