forked from envoyproxy/gateway
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into security-policy-design
Signed-off-by: zirain <zirain2009@gmail.com>
- Loading branch information
Showing
583 changed files
with
21,321 additions
and
4,892 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
// Copyright Envoy Gateway Authors | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// The full text of the Apache license is available in the LICENSE file at | ||
// the root of the repo. | ||
|
||
package v1alpha1 | ||
|
||
import ( | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" | ||
) | ||
|
||
const ( | ||
// KindBackendTrafficPolicy is the name of the BackendTrafficPolicy kind. | ||
KindBackendTrafficPolicy = "BackendTrafficPolicy" | ||
) | ||
|
||
// +kubebuilder:object:root=true | ||
// +kubebuilder:resource:shortName=btpolicy | ||
// +kubebuilder:subresource:status | ||
// +kubebuilder:subresource:overrideStrategy | ||
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Accepted")].reason` | ||
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` | ||
// | ||
// BackendTrafficPolicy allows the user to configure the behavior of the connection | ||
// between the downstream client and Envoy Proxy listener. | ||
type BackendTrafficPolicy struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ObjectMeta `json:"metadata,omitempty"` | ||
|
||
// spec defines the desired state of BackendTrafficPolicy. | ||
Spec BackendTrafficPolicySpec `json:"spec"` | ||
|
||
// status defines the current status of BackendTrafficPolicy. | ||
Status BackendTrafficPolicyStatus `json:"status,omitempty"` | ||
} | ||
|
||
// spec defines the desired state of BackendTrafficPolicy. | ||
type BackendTrafficPolicySpec struct { | ||
|
||
// +kubebuilder:validation:XValidation:rule="self.kind == 'Gateway' || self.kind == 'HTTPRoute' || self.kind == 'GRPCRoute' || self.kind == 'UDPRoute' || self.kind == 'TCPRoute' || self.kind == 'TLSRoute'", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute" | ||
// | ||
// targetRef is the name of the resource this policy | ||
// is being attached to. | ||
// This Policy and the TargetRef MUST be in the same namespace | ||
// for this Policy to have effect and be applied to the Gateway. | ||
TargetRef gwapiv1a2.PolicyTargetReferenceWithSectionName `json:"targetRef"` | ||
} | ||
|
||
// BackendTrafficPolicyStatus defines the state of BackendTrafficPolicy | ||
type BackendTrafficPolicyStatus struct { | ||
// Conditions describe the current conditions of the BackendTrafficPolicy. | ||
// | ||
// +optional | ||
// +listType=map | ||
// +listMapKey=type | ||
// +kubebuilder:validation:MaxItems=8 | ||
Conditions []metav1.Condition `json:"conditions,omitempty"` | ||
} | ||
|
||
// +kubebuilder:object:root=true | ||
// BackendTrafficPolicyList contains a list of BackendTrafficPolicy resources. | ||
type BackendTrafficPolicyList struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ListMeta `json:"metadata,omitempty"` | ||
Items []BackendTrafficPolicy `json:"items"` | ||
} | ||
|
||
func init() { | ||
SchemeBuilder.Register(&BackendTrafficPolicy{}, &BackendTrafficPolicyList{}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
// Copyright Envoy Gateway Authors | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// The full text of the Apache license is available in the LICENSE file at | ||
// the root of the repo. | ||
|
||
package v1alpha1 | ||
|
||
// EnvoyGatewayMetrics defines control plane push/pull metrics configurations. | ||
type EnvoyGatewayMetrics struct { | ||
// Sinks defines the metric sinks where metrics are sent to. | ||
Sinks []EnvoyGatewayMetricSink `json:"sinks,omitempty"` | ||
// Prometheus defines the configuration for prometheus endpoint. | ||
Prometheus *EnvoyGatewayPrometheusProvider `json:"prometheus,omitempty"` | ||
} | ||
|
||
// EnvoyGatewayMetricSink defines control plane | ||
// metric sinks where metrics are sent to. | ||
type EnvoyGatewayMetricSink struct { | ||
// Type defines the metric sink type. | ||
// EG control plane currently supports OpenTelemetry. | ||
// +kubebuilder:validation:Enum=OpenTelemetry | ||
// +kubebuilder:default=OpenTelemetry | ||
Type MetricSinkType `json:"type"` | ||
// OpenTelemetry defines the configuration for OpenTelemetry sink. | ||
// It's required if the sink type is OpenTelemetry. | ||
OpenTelemetry *EnvoyGatewayOpenTelemetrySink `json:"openTelemetry,omitempty"` | ||
} | ||
|
||
type EnvoyGatewayOpenTelemetrySink struct { | ||
// Host define the sink service hostname. | ||
Host string `json:"host"` | ||
// Protocol define the sink service protocol. | ||
// +kubebuilder:validation:Enum=grpc;http | ||
Protocol string `json:"protocol"` | ||
// Port defines the port the sink service is exposed on. | ||
// | ||
// +optional | ||
// +kubebuilder:validation:Minimum=0 | ||
// +kubebuilder:default=4317 | ||
Port int32 `json:"port,omitempty"` | ||
} | ||
|
||
// EnvoyGatewayPrometheusProvider will expose prometheus endpoint in pull mode. | ||
type EnvoyGatewayPrometheusProvider struct { | ||
// Disable defines if disables the prometheus metrics in pull mode. | ||
// | ||
Disable bool `json:"disable,omitempty"` | ||
} |
Oops, something went wrong.