trafficpolicy

package
v1.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package trafficpolicy defines the types to represent traffic policies internally in the FSM control plane, and utility routines to process them.

Index

Constants

This section is empty.

Variables

View Source 
var WildCardRouteMatch = HTTPRouteMatch{
	Path:          constants.RegexMatchAll,
	PathMatchType: PathMatchRegex,
	Methods:       []string{constants.WildcardHTTPMethod},
}

WildCardRouteMatch represents a wildcard HTTP route match condition

Functions

func GetEgressTrafficMatchName 

func GetEgressTrafficMatchName(port int, protocol string) string

GetEgressTrafficMatchName returns the name for the TrafficMatch object based on its port and protocol

Types

type AccessControlTrafficMatch 

type AccessControlTrafficMatch struct {
	Name           string
	Port           uint32
	Protocol       string
	SourceIPRanges []string
	TLS            *policyv1alpha1.TLSSpec

	// RateLimit defines the rate limiting policy applied for this TrafficMatch
	// +optional
	RateLimit *policyv1alpha1.RateLimitSpec
}

AccessControlTrafficMatch defines the attributes to match access control traffic for a given backend

type AccessControlTrafficPolicy 

type AccessControlTrafficPolicy struct {
	TrafficMatches    []*AccessControlTrafficMatch
	HTTPRoutePolicies []*InboundTrafficPolicy
}

AccessControlTrafficPolicy defines the access control traffic match and routes for a given backend

type EgressClusterConfig 

type EgressClusterConfig struct {
	// Name defines the name of the external cluster
	Name string

	// Host defines the DNS resolvabe hostname for the external cluster.
	// If specified, the cluster's address will be resolved using DNS.
	// HTTP based clusters will set the Host attribute.
	// If unspecified, the cluster's address will be resolved to its original
	// destination in the request prior to being redirected by iptables.
	// TCP based clusters will not set the Host attribute.
	// +optional
	Host string

	// Port defines the port number of the external cluster's endpoint
	Port int

	// UpstreamTrafficSetting is the traffic setting for the upstream cluster
	UpstreamTrafficSetting *policyv1alpha1.UpstreamTrafficSetting

	// SourceMTLS defines the mTLS specification for the egress source.
	SourceMTLS *policyv1alpha1.EgressSourceMTLSSpec
}

EgressClusterConfig is the type used to represent an external cluster corresponding to a destination specified in an Egress policy.

func DeduplicateClusterConfigs 

func DeduplicateClusterConfigs(configs []*EgressClusterConfig) ([]*EgressClusterConfig, error)

DeduplicateClusterConfigs deduplicates the given slice of EgressClusterConfig objects, and an error if the deduplication cannot be performed.

type EgressGatewayConfig 

type EgressGatewayConfig struct {
	Service   string
	Namespace string
	Mode      string
	Weight    *int
	Endpoints []endpoint.Endpoint
}

EgressGatewayConfig is the type used to represent an egress gateway.

type EgressGatewayPolicy 

type EgressGatewayPolicy struct {
	Global []*EgressGatewayConfig
	Rules  []*EgressGatewayRule
}

EgressGatewayPolicy is the type used to represent the egress gateway policy configurations applicable to a client of Egress forward.

type EgressGatewayRule 

type EgressGatewayRule struct {
	Name           string
	Namespace      string
	EgressPolicies []EgressPolicyConfig
	EgressGateways []EgressGatewayConfig
}

EgressGatewayRule is the type used to represent a rule dispatching egress to gateway.

type EgressHTTPRouteConfig 

type EgressHTTPRouteConfig struct {
	// Name defines the name of the Egress HTTP route configuration
	Name string

	// Hostnames defines the list of hostnames corresponding to the Egress HTTP route configuration.
	// The Hostnames match against the :host header in the HTTP request and subject matching requests
	// to the routing rules defined by `RoutingRules`.
	Hostnames []string

	// RoutingRules defines the list of routes for the Egress HTTP route configuration, and corresponding
	// rules to be applied to those routes.
	RoutingRules []*EgressHTTPRoutingRule
}

EgressHTTPRouteConfig is the type used to represent an HTTP route configuration along with associated routing rules

type EgressHTTPRoutingRule 

type EgressHTTPRoutingRule struct {
	// Route defines the HTTP route match and its associated cluster.
	Route RouteWeightedClusters

	// AllowedDestinationIPRanges defines the destination IP ranges allowed for the `Route` defined in the routing rule.
	AllowedDestinationIPRanges []string
}

EgressHTTPRoutingRule is the type used to represent an Egress HTTP routing rule with its route and associated permissions

type EgressPolicyConfig 

type EgressPolicyConfig struct {
	Name      string
	Namespace string
}

EgressPolicyConfig is the type used to represent an egress policy.

type EgressTrafficPolicy 

type EgressTrafficPolicy struct {
	// TrafficMatches defines the list of traffic matches for matching Egress traffic.
	// The matches specified are used to match outbound traffic as Egress traffic, and
	// subject matching traffic to Egress traffic policies.
	TrafficMatches []*TrafficMatch

	// HTTPRouteConfigsPerPort defines the Egress HTTP route configurations per port.
	// Egress HTTP routes are grouped based on their port to avoid route conflicts that
	// can arise when the same host headers are to be routed differently based on the
	// port specified in an egress policy.
	HTTPRouteConfigsPerPort map[int][]*EgressHTTPRouteConfig

	// ClustersConfigs defines the list of Egress cluster configurations.
	// The specified config is used to program external clusters corresponding to
	// the external endpoints defined in an Egress policy.
	ClustersConfigs []*EgressClusterConfig
}

EgressTrafficPolicy is the type used to represent the different egress traffic policy configurations applicable to a client of Egress destinations.

type HTTPRouteMatch 

type HTTPRouteMatch struct {
	Path          string            `json:"path:omitempty"`
	PathMatchType PathMatchType     `json:"path_match_type:omitempty"`
	Methods       []string          `json:"methods:omitempty"`
	Headers       map[string]string `json:"headers:omitempty"`
}

HTTPRouteMatch is a struct to represent an HTTP route match comprised of an HTTP path, path matching type, methods, and headers

type HTTPRouteMatchWithWeightedClusters 

type HTTPRouteMatchWithWeightedClusters struct {
	UpstreamClusters []service.WeightedCluster
	RouteMatches     []HTTPRouteMatch
	HasSplitMatches  bool
}

HTTPRouteMatchWithWeightedClusters is a struct to represent an HTTP route match comprised of WeightedClusters, HTTPRouteMatches

type InboundMeshTrafficPolicy 

type InboundMeshTrafficPolicy struct {
	// TrafficMatches defines the list of traffic matches for matching inbound mesh traffic.
	// The matches specified are used to match inbound traffic as mesh traffic, and
	// subject matching traffic to mesh traffic policies.
	TrafficMatches []*TrafficMatch

	// HTTPRouteConfigsPerPort defines the inbound mesh HTTP route configurations per port.
	// Mesh HTTP routes are grouped based on their port to avoid route conflicts that
	// can arise when the same host headers are to be routed differently based on the port.
	HTTPRouteConfigsPerPort map[int][]*InboundTrafficPolicy

	// ClustersConfigs defines the list of mesh cluster configurations.
	// The specified config is used to program local clusters on the upstream server.
	ClustersConfigs []*MeshClusterConfig
}

InboundMeshTrafficPolicy is the type used to represent the inbound mesh traffic policy configurations applicable to an upstream server.

type InboundTrafficPolicy 

type InboundTrafficPolicy struct {
	Name      string   `json:"name:omitempty"`
	Hostnames []string `json:"hostnames"`
	Rules     []*Rule  `json:"rules:omitempty"`

	// RateLimit defines the rate limit settings applied at the virtual_host level
	// for the given set of hostnames (domains) corresponding to the virtual_host
	// +optional
	RateLimit *policyv1alpha1.RateLimitSpec `json:"rate_limit:omitempty"`
}

InboundTrafficPolicy is a struct that associates incoming traffic on a set of Hostnames with a list of Rules

func MergeInboundPolicies 

func MergeInboundPolicies(original []*InboundTrafficPolicy, latest ...*InboundTrafficPolicy) []*InboundTrafficPolicy

MergeInboundPolicies merges latest InboundTrafficPolicies into a slice of InboundTrafficPolicies that already exists (original) allowPartialHostnamesMatch when set to true merges inbound policies by partially comparing (subset of one another) the hostnames of the original traffic policy to the latest traffic policy A partial match on hostnames should be allowed for the following scenarios : 1. when an ingress policy is being merged with other ingress traffic policies or 2. when a policy having its hostnames from a host header needs to be merged with other inbound traffic policies in either of these cases the will be only a single hostname and there is a possibility that this hostname is part of an existing traffic policy hence the rules need to be merged

func NewInboundTrafficPolicy 

func NewInboundTrafficPolicy(name string, hostnames []string, upstreamTrafficSetting *policyv1alpha1.UpstreamTrafficSetting) *InboundTrafficPolicy

NewInboundTrafficPolicy takes a name, list of hostnames, UpstreamTrafficSetting, and returns an *InboundTrafficPolicy

type IngressTrafficMatch 

type IngressTrafficMatch struct {
	Name                     string
	Port                     uint32
	Protocol                 string
	SourceIPRanges           []string
	TLS                      *policyv1alpha1.TLSSpec
	ServerNames              []string
	SkipClientCertValidation bool

	// RateLimit defines the rate limiting policy applied for this TrafficMatch
	// +optional
	RateLimit *policyv1alpha1.RateLimitSpec
}

IngressTrafficMatch defines the attributes to match ingress traffic for a given backend

type IngressTrafficPolicy 

type IngressTrafficPolicy struct {
	TrafficMatches    []*IngressTrafficMatch
	HTTPRoutePolicies []*InboundTrafficPolicy
}

IngressTrafficPolicy defines the ingress traffic match and routes for a given backend

type MeshClusterConfig 

type MeshClusterConfig struct {
	// Name is the cluster's name, as referenced in an RDS route or TCP proxy filter
	Name string

	// Service is the MeshService the cluster corresponds to.
	Service service.MeshService

	// Address is the IP address/hostname of this cluster
	// This is set for local (upstream) clusters accepting traffic from a downstream client.
	// +optional
	Address string

	// Port is the port on which this cluster is listening for downstream connections.
	// This is set for local (upstream) clusters accepting traffic from a downstream client.
	// +optional
	Port uint32

	// EnableSidecarActiveHealthChecks enables Sidecar's active health checks for the cluster
	// +optional
	EnableSidecarActiveHealthChecks bool

	// UpstreamTrafficSetting is the traffic setting for the upstream cluster
	UpstreamTrafficSetting *policyv1alpha1.UpstreamTrafficSetting
}

MeshClusterConfig is the type used to represent a cluster configuration that is programmed for either: 1. A downstream to connect to an upstream cluster, OR 2. An upstream cluster to accept traffic from a downstream

type OutboundMeshTrafficPolicy 

type OutboundMeshTrafficPolicy struct {
	// TrafficMatches defines the list of traffic matches for matching outbound mesh traffic.
	// The matches specified are used to match outbound traffic as mesh traffic, and
	// subject matching traffic to mesh traffic policies.
	TrafficMatches []*TrafficMatch

	// HTTPRouteConfigsPerPort defines the outbound mesh HTTP route configurations per port.
	// Mesh HTTP routes are grouped based on their port to avoid route conflicts that
	// can arise when the same host headers are to be routed differently based on the port.
	HTTPRouteConfigsPerPort map[int][]*OutboundTrafficPolicy

	// ClustersConfigs defines the list of mesh cluster configurations.
	// The specified config is used to program clusters corresponding to
	// mesh destinations.
	ClustersConfigs []*MeshClusterConfig

	// ServicesResolvableSet defines the dns database
	ServicesResolvableSet map[string][]interface{}
}

OutboundMeshTrafficPolicy is the type used to represent the outbound mesh traffic policy configurations applicable to a downstream client.

type OutboundTrafficPolicy 

type OutboundTrafficPolicy struct {
	Name      string                   `json:"name:omitempty"`
	Hostnames []string                 `json:"hostnames"`
	Routes    []*RouteWeightedClusters `json:"routes:omitempty"`
}

OutboundTrafficPolicy is a struct that associates a list of Routes with outbound traffic on a set of Hostnames

func NewOutboundTrafficPolicy 

func NewOutboundTrafficPolicy(name string, hostnames []string) *OutboundTrafficPolicy

NewOutboundTrafficPolicy takes a name and list of hostnames and returns an *OutboundTrafficPolicy

func (*OutboundTrafficPolicy) AddRoute 

func (out *OutboundTrafficPolicy) AddRoute(httpRouteMatch HTTPRouteMatch, retryPolicy *policyv1alpha1.RetryPolicySpec, weightedClusters ...service.WeightedCluster) error

AddRoute adds a route to an OutboundTrafficPolicy given an HTTP route match and weighted cluster. If a Route with the given HTTP route match

already exists, an error will be returned. If a Route with the given HTTP route match does not exist, a Route with the given HTTP route match and weighted clusters will be added to the Routes on the OutboundTrafficPolicy

type PathMatchType 

type PathMatchType int

PathMatchType is the type used to represent the patch matching type: regex, exact, or prefix 

const (
	// PathMatchRegex is the type used to specify regex based path matching
	PathMatchRegex PathMatchType = iota

	// PathMatchExact is the type used to specify exact path matching
	PathMatchExact PathMatchType = iota

	// PathMatchPrefix is the type used to specify prefix based path matching
	PathMatchPrefix PathMatchType = iota
)

type Plugin 

type Plugin struct {
	// Name defines the Name of the plugin.
	Name string

	// priority defines the priority of the plugin.
	Priority float32

	// Script defines pipy script used by the PlugIn.
	Script string

	// BuildIn indicates PlugIn type.
	BuildIn bool
}

Plugin defines plugin

type PluginChain 

type PluginChain struct {
	pluginv1alpha1.PluginChainSpec
	Name      string
	Namespace string
}

PluginChain defines plugin chain

type PluginConfig 

type PluginConfig struct {
	pluginv1alpha1.PluginConfigSpec
	Name      string
	Namespace string
}

PluginConfig defines plugin config

type RouteWeightedClusters 

type RouteWeightedClusters struct {
	HTTPRouteMatch   HTTPRouteMatch                  `json:"http_route_match:omitempty"`
	WeightedClusters mapset.Set                      `json:"weighted_clusters:omitempty"`
	RetryPolicy      *policyv1alpha1.RetryPolicySpec `json:"retry_policy:omitempty"`

	// RateLimit defines the rate limit settings applied at the route level
	// for the given HTTPRouteMatch
	// +optional
	RateLimit *policyv1alpha1.HTTPPerRouteRateLimitSpec `json:"rate_limit:omitempty"`
}

RouteWeightedClusters is a struct of an HTTPRoute, associated weighted clusters and the domains

func NewRouteWeightedCluster 

func NewRouteWeightedCluster(route HTTPRouteMatch, weightedClusters []service.WeightedCluster, upstreamTrafficSetting *policyv1alpha1.UpstreamTrafficSetting) *RouteWeightedClusters

NewRouteWeightedCluster takes a route, weighted cluster, UpstreamTrafficSetting and returns a *RouteWeightedCluster

func (*RouteWeightedClusters) TotalClustersWeight 

func (rwc *RouteWeightedClusters) TotalClustersWeight() int

TotalClustersWeight returns total weight of the WeightedClusters in RouteWeightedClusters

type Rule 

type Rule struct {
	Route RouteWeightedClusters `json:"route:omitempty"`
	// Principals contain the trust domain already while identities do not.
	AllowedPrincipals mapset.Set `json:"allowed_principals:omitempty"`
}

Rule is a struct that represents which authenticated principals can access a Route. A principal is of the form <service-identity>.<trust-domain>. It can also contain wildcards.

func MergeRules 

func MergeRules(originalRules, latestRules []*Rule) []*Rule

MergeRules merges the give slices of rules such that there is one Rule for a Route with all allowed service accounts listed in the

returned slice of rules

type ServiceExportTrafficMatch 

type ServiceExportTrafficMatch struct {
	Name           string
	Port           uint32
	Protocol       string
	SourceIPRanges []string
	TLS            *policyv1alpha1.TLSSpec
}

ServiceExportTrafficMatch defines the attributes to match exported service traffic for a given backend

type ServiceExportTrafficPolicy 

type ServiceExportTrafficPolicy struct {
	TrafficMatches    []*ServiceExportTrafficMatch
	HTTPRoutePolicies []*InboundTrafficPolicy
}

ServiceExportTrafficPolicy defines the export service policy

type TCPRouteMatch 

type TCPRouteMatch struct {
	Ports []uint16 `json:"ports:omitempty"`
}

TCPRouteMatch is a struct to represent a TCP route matching based on ports

type TrafficMatch 

type TrafficMatch struct {
	// DestinationPort defines the destination port number
	DestinationPort int

	// DestinationProtocol defines the protocol served by DestinationPort
	DestinationProtocol string

	// DestinationIPRanges defines the list of destination IP ranges
	// +optional
	DestinationIPRanges []string

	// ServerNames defines the list of server names to be used as SNI when the
	// DestinationProtocol is TLS based, ex. when the DestinationProtocol is 'https'
	// +optional
	ServerNames []string

	// Cluster defines the cluster associated with this TrafficMatch, if possible.
	// A TrafficMatch corresponding to an HTTP based cluster will not make use of
	// this property since the cluster is determined based on the computed routes.
	// A TraficMatch corresponding to a TCP based cluster will make use of this
	// property to associate the match with the corresponding cluster.
	// +optional
	Cluster string

	// Name for the match object
	// +optional
	Name string

	// WeightedClusters is list of weighted clusters that this match should
	// route traffic to. This is used by TCP based mesh clusters.
	// +optional
	WeightedClusters []service.WeightedCluster

	// RateLimit defines the rate limiting policy applied for this TrafficMatch
	// +optional
	RateLimit *policyv1alpha1.RateLimitSpec

	EgressGateWay *string
}

TrafficMatch is the type used to represent attributes used to match traffic

func DeduplicateTrafficMatches 

func DeduplicateTrafficMatches(matches []*TrafficMatch) ([]*TrafficMatch, error)

DeduplicateTrafficMatches deduplicates the given slice of TrafficMatch objects, and an error if the deduplication cannot be performed. The order of elements in a slice field does not determine uniqueness.

type TrafficSpecMatchName 

type TrafficSpecMatchName string

TrafficSpecMatchName is the name of a match in SMI TrafficSpec

type TrafficSpecName 

type TrafficSpecName string

TrafficSpecName is the namespaced name of the SMI TrafficSpec

type TrafficTargetWithRoutes 

type TrafficTargetWithRoutes struct {
	Name            string                     `json:"name:omitempty"`
	Destination     identity.ServiceIdentity   `json:"destination:omitempty"`
	Sources         []identity.ServiceIdentity `json:"sources:omitempty"`
	TCPRouteMatches []TCPRouteMatch            `json:"tcp_route_matches:omitempty"`
}

TrafficTargetWithRoutes is a struct to represent an SMI TrafficTarget resource composed of its associated routes

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.