Affected by 
Documentation
¶
Overview ¶
Package v1alpha1 contains API schema definitions for the gateway.envoyproxy.io API group.
+kubebuilder:object:generate=true +groupName=gateway.envoyproxy.io
Index ¶
- Constants
- Variables
- type AuthenticationFilter
- type AuthenticationFilterList
- type AuthenticationFilterSpec
- type AuthenticationFilterType
- type ClaimToHeader
- type EnvoyJSONPatchConfig
- type EnvoyPatchPolicy
- type EnvoyPatchPolicyList
- type EnvoyPatchPolicySpec
- type EnvoyPatchPolicyStatus
- type EnvoyPatchType
- type EnvoyResourceType
- type GlobalRateLimit
- type HeaderMatch
- type HeaderMatchType
- type JSONPatchOperation
- type JSONPatchOperationType
- type JwtAuthenticationFilterProvider
- type RateLimitFilter
- type RateLimitFilterList
- type RateLimitFilterSpec
- type RateLimitRule
- type RateLimitSelectCondition
- type RateLimitType
- type RateLimitUnit
- type RateLimitValue
- type RemoteJWKS
- type SourceMatch
- type SourceMatchType
Constants ¶
const ( // PolicyConditionProgrammed indicates whether the policy has been translated // and ready to be programmed into the data plane. // // Possible reasons for this condition to be True are: // // * "Programmed" // // Possible reasons for this condition to be False are: // // * "Invalid" // * "ResourceNotFound" // PolicyConditionProgrammed gwapiv1a2.PolicyConditionType = "Programmed" // PolicyReasonProgrammed is used with the "Programmed" condition when the policy // is ready to be programmed into the data plane. PolicyReasonProgrammed gwapiv1a2.PolicyConditionReason = "Programmed" // PolicyReasonInvalid is used with the "Programmed" condition when the patch // is syntactically or semantically invalid. PolicyReasonInvalid gwapiv1a2.PolicyConditionReason = "Invalid" // PolicyReasonTargetNotFound is used with the "Programmed" condition when the // policy cannot find the resource type to patch to. PolicyReasonResourceNotFound gwapiv1a2.PolicyConditionReason = "ResourceNotFound" )
const (
// KindAuthenticationFilter is the name of the AuthenticationFilter kind.
KindAuthenticationFilter = "AuthenticationFilter"
)
const (
// KindEnvoyPatchPolicy is the name of the EnvoyPatchPolicy kind.
KindEnvoyPatchPolicy = "EnvoyPatchPolicy"
)
const (
// KindRateLimitFilter is the name of the RateLimitFilter kind.
KindRateLimitFilter = "RateLimitFilter"
)
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "gateway.envoyproxy.io", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type AuthenticationFilter ¶
type AuthenticationFilter struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec defines the desired state of the AuthenticationFilter type.
Spec AuthenticationFilterSpec `json:"spec"`
}
func (*AuthenticationFilter) DeepCopy ¶
func (in *AuthenticationFilter) DeepCopy() *AuthenticationFilter
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationFilter.
func (*AuthenticationFilter) DeepCopyInto ¶
func (in *AuthenticationFilter) DeepCopyInto(out *AuthenticationFilter)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthenticationFilter) DeepCopyObject ¶
func (in *AuthenticationFilter) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AuthenticationFilterList ¶
type AuthenticationFilterList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []AuthenticationFilter `json:"items"`
}
AuthenticationFilterList contains a list of AuthenticationFilter.
func (*AuthenticationFilterList) DeepCopy ¶
func (in *AuthenticationFilterList) DeepCopy() *AuthenticationFilterList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationFilterList.
func (*AuthenticationFilterList) DeepCopyInto ¶
func (in *AuthenticationFilterList) DeepCopyInto(out *AuthenticationFilterList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthenticationFilterList) DeepCopyObject ¶
func (in *AuthenticationFilterList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AuthenticationFilterSpec ¶
type AuthenticationFilterSpec struct {
// Type defines the type of authentication provider to use. Supported provider types
// are "JWT".
//
// +unionDiscriminator
Type AuthenticationFilterType `json:"type"`
// JWT defines the JSON Web Token (JWT) authentication provider type. When multiple
// jwtProviders are specified, the JWT is considered valid if any of the providers
// successfully validate the JWT. For additional details, see
// https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/jwt_authn_filter.html.
//
// +kubebuilder:validation:MaxItems=4
// +optional
JwtProviders []JwtAuthenticationFilterProvider `json:"jwtProviders,omitempty"`
}
AuthenticationFilterSpec defines the desired state of the AuthenticationFilter type. +union
func (*AuthenticationFilterSpec) DeepCopy ¶
func (in *AuthenticationFilterSpec) DeepCopy() *AuthenticationFilterSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationFilterSpec.
func (*AuthenticationFilterSpec) DeepCopyInto ¶
func (in *AuthenticationFilterSpec) DeepCopyInto(out *AuthenticationFilterSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthenticationFilterType ¶
type AuthenticationFilterType string
AuthenticationFilterType is a type of authentication provider. +kubebuilder:validation:Enum=JWT
const ( // JwtAuthenticationFilterProviderType is a provider that uses JSON Web Token (JWT) // for authenticating requests.. JwtAuthenticationFilterProviderType AuthenticationFilterType = "JWT" )
type ClaimToHeader ¶ added in v0.5.0
type ClaimToHeader struct {
// Header defines the name of the HTTP request header that the JWT Claim will be saved into.
Header string `json:"header"`
// Claim is the JWT Claim that should be saved into the header : it can be a nested claim of type
// (eg. "claim.nested.key", "sub"). The nested claim name must use dot "."
// to separate the JSON name path.
Claim string `json:"claim"`
}
ClaimToHeader defines a configuration to convert JWT claims into HTTP headers
func (*ClaimToHeader) DeepCopy ¶ added in v0.5.0
func (in *ClaimToHeader) DeepCopy() *ClaimToHeader
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimToHeader.
func (*ClaimToHeader) DeepCopyInto ¶ added in v0.5.0
func (in *ClaimToHeader) DeepCopyInto(out *ClaimToHeader)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyJSONPatchConfig ¶ added in v0.5.0
type EnvoyJSONPatchConfig struct {
// Type is the typed URL of the Envoy xDS Resource
Type EnvoyResourceType `json:"type"`
// Name is the name of the resource
Name string `json:"name"`
// Patch defines the JSON Patch Operation
Operation JSONPatchOperation `json:"operation"`
}
EnvoyJSONPatchConfig defines the configuration for patching a Envoy xDS Resource using JSONPatch semantic
func (*EnvoyJSONPatchConfig) DeepCopy ¶ added in v0.5.0
func (in *EnvoyJSONPatchConfig) DeepCopy() *EnvoyJSONPatchConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyJSONPatchConfig.
func (*EnvoyJSONPatchConfig) DeepCopyInto ¶ added in v0.5.0
func (in *EnvoyJSONPatchConfig) DeepCopyInto(out *EnvoyJSONPatchConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyPatchPolicy ¶ added in v0.5.0
type EnvoyPatchPolicy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec defines the desired state of EnvoyPatchPolicy.
Spec EnvoyPatchPolicySpec `json:"spec"`
// Status defines the current status of EnvoyPatchPolicy.
Status EnvoyPatchPolicyStatus `json:"status,omitempty"`
}
EnvoyPatchPolicy allows the user to modify the generated Envoy xDS resources by Envoy Gateway using this patch API
func (*EnvoyPatchPolicy) DeepCopy ¶ added in v0.5.0
func (in *EnvoyPatchPolicy) DeepCopy() *EnvoyPatchPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyPatchPolicy.
func (*EnvoyPatchPolicy) DeepCopyInto ¶ added in v0.5.0
func (in *EnvoyPatchPolicy) DeepCopyInto(out *EnvoyPatchPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyPatchPolicy) DeepCopyObject ¶ added in v0.5.0
func (in *EnvoyPatchPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type EnvoyPatchPolicyList ¶ added in v0.5.0
type EnvoyPatchPolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []EnvoyPatchPolicy `json:"items"`
}
EnvoyPatchPolicyList contains a list of EnvoyPatchPolicy resources.
func (*EnvoyPatchPolicyList) DeepCopy ¶ added in v0.5.0
func (in *EnvoyPatchPolicyList) DeepCopy() *EnvoyPatchPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyPatchPolicyList.
func (*EnvoyPatchPolicyList) DeepCopyInto ¶ added in v0.5.0
func (in *EnvoyPatchPolicyList) DeepCopyInto(out *EnvoyPatchPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyPatchPolicyList) DeepCopyObject ¶ added in v0.5.0
func (in *EnvoyPatchPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type EnvoyPatchPolicySpec ¶ added in v0.5.0
type EnvoyPatchPolicySpec struct {
// Type decides the type of patch.
// Valid EnvoyPatchType values are "JSONPatch".
//
// +unionDiscriminator
Type EnvoyPatchType `json:"type"`
// JSONPatch defines the JSONPatch configuration.
//
// +optional
JSONPatches []EnvoyJSONPatchConfig `json:"jsonPatches,omitempty"`
// TargetRef is the name of the Gateway API resource this policy
// is being attached to.
// Currently only attaching to Gateway is supported
// This Policy and the TargetRef MUST be in the same namespace
// for this Policy to have effect and be applied to the Gateway
// TargetRef
TargetRef gwapiv1a2.PolicyTargetReference `json:"targetRef"`
// Priority of the EnvoyPatchPolicy.
// If multiple EnvoyPatchPolicies are applied to the same
// TargetRef, they will be applied in the ascending order of
// the priority i.e. int32.min has the highest priority and
// int32.max has the lowest priority.
// Defaults to 0.
Priority int32 `json:"priority"`
}
EnvoyPatchPolicySpec defines the desired state of EnvoyPatchPolicy. +union
func (*EnvoyPatchPolicySpec) DeepCopy ¶ added in v0.5.0
func (in *EnvoyPatchPolicySpec) DeepCopy() *EnvoyPatchPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyPatchPolicySpec.
func (*EnvoyPatchPolicySpec) DeepCopyInto ¶ added in v0.5.0
func (in *EnvoyPatchPolicySpec) DeepCopyInto(out *EnvoyPatchPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyPatchPolicyStatus ¶ added in v0.5.0
type EnvoyPatchPolicyStatus struct {
// Conditions describe the current conditions of the EnvoyPatchPolicy.
//
// +optional
// +listType=map
// +listMapKey=type
// +kubebuilder:validation:MaxItems=8
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
EnvoyPatchPolicyStatus defines the state of EnvoyPatchPolicy
func (*EnvoyPatchPolicyStatus) DeepCopy ¶ added in v0.5.0
func (in *EnvoyPatchPolicyStatus) DeepCopy() *EnvoyPatchPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyPatchPolicyStatus.
func (*EnvoyPatchPolicyStatus) DeepCopyInto ¶ added in v0.5.0
func (in *EnvoyPatchPolicyStatus) DeepCopyInto(out *EnvoyPatchPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyPatchType ¶ added in v0.5.0
type EnvoyPatchType string
EnvoyPatchType specifies the types of Envoy patching mechanisms. +kubebuilder:validation:Enum=JSONPatch
const ( // JSONPatchEnvoyPatchType allows the user to patch the generated xDS resources using JSONPatch semantics. // For more details on the semantics, please refer to https://datatracker.ietf.org/doc/html/rfc6902 JSONPatchEnvoyPatchType EnvoyPatchType = "JSONPatch" )
type EnvoyResourceType ¶ added in v0.5.0
type EnvoyResourceType string
EnvoyResourceType specifies the type URL of the Envoy resource. +kubebuilder:validation:Enum=type.googleapis.com/envoy.config.listener.v3.Listener;type.googleapis.com/envoy.config.route.v3.RouteConfiguration;type.googleapis.com/envoy.config.cluster.v3.Cluster;type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment
const ( // ListenerEnvoyResourceType defines the Type URL of the Listener resource ListenerEnvoyResourceType EnvoyResourceType = "type.googleapis.com/envoy.config.listener.v3.Listener" // RouteConfigurationEnvoyResourceType defines the Type URL of the RouteConfiguration resource RouteConfigurationEnvoyResourceType EnvoyResourceType = "type.googleapis.com/envoy.config.route.v3.RouteConfiguration" // ClusterEnvoyResourceType defines the Type URL of the Cluster resource ClusterEnvoyResourceType EnvoyResourceType = "type.googleapis.com/envoy.config.cluster.v3.Cluster" // ClusterLoadAssignmentEnvoyResourceType defines the Type URL of the ClusterLoadAssignment resource ClusterLoadAssignmentEnvoyResourceType EnvoyResourceType = "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment" )
type GlobalRateLimit ¶
type GlobalRateLimit struct {
// Rules are a list of RateLimit selectors and limits.
// Each rule and its associated limit is applied
// in a mutually exclusive way i.e. if multiple
// rules get selected, each of their associated
// limits get applied, so a single traffic request
// might increase the rate limit counters for multiple
// rules if selected.
//
// +kubebuilder:validation:MaxItems=16
Rules []RateLimitRule `json:"rules"`
}
GlobalRateLimit defines global rate limit configuration.
func (*GlobalRateLimit) DeepCopy ¶
func (in *GlobalRateLimit) DeepCopy() *GlobalRateLimit
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalRateLimit.
func (*GlobalRateLimit) DeepCopyInto ¶
func (in *GlobalRateLimit) DeepCopyInto(out *GlobalRateLimit)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HeaderMatch ¶
type HeaderMatch struct {
// Type specifies how to match against the value of the header.
//
// +optional
// +kubebuilder:default=Exact
Type *HeaderMatchType `json:"type,omitempty"`
// Name of the HTTP header.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=256
Name string `json:"name"`
// Value within the HTTP header. Due to the
// case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
// Do not set this field when Type="Distinct", implying matching on any/all unique
// values within the header.
//
// +optional
// +kubebuilder:validation:MaxLength=1024
Value *string `json:"value,omitempty"`
}
HeaderMatch defines the match attributes within the HTTP Headers of the request.
func (*HeaderMatch) DeepCopy ¶
func (in *HeaderMatch) DeepCopy() *HeaderMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderMatch.
func (*HeaderMatch) DeepCopyInto ¶
func (in *HeaderMatch) DeepCopyInto(out *HeaderMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HeaderMatchType ¶
type HeaderMatchType string
HeaderMatchType specifies the semantics of how HTTP header values should be compared. Valid HeaderMatchType values are "Exact", "RegularExpression", and "Distinct".
+kubebuilder:validation:Enum=Exact;RegularExpression;Distinct
const ( // HeaderMatchExact matches the exact value of the Value field against the value of // the specified HTTP Header. HeaderMatchExact HeaderMatchType = "Exact" // HeaderMatchRegularExpression matches a regular expression against the value of the // specified HTTP Header. The regex string must adhere to the syntax documented in // https://github.com/google/re2/wiki/Syntax. HeaderMatchRegularExpression HeaderMatchType = "RegularExpression" // HeaderMatchDistinct matches any and all possible unique values encountered in the // specified HTTP Header. Note that each unique value will receive its own rate limit // bucket. HeaderMatchDistinct HeaderMatchType = "Distinct" )
HeaderMatchType constants.
type JSONPatchOperation ¶ added in v0.5.0
type JSONPatchOperation struct {
// Op is the type of operation to perform
Op JSONPatchOperationType `json:"op"`
// Path is the location of the target document/field where the operation will be performed
// Refer to https://datatracker.ietf.org/doc/html/rfc6901 for more details.
Path string `json:"path"`
// Value is the new value of the path location.
Value apiextensionsv1.JSON `json:"value"`
}
JSONPatchOperation defines the JSON Patch Operation as defined in https://datatracker.ietf.org/doc/html/rfc6902
func (*JSONPatchOperation) DeepCopy ¶ added in v0.5.0
func (in *JSONPatchOperation) DeepCopy() *JSONPatchOperation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JSONPatchOperation.
func (*JSONPatchOperation) DeepCopyInto ¶ added in v0.5.0
func (in *JSONPatchOperation) DeepCopyInto(out *JSONPatchOperation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JSONPatchOperationType ¶ added in v0.5.0
type JSONPatchOperationType string
JSONPatchOperationType specifies the JSON Patch operations that can be performed. +kubebuilder:validation:Enum=add;remove;replace;move;copy;test
type JwtAuthenticationFilterProvider ¶
type JwtAuthenticationFilterProvider struct {
// Name defines a unique name for the JWT provider. A name can have a variety of forms,
// including RFC1123 subdomains, RFC 1123 labels, or RFC 1035 labels.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
Name string `json:"name"`
// Issuer is the principal that issued the JWT and takes the form of a URL or email address.
// For additional details, see https://tools.ietf.org/html/rfc7519#section-4.1.1 for
// URL format and https://rfc-editor.org/rfc/rfc5322.html for email format. If not provided,
// the JWT issuer is not checked.
//
// +kubebuilder:validation:MaxLength=253
// +optional
Issuer string `json:"issuer,omitempty"`
// Audiences is a list of JWT audiences allowed access. For additional details, see
// https://tools.ietf.org/html/rfc7519#section-4.1.3. If not provided, JWT audiences
// are not checked.
//
// +kubebuilder:validation:MaxItems=8
// +optional
Audiences []string `json:"audiences,omitempty"`
// RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote
// HTTP/HTTPS endpoint.
RemoteJWKS RemoteJWKS `json:"remoteJWKS"`
// ClaimToHeaders is a list of JWT claims that must be extracted into HTTP request headers
// For examples, following config:
// The claim must be of type; string, int, double, bool. Array type claims are not supported
//
ClaimToHeaders []ClaimToHeader `json:"claimToHeaders,omitempty"`
}
JwtAuthenticationFilterProvider defines the JSON Web Token (JWT) authentication provider type and how JWTs should be verified:
func (*JwtAuthenticationFilterProvider) DeepCopy ¶
func (in *JwtAuthenticationFilterProvider) DeepCopy() *JwtAuthenticationFilterProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtAuthenticationFilterProvider.
func (*JwtAuthenticationFilterProvider) DeepCopyInto ¶
func (in *JwtAuthenticationFilterProvider) DeepCopyInto(out *JwtAuthenticationFilterProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitFilter ¶
type RateLimitFilter struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec defines the desired state of RateLimitFilter.
Spec RateLimitFilterSpec `json:"spec"`
}
RateLimitFilter allows the user to limit the number of incoming requests to a predefined value based on attributes within the traffic flow.
func (*RateLimitFilter) DeepCopy ¶
func (in *RateLimitFilter) DeepCopy() *RateLimitFilter
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitFilter.
func (*RateLimitFilter) DeepCopyInto ¶
func (in *RateLimitFilter) DeepCopyInto(out *RateLimitFilter)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RateLimitFilter) DeepCopyObject ¶
func (in *RateLimitFilter) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RateLimitFilterList ¶
type RateLimitFilterList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []RateLimitFilter `json:"items"`
}
RateLimitFilterList contains a list of RateLimitFilter resources.
func (*RateLimitFilterList) DeepCopy ¶
func (in *RateLimitFilterList) DeepCopy() *RateLimitFilterList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitFilterList.
func (*RateLimitFilterList) DeepCopyInto ¶
func (in *RateLimitFilterList) DeepCopyInto(out *RateLimitFilterList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RateLimitFilterList) DeepCopyObject ¶
func (in *RateLimitFilterList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RateLimitFilterSpec ¶
type RateLimitFilterSpec struct {
// Type decides the scope for the RateLimits.
// Valid RateLimitType values are "Global".
//
// +unionDiscriminator
Type RateLimitType `json:"type"`
// Global defines global rate limit configuration.
//
// +optional
Global *GlobalRateLimit `json:"global,omitempty"`
}
RateLimitFilterSpec defines the desired state of RateLimitFilter. +union
func (*RateLimitFilterSpec) DeepCopy ¶
func (in *RateLimitFilterSpec) DeepCopy() *RateLimitFilterSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitFilterSpec.
func (*RateLimitFilterSpec) DeepCopyInto ¶
func (in *RateLimitFilterSpec) DeepCopyInto(out *RateLimitFilterSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitRule ¶
type RateLimitRule struct {
// ClientSelectors holds the list of select conditions to select
// specific clients using attributes from the traffic flow.
// All individual select conditions must hold True for this rule
// and its limit to be applied.
// If this field is empty, it is equivalent to True, and
// the limit is applied.
//
// +optional
// +kubebuilder:validation:MaxItems=8
ClientSelectors []RateLimitSelectCondition `json:"clientSelectors,omitempty"`
// Limit holds the rate limit values.
// This limit is applied for traffic flows when the selectors
// compute to True, causing the request to be counted towards the limit.
// The limit is enforced and the request is ratelimited, i.e. a response with
// 429 HTTP status code is sent back to the client when
// the selected requests have reached the limit.
Limit RateLimitValue `json:"limit"`
}
RateLimitRule defines the semantics for matching attributes from the incoming requests, and setting limits for them.
func (*RateLimitRule) DeepCopy ¶
func (in *RateLimitRule) DeepCopy() *RateLimitRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitRule.
func (*RateLimitRule) DeepCopyInto ¶
func (in *RateLimitRule) DeepCopyInto(out *RateLimitRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitSelectCondition ¶
type RateLimitSelectCondition struct {
// Headers is a list of request headers to match. Multiple header values are ANDed together,
// meaning, a request MUST match all the specified headers.
//
// +listType=map
// +listMapKey=name
// +optional
// +kubebuilder:validation:MaxItems=16
Headers []HeaderMatch `json:"headers,omitempty"`
// Deprecated: Use SourceCIDR instead.
// +optional
SourceIP *string `json:"sourceIP,omitempty"`
// SourceCIDR is the client IP Address range to match on.
//
// +optional
SourceCIDR *SourceMatch `json:"sourceCIDR,omitempty"`
}
RateLimitSelectCondition specifies the attributes within the traffic flow that can be used to select a subset of clients to be ratelimited. All the individual conditions must hold True for the overall condition to hold True.
func (*RateLimitSelectCondition) DeepCopy ¶
func (in *RateLimitSelectCondition) DeepCopy() *RateLimitSelectCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitSelectCondition.
func (*RateLimitSelectCondition) DeepCopyInto ¶
func (in *RateLimitSelectCondition) DeepCopyInto(out *RateLimitSelectCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitType ¶
type RateLimitType string
RateLimitType specifies the types of RateLimiting. +kubebuilder:validation:Enum=Global
const ( // GlobalRateLimitType allows the rate limits to be applied across all Envoy proxy instances. GlobalRateLimitType RateLimitType = "Global" )
type RateLimitUnit ¶
type RateLimitUnit string
RateLimitUnit specifies the intervals for setting rate limits. Valid RateLimitUnit values are "Second", "Minute", "Hour", and "Day".
+kubebuilder:validation:Enum=Second;Minute;Hour;Day
type RateLimitValue ¶
type RateLimitValue struct {
Requests uint `json:"requests"`
Unit RateLimitUnit `json:"unit"`
}
RateLimitValue defines the limits for rate limiting.
func (*RateLimitValue) DeepCopy ¶
func (in *RateLimitValue) DeepCopy() *RateLimitValue
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitValue.
func (*RateLimitValue) DeepCopyInto ¶
func (in *RateLimitValue) DeepCopyInto(out *RateLimitValue)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RemoteJWKS ¶
type RemoteJWKS struct {
// URI is the HTTPS URI to fetch the JWKS. Envoy's system trust bundle is used to
// validate the server certificate.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
URI string `json:"uri"`
}
RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote HTTP/HTTPS endpoint.
func (*RemoteJWKS) DeepCopy ¶
func (in *RemoteJWKS) DeepCopy() *RemoteJWKS
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteJWKS.
func (*RemoteJWKS) DeepCopyInto ¶
func (in *RemoteJWKS) DeepCopyInto(out *RemoteJWKS)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SourceMatch ¶ added in v0.5.0
type SourceMatch struct {
// +optional
// +kubebuilder:default=Exact
Type *SourceMatchType `json:"type,omitempty"`
// Value is the IP CIDR that represents the range of Source IP Addresses of the client.
// These could also be the intermediate addresses through which the request has flown through and is part of the `X-Forwarded-For` header.
// For example, `192.168.0.1/32`, `192.168.0.0/24`, `001:db8::/64`.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=256
Value string `json:"value"`
}
func (*SourceMatch) DeepCopy ¶ added in v0.5.0
func (in *SourceMatch) DeepCopy() *SourceMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceMatch.
func (*SourceMatch) DeepCopyInto ¶ added in v0.5.0
func (in *SourceMatch) DeepCopyInto(out *SourceMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SourceMatchType ¶ added in v0.5.0
type SourceMatchType string
const ( // SourceMatchExact All IP Addresses within the specified Source IP CIDR are treated as a single client selector // and share the same rate limit bucket. SourceMatchExact SourceMatchType = "Exact" // SourceMatchDistinct Each IP Address within the specified Source IP CIDR is treated as a distinct client selector // and uses a separate rate limit bucket/counter. SourceMatchDistinct SourceMatchType = "Distinct" )
Source Files
Directories