ingress

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 26, 2025 License: BSD-3-Clause Imports: 5 Imported by: 0

Documentation

Overview

Package ingress provides conversion from Gateway API HTTPRoute resources to Cloudflare Tunnel ingress configuration.

Overview

The Builder type converts a list of HTTPRoute resources into Cloudflare tunnel ingress rules. It handles:

  • Hostname extraction from HTTPRoute.spec.hostnames
  • Path matching (Exact and PathPrefix types)
  • Backend service resolution to cluster-internal URLs
  • Rule ordering by priority and path specificity

Path Matching

The builder supports two path match types as defined by Gateway API:

  • PathMatchExact: Matches the path exactly (priority 1)
  • PathMatchPathPrefix: Matches paths with the given prefix (priority 0)

Rules are sorted by hostname, then by priority (exact matches first), then by path length (longer paths first for prefix matches).

Service Resolution

Backend references are resolved to fully-qualified cluster DNS names: 

http://<service>.<namespace>.svc.<cluster-domain>:<port>

Port 443 automatically uses HTTPS scheme.

Catch-All Rule

A catch-all rule returning HTTP 404 is always appended as the last rule, as required by Cloudflare Tunnel configuration.

Index

Constants

View Source 
const (
	// CatchAllService is the Cloudflare Tunnel service that returns HTTP 404.
	// It is always added as the last rule in the ingress configuration.
	CatchAllService = "http_status:404"

	// DefaultHTTPPort is the default port for HTTP backend services.
	DefaultHTTPPort = 80

	// DefaultHTTPSPort is the default port for HTTPS backend services.
	DefaultHTTPSPort = 443
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Builder 

type Builder struct {
	// ClusterDomain is the Kubernetes cluster domain suffix for service DNS.
	// Typically "cluster.local".
	ClusterDomain string
}

Builder converts Gateway API HTTPRoute resources to Cloudflare Tunnel ingress configuration rules.

func NewBuilder 

func NewBuilder(clusterDomain string) *Builder

NewBuilder creates a new Builder with the specified cluster domain.

func (*Builder) Build 

func (b *Builder) Build(routes []gatewayv1.HTTPRoute) []zero_trust.TunnelCloudflaredConfigurationUpdateParamsConfigIngress

Build converts a list of HTTPRoute resources to Cloudflare Tunnel ingress rules.

Rules are sorted by:

  1. Hostname (alphabetically)
  2. Priority (exact matches before prefix matches)
  3. Path length (longer paths first for specificity)

A catch-all rule returning HTTP 404 is always appended as the last rule.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.