Documentation
¶
Overview ¶
Package ingress is a generated GoMock package.
Index ¶
- Constants
- Variables
- func EncodeGroupIDToReconcileRequest(gID GroupID) ctrl.Request
- func NewACMCertDiscovery(acmClient services.ACM, logger logr.Logger) *acmCertDiscovery
- func NewDefaultAuthConfigBuilder(annotationParser annotations.Parser) *defaultAuthConfigBuilder
- func NewDefaultEnhancedBackendBuilder(k8sClient client.Client, annotationParser annotations.Parser, ...) *defaultEnhancedBackendBuilder
- func NewDefaultFinalizerManager(k8sFinalizerManager k8s.FinalizerManager) *defaultFinalizerManager
- func NewDefaultGroupLoader(client client.Client, eventRecorder record.EventRecorder, ...) *defaultGroupLoader
- func NewDefaultModelBuilder(k8sClient client.Client, eventRecorder record.EventRecorder, ...) *defaultModelBuilder
- func NewDefaultReferenceIndexer(enhancedBackendBuilder EnhancedBackendBuilder, ...) *defaultReferenceIndexer
- func NewDefaultRuleOptimizer(logger logr.Logger) *defaultRuleOptimizer
- type Action
- type ActionType
- type AuthConfig
- type AuthConfigBuilder
- type AuthIDPConfigCognito
- type AuthIDPConfigOIDC
- type AuthType
- type CertDiscovery
- type ClassAnnotationMatcher
- type ClassConfiguration
- type ClassLoader
- type ClassifiedIngress
- type EnhancedBackend
- type EnhancedBackendBuildOption
- type EnhancedBackendBuildOptions
- type EnhancedBackendBuilder
- type FinalizerManager
- type FixedResponseActionConfig
- type ForwardActionConfig
- type Group
- type GroupID
- type GroupLoader
- type HTTPHeaderConditionConfig
- type HTTPRequestMethodConditionConfig
- type HostHeaderConditionConfig
- type MockCertDiscovery
- type MockCertDiscoveryMockRecorder
- type ModelBuilder
- type PathPatternConditionConfig
- type QueryStringConditionConfig
- type QueryStringKeyValuePair
- type RedirectActionConfig
- type ReferenceIndexer
- type Rule
- type RuleCondition
- type RuleConditionField
- type RuleOptimizer
- type SSLRedirectConfig
- type SourceIPConditionConfig
- type TargetGroupStickinessConfig
- type TargetGroupTuple
Constants ¶
View Source
const ( // IndexKeyServiceRefName is index key for services referenced by Ingress. IndexKeyServiceRefName = "ingress.serviceRef.name" // IndexKeySecretRefName is index key for secrets referenced by Ingress or Service. IndexKeySecretRefName = "ingress.secretRef.name" // IndexKeyIngressClassRefName is index key for ingressClass referenced by Ingress. IndexKeyIngressClassRefName = "ingress.ingressClassRef.name" // IndexKeyIngressClassParamsRefName is index key for ingressClassParams referenced by IngressClass. IndexKeyIngressClassParamsRefName = "ingressClass.ingressClassParamsRef.name" )
View Source
const (
// the controller name used in IngressClass for ALB.
IngressClassControllerALB = "ingress.k8s.aws/alb"
)
Variables ¶
View Source
var ErrInvalidIngressClass = errors.New("invalid ingress class")
ErrInvalidIngressClass is an sentinel error that represents the IngressClass configuration for Ingress is invalid.
Functions ¶
func EncodeGroupIDToReconcileRequest ¶
EncodeGroupIDToReconcileRequest encodes a GroupID into a controller-runtime reconcile request
func NewACMCertDiscovery ¶
NewACMCertDiscovery constructs new acmCertDiscovery
func NewDefaultAuthConfigBuilder ¶
func NewDefaultAuthConfigBuilder(annotationParser annotations.Parser) *defaultAuthConfigBuilder
NewDefaultAuthConfigBuilder constructs new defaultAuthConfigBuilder.
func NewDefaultEnhancedBackendBuilder ¶
func NewDefaultEnhancedBackendBuilder(k8sClient client.Client, annotationParser annotations.Parser, authConfigBuilder AuthConfigBuilder) *defaultEnhancedBackendBuilder
NewDefaultEnhancedBackendBuilder constructs new defaultEnhancedBackendBuilder.
func NewDefaultFinalizerManager ¶
func NewDefaultFinalizerManager(k8sFinalizerManager k8s.FinalizerManager) *defaultFinalizerManager
NewDefaultFinalizerManager constructs new defaultFinalizerManager
func NewDefaultGroupLoader ¶
func NewDefaultGroupLoader(client client.Client, eventRecorder record.EventRecorder, annotationParser annotations.Parser, classLoader ClassLoader, classAnnotationMatcher ClassAnnotationMatcher, manageIngressesWithoutIngressClass bool) *defaultGroupLoader
NewDefaultGroupLoader constructs new GroupLoader instance.
func NewDefaultModelBuilder ¶
func NewDefaultModelBuilder(k8sClient client.Client, eventRecorder record.EventRecorder, ec2Client services.EC2, acmClient services.ACM, annotationParser annotations.Parser, subnetsResolver networkingpkg.SubnetsResolver, authConfigBuilder AuthConfigBuilder, enhancedBackendBuilder EnhancedBackendBuilder, trackingProvider tracking.Provider, elbv2TaggingManager elbv2deploy.TaggingManager, featureGates config.FeatureGates, vpcID string, clusterName string, defaultTags map[string]string, externalManagedTags []string, defaultSSLPolicy string, defaultTargetType string, backendSGProvider networkingpkg.BackendSGProvider, sgResolver networkingpkg.SecurityGroupResolver, enableBackendSG bool, disableRestrictedSGRules bool, enableIPTargetType bool, logger logr.Logger) *defaultModelBuilder
NewDefaultModelBuilder constructs new defaultModelBuilder.
func NewDefaultReferenceIndexer ¶
func NewDefaultReferenceIndexer(enhancedBackendBuilder EnhancedBackendBuilder, authConfigBuilder AuthConfigBuilder, logger logr.Logger) *defaultReferenceIndexer
NewDefaultReferenceIndexer constructs new defaultReferenceIndexer.
func NewDefaultRuleOptimizer ¶
NewDefaultRuleOptimizer constructs new defaultRuleOptimizer.
Types ¶
type Action ¶
type Action struct {
// The type of action.
Type ActionType `json:"type"`
// The Amazon Resource Name (ARN) of the target group. Specify only when Type
// is forward and you want to route to a single target group. To route to one
// or more target groups, use ForwardConfig instead.
TargetGroupARN *string `json:"targetGroupARN"`
// [Application Load Balancer] Information for creating an action that returns a custom HTTP response.
// +optional
FixedResponseConfig *FixedResponseActionConfig `json:"fixedResponseConfig,omitempty"`
// [Application Load Balancer] Information for creating a redirect action.
// +optional
RedirectConfig *RedirectActionConfig `json:"redirectConfig,omitempty"`
// Information for creating an action that distributes requests among one or more target groups.
// +optional
ForwardConfig *ForwardActionConfig `json:"forwardConfig,omitempty"`
}
type ActionType ¶
type ActionType string
The type of action.
const ( ActionTypeFixedResponse ActionType = "fixed-response" ActionTypeForward ActionType = "forward" ActionTypeRedirect ActionType = "redirect" )
type AuthConfig ¶
type AuthConfig struct {
Type AuthType
IDPConfigCognito *AuthIDPConfigCognito
IDPConfigOIDC *AuthIDPConfigOIDC
OnUnauthenticatedRequest string
Scope string
SessionCookieName string
SessionTimeout int64
}
Auth config for Service / Ingresses
type AuthConfigBuilder ¶
type AuthConfigBuilder interface {
Build(ctx context.Context, svcAndIngAnnotations map[string]string) (AuthConfig, error)
}
AuthConfig builder can build auth configuration for service or ingresses.
type AuthIDPConfigCognito ¶
type AuthIDPConfigCognito struct {
// The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
UserPoolARN string `json:"userPoolARN"`
// The ID of the Amazon Cognito user pool client.
UserPoolClientID string `json:"userPoolClientID"`
// The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
UserPoolDomain string `json:"userPoolDomain"`
// The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
// +optional
AuthenticationRequestExtraParams map[string]string `json:"authenticationRequestExtraParams,omitempty"`
}
type AuthIDPConfigOIDC ¶
type AuthIDPConfigOIDC struct {
// The OIDC issuer identifier of the IdP.
Issuer string `json:"issuer"`
// The authorization endpoint of the IdP.
AuthorizationEndpoint string `json:"authorizationEndpoint"`
// The token endpoint of the IdP.
TokenEndpoint string `json:"tokenEndpoint"`
// The user info endpoint of the IdP.
UserInfoEndpoint string `json:"userInfoEndpoint"`
// The k8s secretName.
SecretName string `json:"secretName"`
// The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
// +optional
AuthenticationRequestExtraParams map[string]string `json:"authenticationRequestExtraParams,omitempty"`
}
configuration for IDP of OIDC
type CertDiscovery ¶
type CertDiscovery interface {
// Discover will try to find valid certificateARNs for each tlsHost.
Discover(ctx context.Context, tlsHosts []string) ([]string, error)
}
CertDiscovery is responsible for auto-discover TLS certificates for tls hosts.
type ClassAnnotationMatcher ¶
ClassAnnotationMatcher tests whether the kubernetes.io/ingress.class annotation on Ingresses matches the IngressClass of this controller.
func NewDefaultClassAnnotationMatcher ¶
func NewDefaultClassAnnotationMatcher(ingressClass string) ClassAnnotationMatcher
NewDefaultClassAnnotationMatcher constructs new defaultClassAnnotationMatcher.
type ClassConfiguration ¶
type ClassConfiguration struct {
// The IngressClass for Ingress if any.
IngClass *networking.IngressClass
// The IngressClassParams for Ingress if any.
IngClassParams *elbv2api.IngressClassParams
}
ClassConfiguration contains configurations for IngressClass
type ClassLoader ¶
type ClassLoader interface {
// Load loads the ClassConfiguration for Ingress with IngressClassName.
Load(ctx context.Context, ing *networking.Ingress) (ClassConfiguration, error)
}
ClassLoader loads IngressClass configurations for Ingress.
func NewDefaultClassLoader ¶
func NewDefaultClassLoader(client client.Client, loadParams bool) ClassLoader
NewDefaultClassLoader constructs new defaultClassLoader instance.
type ClassifiedIngress ¶
type ClassifiedIngress struct {
Ing *networking.Ingress
IngClassConfig ClassConfiguration
}
ClassifiedIngress is Ingress with it's associated IngressClass Configuration
func (ClassifiedIngress) GetObjectMeta ¶
func (c ClassifiedIngress) GetObjectMeta() metav1.Object
type EnhancedBackend ¶
type EnhancedBackend struct {
Conditions []RuleCondition
Action Action
AuthConfig AuthConfig
}
EnhancedBackend is an enhanced version of Ingress backend. It contains additional routing conditions and authentication configurations we parsed from annotations. Also, when magic string `use-annotation` is specified as backend, the actions will be parsed from annotations as well.
type EnhancedBackendBuildOption ¶
type EnhancedBackendBuildOption func(opts *EnhancedBackendBuildOptions)
func WithLoadAuthConfig ¶
func WithLoadAuthConfig(loadAuthConfig bool) EnhancedBackendBuildOption
WithLoadAuthConfig is a option that sets the LoadAuthConfig.
func WithLoadBackendServices ¶
func WithLoadBackendServices(loadBackendServices bool, backendServices map[types.NamespacedName]*corev1.Service) EnhancedBackendBuildOption
WithLoadBackendServices is a option that sets the WithLoadBackendServices and BackendServices.
type EnhancedBackendBuildOptions ¶
type EnhancedBackendBuildOptions struct {
// whether to load backend services
LoadBackendServices bool
// BackendServices contains all services referenced in Action, indexed by service's key.
// Note: we support to pass BackendServices during backend build, so that we can use the same service snapshot for same service during entire Ingress build process.
BackendServices map[types.NamespacedName]*corev1.Service
// whether to load auth configuration. when load authConfiguration, LoadBackendServices must be enabled as well.
LoadAuthConfig bool
}
func (*EnhancedBackendBuildOptions) ApplyOptions ¶
func (opts *EnhancedBackendBuildOptions) ApplyOptions(options ...EnhancedBackendBuildOption)
type EnhancedBackendBuilder ¶
type EnhancedBackendBuilder interface {
Build(ctx context.Context, ing *networking.Ingress, backend networking.IngressBackend, opts ...EnhancedBackendBuildOption) (EnhancedBackend, error)
}
EnhancedBackendBuilder is capable of build EnhancedBackend for Ingress backend.
type FinalizerManager ¶
type FinalizerManager interface {
// AddGroupFinalizer add Ingress group finalizer for active member Ingresses.
// Ingresses will be in-place updated.
AddGroupFinalizer(ctx context.Context, groupID GroupID, members []ClassifiedIngress) error
// RemoveGroupFinalizer remove Ingress group finalizer from inactive member Ingresses.
// Ingresses will be in-place updated.
RemoveGroupFinalizer(ctx context.Context, groupID GroupID, inactiveMembers []*networking.Ingress) error
}
FinalizerManager manages finalizer for ingresses.
type FixedResponseActionConfig ¶
type FixedResponseActionConfig struct {
// The content type.
// +optional
ContentType *string `json:"contentType,omitempty"`
// The message.
// +optional
MessageBody *string `json:"messageBody,omitempty"`
// The HTTP response code.
StatusCode string `json:"statusCode"`
}
Information about an action that returns a custom HTTP response.
type ForwardActionConfig ¶
type ForwardActionConfig struct {
// One or more target groups.
// [Network Load Balancers] you can specify a single target group.
TargetGroups []TargetGroupTuple `json:"targetGroups"`
// The target group stickiness for the rule.
// +optional
TargetGroupStickinessConfig *TargetGroupStickinessConfig `json:"targetGroupStickinessConfig,omitempty"`
}
Information about a forward action.
type Group ¶
type Group struct {
ID GroupID
// Members are Ingresses that is belong to this group.
Members []ClassifiedIngress
// InactiveMembers are Ingresses that no longer belong to this group, but still hold the finalizers.
InactiveMembers []*networking.Ingress
}
An Ingress Group is an group of Ingresses that should be hosted by a single LoadBalancer. It's our customization for Kubernetes's Ingress Spec, an Ingress group represents an "LoadBalancer", where each member Ingress defines rules for that LoadBalancer. There are two types of group: explicit and implicit. Explicit groups are defined by either annotation(group.name) on Ingress or field(group.name) on associated IngressClassParams Implicit groups are for ingresses without explicit group, each ingress become a standalone group of itself.
type GroupID ¶
type GroupID types.NamespacedName
GroupID is the unique identifier for an IngressGroup within cluster.
func DecodeGroupIDFromReconcileRequest ¶
DecodeGroupIDFromReconcileRequest decodes a GroupID from a controller-runtime reconcile request
func NewGroupIDForExplicitGroup ¶
NewGroupIDForExplicitGroup generates GroupID for an explicit group.
func NewGroupIDForImplicitGroup ¶
func NewGroupIDForImplicitGroup(ingKey types.NamespacedName) GroupID
NewGroupIDForImplicitGroup generates GroupID for an implicit group.
func (GroupID) IsExplicit ¶
IsExplicit tests whether this is an explicit group. Explicit groups are defined by either:
- annotation on Ingress: `group.name`
- field on associated IngressClassParams: `group.name`
type GroupLoader ¶
type GroupLoader interface {
// Load returns an Ingress group given groupID.
Load(ctx context.Context, groupID GroupID) (Group, error)
// LoadGroupIDIfAny loads the groupID for Ingress if Ingress belong to any IngressGroup.
// Ingresses that is not managed by this controller or in deletion state won't have a groupID.
LoadGroupIDIfAny(ctx context.Context, ing *networking.Ingress) (*GroupID, error)
// LoadGroupIDsPendingFinalization returns groupIDs that have associated finalizer on Ingress.
LoadGroupIDsPendingFinalization(ctx context.Context, ing *networking.Ingress) []GroupID
}
GroupLoader loads Ingress groups.
type HTTPHeaderConditionConfig ¶
type HTTPHeaderConditionConfig struct {
// The name of the HTTP header field.
HTTPHeaderName string `json:"httpHeaderName"`
// One or more strings to compare against the value of the HTTP header.
Values []string `json:"values"`
}
Information for an HTTP header condition.
type HTTPRequestMethodConditionConfig ¶
type HTTPRequestMethodConditionConfig struct {
// The name of the request method.
Values []string `json:"values"`
}
Information for an HTTP method condition.
type HostHeaderConditionConfig ¶
type HostHeaderConditionConfig struct {
// One or more host names.
Values []string `json:"values"`
}
Information for a host header condition.
type MockCertDiscovery ¶
type MockCertDiscovery struct {
// contains filtered or unexported fields
}
MockCertDiscovery is a mock of CertDiscovery interface.
func NewMockCertDiscovery ¶
func NewMockCertDiscovery(ctrl *gomock.Controller) *MockCertDiscovery
NewMockCertDiscovery creates a new mock instance.
func (*MockCertDiscovery) EXPECT ¶
func (m *MockCertDiscovery) EXPECT() *MockCertDiscoveryMockRecorder
EXPECT returns an object that allows the caller to indicate expected use.
type MockCertDiscoveryMockRecorder ¶
type MockCertDiscoveryMockRecorder struct {
// contains filtered or unexported fields
}
MockCertDiscoveryMockRecorder is the mock recorder for MockCertDiscovery.
func (*MockCertDiscoveryMockRecorder) Discover ¶
func (mr *MockCertDiscoveryMockRecorder) Discover(arg0, arg1 interface{}) *gomock.Call
Discover indicates an expected call of Discover.
type ModelBuilder ¶
type ModelBuilder interface {
// build mode stack for a IngressGroup.
Build(ctx context.Context, ingGroup Group) (core.Stack, *elbv2model.LoadBalancer, []types.NamespacedName, bool, error)
}
ModelBuilder is responsible for build mode stack for a IngressGroup.
type PathPatternConditionConfig ¶
type PathPatternConditionConfig struct {
// One or more path patterns to compare against the request URL.
Values []string `json:"values"`
}
Information about a path pattern condition.
type QueryStringConditionConfig ¶
type QueryStringConditionConfig struct {
// One or more key/value pairs or values to find in the query string.
Values []QueryStringKeyValuePair `json:"values"`
}
Information about a query string condition.
type QueryStringKeyValuePair ¶
type QueryStringKeyValuePair struct {
// The key.
// +optional
Key *string `json:"key,omitempty"`
// The value.
Value string `json:"value"`
}
Information about a key/value pair.
type RedirectActionConfig ¶
type RedirectActionConfig struct {
// The hostname.
// +optional
Host *string `json:"host,omitempty"`
// The absolute path.
// +optional
Path *string `json:"path,omitempty"`
// The port.
// +optional
Port *string `json:"port,omitempty"`
// The protocol.
// +optional
Protocol *string `json:"protocol,omitempty"`
// The query parameters
// +optional
Query *string `json:"query,omitempty"`
// The HTTP redirect code.
StatusCode string `json:"statusCode"`
}
Information about a redirect action.
type ReferenceIndexer ¶
type ReferenceIndexer interface {
// BuildServiceRefIndexes returns the name of related Service objects.
BuildServiceRefIndexes(ctx context.Context, ing *networking.Ingress) []string
// BuildSecretRefIndexes returns the name of related Secret objects.
BuildSecretRefIndexes(ctx context.Context, ingOrSvc client.Object) []string
// BuildIngressClassRefIndexes returns the name of related IngressClass objects.
BuildIngressClassRefIndexes(ctx context.Context, ing *networking.Ingress) []string
// BuildIngressClassParamsRefIndexes returns the name of related IngressClassParams objects.
BuildIngressClassParamsRefIndexes(ctx context.Context, ingClass *networking.IngressClass) []string
}
ReferenceIndexer has the ability to index Ingresses with referenced objects.
type Rule ¶
type Rule struct {
Conditions []elbv2model.RuleCondition
Actions []elbv2model.Action
Tags map[string]string
}
type RuleCondition ¶
type RuleCondition struct {
// The field in the HTTP request.
Field RuleConditionField `json:"field"`
// Information for a host header condition.
HostHeaderConfig *HostHeaderConditionConfig `json:"hostHeaderConfig"`
// Information for an HTTP header condition.
HTTPHeaderConfig *HTTPHeaderConditionConfig `json:"httpHeaderConfig"`
// Information for an HTTP method condition.
HTTPRequestMethodConfig *HTTPRequestMethodConditionConfig `json:"httpRequestMethodConfig"`
// Information for a path pattern condition.
PathPatternConfig *PathPatternConditionConfig `json:"pathPatternConfig"`
// Information for a query string condition.
QueryStringConfig *QueryStringConditionConfig `json:"queryStringConfig"`
// Information for a source IP condition.
SourceIPConfig *SourceIPConditionConfig `json:"sourceIPConfig"`
}
Information about a condition for a rule.
func (*RuleCondition) Validate ¶
func (c *RuleCondition) Validate() error
type RuleConditionField ¶
type RuleConditionField string
const ( RuleConditionFieldHTTPHeader RuleConditionField = "http-header" RuleConditionFieldHTTPRequestMethod RuleConditionField = "http-request-method" RuleConditionFieldHostHeader RuleConditionField = "host-header" RuleConditionFieldPathPattern RuleConditionField = "path-pattern" RuleConditionFieldQueryString RuleConditionField = "query-string" RuleConditionFieldSourceIP RuleConditionField = "source-ip" )
type RuleOptimizer ¶
type RuleOptimizer interface {
Optimize(ctx context.Context, port int64, protocol elbv2model.Protocol, rules []Rule) ([]Rule, error)
}
RuleOptimizer will optimize the listener Rules for a single Listener.
type SSLRedirectConfig ¶
type SSLRedirectConfig struct {
// The SSLPort to redirect to for all HTTP port
SSLPort int64
// The HTTP response code.
StatusCode string
}
SSLRedirectConfig contains configuration for SSLRedirect feature.
type SourceIPConditionConfig ¶
type SourceIPConditionConfig struct {
// One or more source IP addresses, in CIDR format.
Values []string `json:"values"`
}
Information about a source IP condition.
type TargetGroupStickinessConfig ¶
type TargetGroupStickinessConfig struct {
// Indicates whether target group stickiness is enabled.
// +optional
Enabled *bool `json:"enabled,omitempty"`
// The time period, in seconds, during which requests from a client should be routed to the same target group.
// +optional
DurationSeconds *int64 `json:"durationSeconds,omitempty"`
}
Information about the target group stickiness for a rule.
type TargetGroupTuple ¶
type TargetGroupTuple struct {
// The Amazon Resource Name (ARN) of the target group.
TargetGroupARN *string `json:"targetGroupARN"`
// the K8s service Name
ServiceName *string `json:"serviceName"`
// the K8s service port
ServicePort *intstr.IntOrString `json:"servicePort"`
// The weight.
// +optional
Weight *int64 `json:"weight,omitempty"`
}
Information about how traffic will be distributed between multiple target groups in a forward rule.
Source Files
¶
- auth_config_builder.go
- cert_discovery.go
- cert_discovery_mocks.go
- class.go
- class_annotation_matcher.go
- class_loader.go
- config_types.go
- enhanced_backend_builder.go
- finalizer.go
- group.go
- group_loader.go
- model_build_actions.go
- model_build_listener.go
- model_build_listener_rules.go
- model_build_load_balancer.go
- model_build_load_balancer_addons.go
- model_build_load_balancer_attributes.go
- model_build_managed_sg.go
- model_build_tags.go
- model_build_target_group.go
- model_builder.go
- reference_indexer.go
- rule_optimizer.go
- ssl_redirect_config.go
Click to show internal directories.
Click to hide internal directories.