github.com/nginxinc/kubernetes-ingress@v1.12.5/pkg/apis/configuration/v1/types.go (about) 1 package v1 2 3 import ( 4 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 5 ) 6 7 const ( 8 // StateWarning is used when the resource has been validated and accepted but it might work in a degraded state. 9 StateWarning = "Warning" 10 // StateValid is used when the resource has been validated and accepted and is working as expected. 11 StateValid = "Valid" 12 // StateInvalid is used when the resource failed validation or NGINX failed to reload the corresponding config. 13 StateInvalid = "Invalid" 14 ) 15 16 // +genclient 17 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 18 // +kubebuilder:validation:Optional 19 // +kubebuilder:resource:shortName=vs 20 // +kubebuilder:subresource:status 21 // +kubebuilder:printcolumn:name="State",type=string,JSONPath=`.status.state`,description="Current state of the VirtualServer. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller." 22 // +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.spec.host` 23 // +kubebuilder:printcolumn:name="IP",type=string,JSONPath=`.status.externalEndpoints[*].ip` 24 // +kubebuilder:printcolumn:name="Ports",type=string,JSONPath=`.status.externalEndpoints[*].ports` 25 // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` 26 27 // VirtualServer defines the VirtualServer resource. 28 type VirtualServer struct { 29 metav1.TypeMeta `json:",inline"` 30 metav1.ObjectMeta `json:"metadata,omitempty"` 31 32 Spec VirtualServerSpec `json:"spec"` 33 Status VirtualServerStatus `json:"status"` 34 } 35 36 // VirtualServerSpec is the spec of the VirtualServer resource. 37 type VirtualServerSpec struct { 38 IngressClass string `json:"ingressClassName"` 39 Host string `json:"host"` 40 TLS *TLS `json:"tls"` 41 Policies []PolicyReference `json:"policies"` 42 Upstreams []Upstream `json:"upstreams"` 43 Routes []Route `json:"routes"` 44 HTTPSnippets string `json:"http-snippets"` 45 ServerSnippets string `json:"server-snippets"` 46 } 47 48 // PolicyReference references a policy by name and an optional namespace. 49 type PolicyReference struct { 50 Name string `json:"name"` 51 Namespace string `json:"namespace"` 52 } 53 54 // Upstream defines an upstream. 55 type Upstream struct { 56 Name string `json:"name"` 57 Service string `json:"service"` 58 Subselector map[string]string `json:"subselector"` 59 Port uint16 `json:"port"` 60 LBMethod string `json:"lb-method"` 61 FailTimeout string `json:"fail-timeout"` 62 MaxFails *int `json:"max-fails"` 63 MaxConns *int `json:"max-conns"` 64 Keepalive *int `json:"keepalive"` 65 ProxyConnectTimeout string `json:"connect-timeout"` 66 ProxyReadTimeout string `json:"read-timeout"` 67 ProxySendTimeout string `json:"send-timeout"` 68 ProxyNextUpstream string `json:"next-upstream"` 69 ProxyNextUpstreamTimeout string `json:"next-upstream-timeout"` 70 ProxyNextUpstreamTries int `json:"next-upstream-tries"` 71 ProxyBuffering *bool `json:"buffering"` 72 ProxyBuffers *UpstreamBuffers `json:"buffers"` 73 ProxyBufferSize string `json:"buffer-size"` 74 ClientMaxBodySize string `json:"client-max-body-size"` 75 TLS UpstreamTLS `json:"tls"` 76 HealthCheck *HealthCheck `json:"healthCheck"` 77 SlowStart string `json:"slow-start"` 78 Queue *UpstreamQueue `json:"queue"` 79 SessionCookie *SessionCookie `json:"sessionCookie"` 80 UseClusterIP bool `json:"use-cluster-ip"` 81 } 82 83 // UpstreamBuffers defines Buffer Configuration for an Upstream. 84 type UpstreamBuffers struct { 85 Number int `json:"number"` 86 Size string `json:"size"` 87 } 88 89 // UpstreamTLS defines a TLS configuration for an Upstream. 90 type UpstreamTLS struct { 91 Enable bool `json:"enable"` 92 } 93 94 // HealthCheck defines the parameters for active Upstream HealthChecks. 95 type HealthCheck struct { 96 Enable bool `json:"enable"` 97 Path string `json:"path"` 98 Interval string `json:"interval"` 99 Jitter string `json:"jitter"` 100 Fails int `json:"fails"` 101 Passes int `json:"passes"` 102 Port int `json:"port"` 103 TLS *UpstreamTLS `json:"tls"` 104 ConnectTimeout string `json:"connect-timeout"` 105 ReadTimeout string `json:"read-timeout"` 106 SendTimeout string `json:"send-timeout"` 107 Headers []Header `json:"headers"` 108 StatusMatch string `json:"statusMatch"` 109 } 110 111 // Header defines an HTTP Header. 112 type Header struct { 113 Name string `json:"name"` 114 Value string `json:"value"` 115 } 116 117 // SessionCookie defines the parameters for session persistence. 118 type SessionCookie struct { 119 Enable bool `json:"enable"` 120 Name string `json:"name"` 121 Path string `json:"path"` 122 Expires string `json:"expires"` 123 Domain string `json:"domain"` 124 HTTPOnly bool `json:"httpOnly"` 125 Secure bool `json:"secure"` 126 } 127 128 // Route defines a route. 129 type Route struct { 130 Path string `json:"path"` 131 Policies []PolicyReference `json:"policies"` 132 Route string `json:"route"` 133 Action *Action `json:"action"` 134 Splits []Split `json:"splits"` 135 Matches []Match `json:"matches"` 136 ErrorPages []ErrorPage `json:"errorPages"` 137 LocationSnippets string `json:"location-snippets"` 138 } 139 140 // Action defines an action. 141 type Action struct { 142 Pass string `json:"pass"` 143 Redirect *ActionRedirect `json:"redirect"` 144 Return *ActionReturn `json:"return"` 145 Proxy *ActionProxy `json:"proxy"` 146 } 147 148 // ActionRedirect defines a redirect in an Action. 149 type ActionRedirect struct { 150 URL string `json:"url"` 151 Code int `json:"code"` 152 } 153 154 // ActionReturn defines a return in an Action. 155 type ActionReturn struct { 156 Code int `json:"code"` 157 Type string `json:"type"` 158 Body string `json:"body"` 159 } 160 161 // ActionProxy defines a proxy in an Action. 162 type ActionProxy struct { 163 Upstream string `json:"upstream"` 164 RewritePath string `json:"rewritePath"` 165 RequestHeaders *ProxyRequestHeaders `json:"requestHeaders"` 166 ResponseHeaders *ProxyResponseHeaders `json:"responseHeaders"` 167 } 168 169 // ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. 170 type ProxyRequestHeaders struct { 171 Pass *bool `json:"pass"` 172 Set []Header `json:"set"` 173 } 174 175 // ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. 176 type ProxyResponseHeaders struct { 177 Hide []string `json:"hide"` 178 Pass []string `json:"pass"` 179 Ignore []string `json:"ignore"` 180 Add []AddHeader `json:"add"` 181 } 182 183 // AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. 184 type AddHeader struct { 185 Header `json:",inline"` 186 Always bool `json:"always"` 187 } 188 189 // Split defines a split. 190 type Split struct { 191 Weight int `json:"weight"` 192 Action *Action `json:"action"` 193 } 194 195 // Condition defines a condition in a MatchRule. 196 type Condition struct { 197 Header string `json:"header"` 198 Cookie string `json:"cookie"` 199 Argument string `json:"argument"` 200 Variable string `json:"variable"` 201 Value string `json:"value"` 202 } 203 204 // Match defines a match. 205 type Match struct { 206 Conditions []Condition `json:"conditions"` 207 Action *Action `json:"action"` 208 Splits []Split `json:"splits"` 209 } 210 211 // ErrorPage defines an ErrorPage in a Route. 212 type ErrorPage struct { 213 Codes []int `json:"codes"` 214 Return *ErrorPageReturn `json:"return"` 215 Redirect *ErrorPageRedirect `json:"redirect"` 216 } 217 218 // ErrorPageReturn defines a return for an ErrorPage. 219 type ErrorPageReturn struct { 220 ActionReturn `json:",inline"` 221 Headers []Header `json:"headers"` 222 } 223 224 // ErrorPageRedirect defines a redirect for an ErrorPage. 225 type ErrorPageRedirect struct { 226 ActionRedirect `json:",inline"` 227 } 228 229 // TLS defines TLS configuration for a VirtualServer. 230 type TLS struct { 231 Secret string `json:"secret"` 232 Redirect *TLSRedirect `json:"redirect"` 233 } 234 235 // TLSRedirect defines a redirect for a TLS. 236 type TLSRedirect struct { 237 Enable bool `json:"enable"` 238 Code *int `json:"code"` 239 BasedOn string `json:"basedOn"` 240 } 241 242 // VirtualServerStatus defines the status for the VirtualServer resource. 243 type VirtualServerStatus struct { 244 State string `json:"state"` 245 Reason string `json:"reason"` 246 Message string `json:"message"` 247 ExternalEndpoints []ExternalEndpoint `json:"externalEndpoints,omitempty"` 248 } 249 250 // ExternalEndpoint defines the IP and ports used to connect to this resource. 251 type ExternalEndpoint struct { 252 IP string `json:"ip"` 253 Ports string `json:"ports"` 254 } 255 256 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 257 258 // VirtualServerList is a list of the VirtualServer resources. 259 type VirtualServerList struct { 260 metav1.TypeMeta `json:",inline"` 261 metav1.ListMeta `json:"metadata"` 262 263 Items []VirtualServer `json:"items"` 264 } 265 266 // +genclient 267 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 268 // +kubebuilder:validation:Optional 269 // +kubebuilder:resource:shortName=vsr 270 // +kubebuilder:subresource:status 271 // +kubebuilder:printcolumn:name="State",type=string,JSONPath=`.status.state`,description="Current state of the VirtualServerRoute. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller." 272 // +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.spec.host` 273 // +kubebuilder:printcolumn:name="IP",type=string,JSONPath=`.status.externalEndpoints[*].ip` 274 // +kubebuilder:printcolumn:name="Ports",type=string,JSONPath=`.status.externalEndpoints[*].ports` 275 // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` 276 277 // VirtualServerRoute defines the VirtualServerRoute resource. 278 type VirtualServerRoute struct { 279 metav1.TypeMeta `json:",inline"` 280 metav1.ObjectMeta `json:"metadata,omitempty"` 281 282 Spec VirtualServerRouteSpec `json:"spec"` 283 Status VirtualServerRouteStatus `json:"status"` 284 } 285 286 // VirtualServerRouteSpec is the spec of the VirtualServerRoute resource. 287 type VirtualServerRouteSpec struct { 288 IngressClass string `json:"ingressClassName"` 289 Host string `json:"host"` 290 Upstreams []Upstream `json:"upstreams"` 291 Subroutes []Route `json:"subroutes"` 292 } 293 294 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 295 296 type VirtualServerRouteList struct { 297 metav1.TypeMeta `json:",inline"` 298 metav1.ListMeta `json:"metadata"` 299 300 Items []VirtualServerRoute `json:"items"` 301 } 302 303 // UpstreamQueue defines Queue Configuration for an Upstream. 304 type UpstreamQueue struct { 305 Size int `json:"size"` 306 Timeout string `json:"timeout"` 307 } 308 309 // VirtualServerRouteStatus defines the status for the VirtualServerRoute resource. 310 type VirtualServerRouteStatus struct { 311 State string `json:"state"` 312 Reason string `json:"reason"` 313 Message string `json:"message"` 314 ReferencedBy string `json:"referencedBy"` 315 ExternalEndpoints []ExternalEndpoint `json:"externalEndpoints,omitempty"` 316 } 317 318 // +genclient 319 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 320 // +kubebuilder:validation:Optional 321 // +kubebuilder:resource:shortName=pol 322 // +kubebuilder:subresource:status 323 // +kubebuilder:printcolumn:name="State",type=string,JSONPath=`.status.state`,description="Current state of the Policy. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller." 324 // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` 325 326 // Policy defines a Policy for VirtualServer and VirtualServerRoute resources. 327 type Policy struct { 328 metav1.TypeMeta `json:",inline"` 329 metav1.ObjectMeta `json:"metadata,omitempty"` 330 331 Spec PolicySpec `json:"spec"` 332 Status PolicyStatus `json:"status"` 333 } 334 335 // PolicyStatus is the status of the policy resource 336 type PolicyStatus struct { 337 State string `json:"state"` 338 Reason string `json:"reason"` 339 Message string `json:"message"` 340 } 341 342 // PolicySpec is the spec of the Policy resource. 343 // The spec includes multiple fields, where each field represents a different policy. 344 // Only one policy (field) is allowed. 345 type PolicySpec struct { 346 AccessControl *AccessControl `json:"accessControl"` 347 RateLimit *RateLimit `json:"rateLimit"` 348 JWTAuth *JWTAuth `json:"jwt"` 349 IngressMTLS *IngressMTLS `json:"ingressMTLS"` 350 EgressMTLS *EgressMTLS `json:"egressMTLS"` 351 OIDC *OIDC `json:"oidc"` 352 WAF *WAF `json:"waf"` 353 } 354 355 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 356 357 // PolicyList is a list of the Policy resources. 358 type PolicyList struct { 359 metav1.TypeMeta `json:",inline"` 360 metav1.ListMeta `json:"metadata"` 361 362 Items []Policy `json:"items"` 363 } 364 365 // AccessControl defines an access policy based on the source IP of a request. 366 // policy status: production-ready 367 type AccessControl struct { 368 Allow []string `json:"allow"` 369 Deny []string `json:"deny"` 370 } 371 372 // RateLimit defines a rate limit policy. 373 // policy status: preview 374 type RateLimit struct { 375 Rate string `json:"rate"` 376 Key string `json:"key"` 377 Delay *int `json:"delay"` 378 NoDelay *bool `json:"noDelay"` 379 Burst *int `json:"burst"` 380 ZoneSize string `json:"zoneSize"` 381 DryRun *bool `json:"dryRun"` 382 LogLevel string `json:"logLevel"` 383 RejectCode *int `json:"rejectCode"` 384 } 385 386 // JWTAuth holds JWT authentication configuration. 387 // policy status: preview 388 type JWTAuth struct { 389 Realm string `json:"realm"` 390 Secret string `json:"secret"` 391 Token string `json:"token"` 392 } 393 394 // IngressMTLS defines an Ingress MTLS policy. 395 // policy status: preview 396 type IngressMTLS struct { 397 ClientCertSecret string `json:"clientCertSecret"` 398 VerifyClient string `json:"verifyClient"` 399 VerifyDepth *int `json:"verifyDepth"` 400 } 401 402 // EgressMTLS defines an Egress MTLS policy. 403 // policy status: preview 404 type EgressMTLS struct { 405 TLSSecret string `json:"tlsSecret"` 406 VerifyServer bool `json:"verifyServer"` 407 VerifyDepth *int `json:"verifyDepth"` 408 Protocols string `json:"protocols"` 409 SessionReuse *bool `json:"sessionReuse"` 410 Ciphers string `json:"ciphers"` 411 TrustedCertSecret string `json:"trustedCertSecret"` 412 ServerName bool `json:"serverName"` 413 SSLName string `json:"sslName"` 414 } 415 416 // OIDC defines an Open ID Connect policy. 417 type OIDC struct { 418 AuthEndpoint string `json:"authEndpoint"` 419 TokenEndpoint string `json:"tokenEndpoint"` 420 JWKSURI string `json:"jwksURI"` 421 ClientID string `json:"clientID"` 422 ClientSecret string `json:"clientSecret"` 423 Scope string `json:"scope"` 424 RedirectURI string `json:"redirectURI"` 425 } 426 427 // WAF defines an WAF policy. 428 // policy status: preview 429 type WAF struct { 430 Enable bool `json:"enable"` 431 ApPolicy string `json:"apPolicy"` 432 SecurityLog *SecurityLog `json:"securityLog"` 433 } 434 435 // SecurityLog defines the security log of a WAF policy. 436 type SecurityLog struct { 437 Enable bool `json:"enable"` 438 ApLogConf string `json:"apLogConf"` 439 LogDest string `json:"logDest"` 440 }