Documentation
¶
Index ¶
- Variables
- func BuildGRPCIngressRules(routes []gwapiv1.GRPCRoute) []cf.UnvalidatedIngressRule
- func BuildIngressRules(routes []gwapiv1.HTTPRoute) []cf.UnvalidatedIngressRule
- func BuildTCPIngressRules(routes []gwapiv1alpha2.TCPRoute) []cf.UnvalidatedIngressRule
- func BuildTLSIngressRules(routes []gwapiv1alpha2.TLSRoute) []cf.UnvalidatedIngressRule
- func BuildTunnelToken(accountID, tunnelID string, secret []byte) string
- func MergeOriginRequest(base *cf.OriginRequestConfig, annotations *cf.OriginRequestConfig) *cf.OriginRequestConfig
- func ParseOriginAnnotations(annotations map[string]string) (*cf.OriginRequestConfig, []string)
- type APIClient
Constants ¶
This section is empty.
Variables ¶
var ErrTunnelNotFound = errors.New("tunnel not found")
ErrTunnelNotFound is returned when no matching tunnel exists.
Functions ¶
func BuildGRPCIngressRules ¶
func BuildGRPCIngressRules(routes []gwapiv1.GRPCRoute) []cf.UnvalidatedIngressRule
BuildGRPCIngressRules converts GRPCRoutes into Cloudflare tunnel ingress rules. Every rule gets http2Origin=true since gRPC requires HTTP/2. Does NOT append a catch-all rule — the caller is responsible for that.
func BuildIngressRules ¶
func BuildIngressRules(routes []gwapiv1.HTTPRoute) []cf.UnvalidatedIngressRule
BuildIngressRules converts HTTPRoutes into Cloudflare tunnel ingress rules. Does NOT append a catch-all rule — the caller is responsible for that.
func BuildTCPIngressRules ¶
func BuildTCPIngressRules(routes []gwapiv1alpha2.TCPRoute) []cf.UnvalidatedIngressRule
BuildTCPIngressRules converts TCPRoutes into Cloudflare tunnel ingress rules. TCPRoutes have no hostnames — they are port-based and map to tcp:// backends. Does NOT append a catch-all rule — the caller is responsible for that.
func BuildTLSIngressRules ¶
func BuildTLSIngressRules(routes []gwapiv1alpha2.TLSRoute) []cf.UnvalidatedIngressRule
BuildTLSIngressRules converts TLSRoutes into Cloudflare tunnel ingress rules. TLSRoutes map SNI hostnames to HTTPS backends with noTLSVerify. Does NOT append a catch-all rule — the caller is responsible for that.
func BuildTunnelToken ¶
BuildTunnelToken assembles the cloudflared tunnel token. Format: base64(json({"a": accountID, "t": tunnelID, "s": base64(secret)}))
func MergeOriginRequest ¶
func MergeOriginRequest(base *cf.OriginRequestConfig, annotations *cf.OriginRequestConfig) *cf.OriginRequestConfig
MergeOriginRequest merges annotation-based config into an existing OriginRequestConfig. Annotation values do NOT override values already set by filters or policies.
func ParseOriginAnnotations ¶
func ParseOriginAnnotations(annotations map[string]string) (*cf.OriginRequestConfig, []string)
ParseOriginAnnotations extracts Cloudflare-specific origin request configuration from resource annotations with the tunnels.cloudflare.com/ prefix. Returns the config (or nil if no valid annotations found) and any warnings for annotations that were recognized but had invalid values.
Types ¶
type APIClient ¶
type APIClient interface {
CreateTunnel(ctx context.Context, name string, secret []byte) (cf.Tunnel, error)
GetTunnelByName(ctx context.Context, name string) (cf.Tunnel, error)
DeleteTunnel(ctx context.Context, id string) error
UpdateTunnelConfiguration(ctx context.Context, tunnelID string, ingress []cf.UnvalidatedIngressRule) error
AccountID() string
}
APIClient defines the Cloudflare tunnel operations needed by the controller.
func NewClientFromEnv ¶
NewClientFromEnv creates a new Cloudflare API client from environment variables. Requires CLOUDFLARE_ACCOUNT_ID and CLOUDFLARE_API_TOKEN.
Source Files