rancher/types
1
0
Fork 0
mirror of https://github.com/rancher/types.git synced 2025-08-15 11:12:57 +00:00
Code Issues Releases Wiki Activity

Update vendors

Browse Source
This commit is contained in:
gitlawr 2019-06-17 10:48:12 +08:00
parent 29db9d560e
commit 22e321a584
23 changed files with 4886 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
vendor.conf
View File

@ -4,3 +4,4 @@ github.com/rancher/types
github.com/pkg/errors v0.8.0
github.com/rancher/norman 2da1bd2ffcacdef4bdf7e2c193d32f3b04ebd6d0 transitive=true
github.com/coreos/prometheus-operator v0.25.0
github.com/knative/pkg b30ab9de040eb4ba56fdb4108a29045ecac0c46a https://github.com/rancher/pkg.git

10
vendor/github.com/knative/pkg/.gitattributes generated vendored Normal file
View File

@ -0,0 +1,10 @@
# This file is documented at https://git-scm.com/docs/gitattributes.
# Linguist-specific attributes are documented at
# https://github.com/github/linguist.
**/zz_generated.*.go linguist-generated=true
/client/** linguist-generated=true
/test/** coverage-excluded=true
/metrics/gcp_metadata.go coverage-excluded=true
*.sh text eol=lf

11
vendor/github.com/knative/pkg/.gitignore generated vendored Normal file
View File

@ -0,0 +1,11 @@
# Operating system temporary files
.DS_Store
# Editor/IDE specific settings
.idea
.vscode/
*.iml
# Temporary output of build tools
bazel-*
*.out

5
vendor/github.com/knative/pkg/CONTRIBUTING.md generated vendored Normal file
View File

@ -0,0 +1,5 @@
# Contribution guidelines
So you want to hack on Knative `pkg`? Yay! Please refer to Knative's overall
[contribution guidelines](https://github.com/knative/docs/blob/master/community/CONTRIBUTING.md)
to find out how you can help.

71
vendor/github.com/knative/pkg/DEVELOPMENT.md generated vendored Normal file
View File

@ -0,0 +1,71 @@
# Development
This doc explains how to setup a development environment so you can get started
[contributing](https://github.com/knative/docs/blob/master/community/CONTRIBUTING.md)
to Knative `pkg`. Also take a look at:
- [The pull request workflow](https://github.com/knative/docs/blob/master/community/CONTRIBUTING.md#pull-requests)
## Getting started
1. Create [a GitHub account](https://github.com/join)
1. Setup
[GitHub access via SSH](https://help.github.com/articles/connecting-to-github-with-ssh/)
1. Install [requirements](#requirements)
1. Set up your [shell environment](#environment-setup)
1. [Create and checkout a repo fork](#checkout-your-fork)
Before submitting a PR, see also [CONTRIBUTING.md](./CONTRIBUTING.md).
### Requirements
You must install these tools:
1. [`go`](https://golang.org/doc/install): The language Knative `pkg` is built
in
1. [`git`](https://help.github.com/articles/set-up-git/): For source control
1. [`dep`](https://github.com/golang/dep): For managing external dependencies.
### Environment setup
To get started you'll need to set these environment variables (we recommend
adding them to your `.bashrc`):
1. `GOPATH`: If you don't have one, simply pick a directory and add
`export GOPATH=...`
1. `$GOPATH/bin` on `PATH`: This is so that tooling installed via `go get` will
work properly.
`.bashrc` example:
```shell
export GOPATH="$HOME/go"
export PATH="${PATH}:${GOPATH}/bin"
```
### Checkout your fork
The Go tools require that you clone the repository to the
`src/github.com/knative/pkg` directory in your
[`GOPATH`](https://github.com/golang/go/wiki/SettingGOPATH).
To check out this repository:
1. Create your own
[fork of this repo](https://help.github.com/articles/fork-a-repo/)
1. Clone it to your machine:
```shell
mkdir -p ${GOPATH}/src/github.com/knative
cd ${GOPATH}/src/github.com/knative
git clone git@github.com:${YOUR_GITHUB_USERNAME}/pkg.git
cd pkg
git remote add upstream git@github.com:knative/pkg.git
git remote set-url --push upstream no_push
```
_Adding the `upstream` remote sets you up nicely for regularly
[syncing your fork](https://help.github.com/articles/syncing-a-fork/)._
Once you reach this point you are ready to do a full build and deploy as
described below.

1164
vendor/github.com/knative/pkg/Gopkg.lock generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

74
vendor/github.com/knative/pkg/Gopkg.toml generated vendored Normal file
View File

@ -0,0 +1,74 @@
# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
# for detailed Gopkg.toml documentation.
required = [
"k8s.io/apimachinery/pkg/util/sets/types",
"k8s.io/code-generator/cmd/deepcopy-gen",
"k8s.io/code-generator/cmd/defaulter-gen",
"k8s.io/code-generator/cmd/client-gen",
"k8s.io/code-generator/cmd/lister-gen",
"k8s.io/code-generator/cmd/informer-gen",
"github.com/evanphx/json-patch",
"github.com/knative/test-infra/scripts",
"github.com/knative/test-infra/tools/dep-collector",
"github.com/pkg/errors",
]
[[constraint]]
name = "k8s.io/api"
version = "kubernetes-1.12.6"
[[constraint]]
name = "k8s.io/apimachinery"
version = "kubernetes-1.12.6"
[[constraint]]
name = "k8s.io/client-go"
version = "kubernetes-1.12.6"
[[constraint]]
name = "k8s.io/code-generator"
version = "kubernetes-1.12.6"
[[override]]
name = "github.com/json-iterator/go"
# This is the commit at which k8s depends on this in 1.11
# It seems to be broken at HEAD.
revision = "f2b4162afba35581b6d4a50d3b8f34e33c144682"
[[override]]
name = "go.uber.org/zap"
revision = "67bc79d13d155c02fd008f721863ff8cc5f30659"
[[constraint]]
name = "github.com/google/go-cmp"
# HEAD as of 2019-04-09
revision = "6f77996f0c42f7b84e5a2b252227263f93432e9b"
[[override]]
name = "github.com/rogpeppe/go-internal"
# HEAD as of 2019-01-09
# Needed because release 1.0.0 does not contain a LICENSE file
revision = "4bbc89b6501cca7dd6b5557d78d70c8d2c6e8b97"
[[constraint]]
name = "contrib.go.opencensus.io/exporter/stackdriver"
version = "0.9.2"
[[constraint]]
name = "github.com/knative/test-infra"
branch = "master"
[prune]
go-tests = true
unused-packages = true
non-go = true
[[prune.project]]
name = "k8s.io/code-generator"
unused-packages = false
non-go = false
[[prune.project]]
name = "github.com/knative/test-infra"
non-go = false

201
vendor/github.com/knative/pkg/LICENSE generated vendored Normal file
View File

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

6
vendor/github.com/knative/pkg/OWNERS generated vendored Normal file
View File

@ -0,0 +1,6 @@
# The OWNERS file is used by prow to automatically merge approved PRs.
approvers:
- evankanderson
- mattmoor
- vaikas-google

13
vendor/github.com/knative/pkg/README.md generated vendored Normal file
View File

@ -0,0 +1,13 @@
# Knative Common Packages
[![GoDoc](https://godoc.org/github.com/knative/pkg?status.svg)](https://godoc.org/github.com/knative/pkg)
[![Go Report Card](https://goreportcard.com/badge/knative/pkg)](https://goreportcard.com/report/knative/pkg)
Knative `pkg` provides a place for sharing common Knative packages across the
Knative repos.
To learn more about Knative, please visit our
[Knative docs](https://github.com/knative/docs) repository.
If you are interested in contributing, see [CONTRIBUTING.md](./CONTRIBUTING.md)
and [DEVELOPMENT.md](./DEVELOPMENT.md).

6
vendor/github.com/knative/pkg/apis/OWNERS generated vendored Normal file
View File

@ -0,0 +1,6 @@
# The OWNERS file is used by prow to automatically merge approved PRs.
approvers:
- mattmoor
- vaikas-google
- n3wscott

4
vendor/github.com/knative/pkg/apis/istio/OWNERS generated vendored Normal file
View File

@ -0,0 +1,4 @@
# The OWNERS file is used by prow to automatically merge approved PRs.
approvers:
- tcnghia

35
vendor/github.com/knative/pkg/apis/istio/common/v1alpha1/string.go generated vendored Normal file
View File

@ -0,0 +1,35 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
// Describes how to match a given string in HTTP headers. Match is
// case-sensitive.
type StringMatch struct {
// Specified exactly one of the fields below.
// exact string match
Exact string `json:"exact,omitempty"`
// prefix-based match
Prefix string `json:"prefix,omitempty"`
// suffix-based match.
Suffix string `json:"suffix,omitempty"`
// ECMAscript style regex-based match
Regex string `json:"regex,omitempty"`
}

21
vendor/github.com/knative/pkg/apis/istio/register.go generated vendored Normal file
View File

@ -0,0 +1,21 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package istio
const (
GroupName = "networking.istio.io"
)

17
vendor/github.com/knative/pkg/apis/istio/v1alpha3/README.md generated vendored Normal file
View File

@ -0,0 +1,17 @@
# What are these files?
These are Go structs for Istio CRD. We translated them from proto files in
https://github.com/istio/api/tree/master/networking/v1alpha3 .
# Why do we hand-translate from proto? i.e Why can't we vendor these?
Istio needs to run on many platforms and as a reason they represent their
objects internally as proto. On Kubernetes, their API take in JSON objects and
convert to proto before processing them.
So they have nothing we can vendor, except for the Go files that are generated
by the proto compiler, which is not compatible with K8s API code-generator at
all.
We may be able to donate our translation so they can maintain it themselves. See
https://github.com/istio/istio/issues/6084.

547
vendor/github.com/knative/pkg/apis/istio/v1alpha3/destinationrule_types.go generated vendored Normal file
View File

@ -0,0 +1,547 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// DestinationRule
type DestinationRule struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec DestinationRuleSpec `json:"spec"`
}
// DestinationRule defines policies that apply to traffic intended for a
// service after routing has occurred. These rules specify configuration
// for load balancing, connection pool size from the sidecar, and outlier
// detection settings to detect and evict unhealthy hosts from the load
// balancing pool. For example, a simple load balancing policy for the
// ratings service would look as follows:
//
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: bookinfo-ratings
// spec:
// host: ratings.prod.svc.cluster.local
// trafficPolicy:
// loadBalancer:
// simple: LEAST_CONN
//
//
// Version specific policies can be specified by defining a named
// subset and overriding the settings specified at the service level. The
// following rule uses a round robin load balancing policy for all traffic
// going to a subset named testversion that is composed of endpoints (e.g.,
// pods) with labels (version:v3).
//
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: bookinfo-ratings
// spec:
// host: ratings.prod.svc.cluster.local
// trafficPolicy:
// loadBalancer:
// simple: LEAST_CONN
// subsets:
// - name: testversion
// labels:
// version: v3
// trafficPolicy:
// loadBalancer:
// simple: ROUND_ROBIN
//
//
// **Note:** Policies specified for subsets will not take effect until
// a route rule explicitly sends traffic to this subset.
//
// Traffic policies can be customized to specific ports as well. The
// following rule uses the least connection load balancing policy for all
// traffic to port 80, while uses a round robin load balancing setting for
// traffic to the port 9080.
//
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: bookinfo-ratings-port
// spec:
// host: ratings.prod.svc.cluster.local
// trafficPolicy: # Apply to all ports
// portLevelSettings:
// - port:
// number: 80
// loadBalancer:
// simple: LEAST_CONN
// - port:
// number: 9080
// loadBalancer:
// simple: ROUND_ROBIN
//
type DestinationRuleSpec struct {
// REQUIRED. The name of a service from the service registry. Service
// names are looked up from the platform's service registry (e.g.,
// Kubernetes services, Consul services, etc.) and from the hosts
// declared by [ServiceEntries](#ServiceEntry). Rules defined for
// services that do not exist in the service registry will be ignored.
//
// *Note for Kubernetes users*: When short names are used (e.g. "reviews"
// instead of "reviews.default.svc.cluster.local"), Istio will interpret
// the short name based on the namespace of the rule, not the service. A
// rule in the "default" namespace containing a host "reviews will be
// interpreted as "reviews.default.svc.cluster.local", irrespective of
// the actual namespace associated with the reviews service. _To avoid
// potential misconfigurations, it is recommended to always use fully
// qualified domain names over short names._
//
// Note that the host field applies to both HTTP and TCP services.
Host string `json:"host"`
// Traffic policies to apply (load balancing policy, connection pool
// sizes, outlier detection).
TrafficPolicy *TrafficPolicy `json:"trafficPolicy,omitempty"`
// One or more named sets that represent individual versions of a
// service. Traffic policies can be overridden at subset level.
Subsets []Subset `json:"subsets,omitempty"`
}
// Traffic policies to apply for a specific destination, across all
// destination ports. See DestinationRule for examples.
type TrafficPolicy struct {
// Settings controlling the load balancer algorithms.
LoadBalancer *LoadBalancerSettings `json:"loadBalancer,omitempty"`
// Settings controlling the volume of connections to an upstream service
ConnectionPool *ConnectionPoolSettings `json:"connectionPool,omitempty"`
// Settings controlling eviction of unhealthy hosts from the load balancing pool
OutlierDetection *OutlierDetection `json:"outlierDetection,omitempty"`
// TLS related settings for connections to the upstream service.
TLS *TLSSettings `json:"tls,omitempty"`
// Traffic policies specific to individual ports. Note that port level
// settings will override the destination-level settings. Traffic
// settings specified at the destination-level will not be inherited when
// overridden by port-level settings, i.e. default values will be applied
// to fields omitted in port-level traffic policies.
PortLevelSettings []PortTrafficPolicy `json:"portLevelSettings,omitempty"`
}
// Traffic policies that apply to specific ports of the service
type PortTrafficPolicy struct {
// Specifies the port name or number of a port on the destination service
// on which this policy is being applied.
//
// Names must comply with DNS label syntax (rfc1035) and therefore cannot
// collide with numbers. If there are multiple ports on a service with
// the same protocol the names should be of the form <protocol-name>-<DNS
// label>.
Port PortSelector `json:"port"`
// Settings controlling the load balancer algorithms.
LoadBalancer *LoadBalancerSettings `json:"loadBalancer,omitempty"`
// Settings controlling the volume of connections to an upstream service
ConnectionPool *ConnectionPoolSettings `json:"connectionPool,omitempty"`
// Settings controlling eviction of unhealthy hosts from the load balancing pool
OutlierDetection *OutlierDetection `json:"outlierDetection,omitempty"`
// TLS related settings for connections to the upstream service.
TLS *TLSSettings `json:"tls,omitempty"`
}
// A subset of endpoints of a service. Subsets can be used for scenarios
// like A/B testing, or routing to a specific version of a service. Refer
// to [VirtualService](#VirtualService) documentation for examples of using
// subsets in these scenarios. In addition, traffic policies defined at the
// service-level can be overridden at a subset-level. The following rule
// uses a round robin load balancing policy for all traffic going to a
// subset named testversion that is composed of endpoints (e.g., pods) with
// labels (version:v3).
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: bookinfo-ratings
// spec:
// host: ratings.prod.svc.cluster.local
// trafficPolicy:
// loadBalancer:
// simple: LEAST_CONN
// subsets:
// - name: testversion
// labels:
// version: v3
// trafficPolicy:
// loadBalancer:
// simple: ROUND_ROBIN
//
// **Note:** Policies specified for subsets will not take effect until
// a route rule explicitly sends traffic to this subset.
type Subset struct {
// REQUIRED. Name of the subset. The service name and the subset name can
// be used for traffic splitting in a route rule.
Name string `json:"name"`
// REQUIRED. Labels apply a filter over the endpoints of a service in the
// service registry. See route rules for examples of usage.
Labels map[string]string `json:"labels"`
// Traffic policies that apply to this subset. Subsets inherit the
// traffic policies specified at the DestinationRule level. Settings
// specified at the subset level will override the corresponding settings
// specified at the DestinationRule level.
TrafficPolicy *TrafficPolicy `json:"trafficPolicy,omitempty"`
}
// Load balancing policies to apply for a specific destination. See Envoy's
// load balancing
// [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/load_balancing.html)
// for more details.
//
// For example, the following rule uses a round robin load balancing policy
// for all traffic going to the ratings service.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: bookinfo-ratings
// spec:
// host: ratings.prod.svc.cluster.local
// trafficPolicy:
// loadBalancer:
// simple: ROUND_ROBIN
//
// The following example sets up sticky sessions for the ratings service
// hashing-based load balancer for the same ratings service using the
// the User cookie as the hash key.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: bookinfo-ratings
// spec:
// host: ratings.prod.svc.cluster.local
// trafficPolicy:
// loadBalancer:
// consistentHash:
// httpCookie:
// name: user
// ttl: 0s
type LoadBalancerSettings struct {
// It is required to specify exactly one of the fields:
// Simple or ConsistentHash
Simple SimpleLB `json:"simple,omitempty"`
ConsistentHash *ConsistentHashLB `json:"consistentHash,omitempty"`
}
// Standard load balancing algorithms that require no tuning.
type SimpleLB string
const (
// Round Robin policy. Default
SimpleLBRoundRobin SimpleLB = "ROUND_ROBIN"
// The least request load balancer uses an O(1) algorithm which selects
// two random healthy hosts and picks the host which has fewer active
// requests.
SimpleLBLeastConn SimpleLB = "LEAST_CONN"
// The random load balancer selects a random healthy host. The random
// load balancer generally performs better than round robin if no health
// checking policy is configured.
SimpleLBRandom SimpleLB = "RANDOM"
// This option will forward the connection to the original IP address
// requested by the caller without doing any form of load
// balancing. This option must be used with care. It is meant for
// advanced use cases. Refer to Original Destination load balancer in
// Envoy for further details.
SimpleLBPassthrough SimpleLB = "PASSTHROUGH"
)
// Consistent Hash-based load balancing can be used to provide soft
// session affinity based on HTTP headers, cookies or other
// properties. This load balancing policy is applicable only for HTTP
// connections. The affinity to a particular destination host will be
// lost when one or more hosts are added/removed from the destination
// service.
type ConsistentHashLB struct {
// It is required to specify exactly one of the fields as hash key:
// HTTPHeaderName, HTTPCookie, or UseSourceIP.
// Hash based on a specific HTTP header.
HTTPHeaderName string `json:"httpHeaderName,omitempty"`
// Hash based on HTTP cookie.
HTTPCookie *HTTPCookie `json:"httpCookie,omitempty"`
// Hash based on the source IP address.
UseSourceIP bool `json:"useSourceIp,omitempty"`
// The minimum number of virtual nodes to use for the hash
// ring. Defaults to 1024. Larger ring sizes result in more granular
// load distributions. If the number of hosts in the load balancing
// pool is larger than the ring size, each host will be assigned a
// single virtual node.
MinimumRingSize uint64 `json:"minimumRingSize,omitempty"`
}
// Describes a HTTP cookie that will be used as the hash key for the
// Consistent Hash load balancer. If the cookie is not present, it will
// be generated.
type HTTPCookie struct {
// REQUIRED. Name of the cookie.
Name string `json:"name"`
// Path to set for the cookie.
Path string `json:"path,omitempty"`
// REQUIRED. Lifetime of the cookie.
TTL string `json:"ttl"`
}
// Connection pool settings for an upstream host. The settings apply to
// each individual host in the upstream service. See Envoy's [circuit
// breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/circuit_breaking)
// for more details. Connection pool settings can be applied at the TCP
// level as well as at HTTP level.
//
// For example, the following rule sets a limit of 100 connections to redis
// service called myredissrv with a connect timeout of 30ms
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: bookinfo-redis
// spec:
// host: myredissrv.prod.svc.cluster.local
// trafficPolicy:
// connectionPool:
// tcp:
// maxConnections: 100
// connectTimeout: 30ms
type ConnectionPoolSettings struct {
// Settings common to both HTTP and TCP upstream connections.
TCP *TCPSettings `json:"tcp,omitempty"`
// HTTP connection pool settings.
HTTP *HTTPSettings `json:"http,omitempty"`
}
// Settings common to both HTTP and TCP upstream connections.
type TCPSettings struct {
// Maximum number of HTTP1 /TCP connections to a destination host.
MaxConnections int32 `json:"maxConnections,omitempty"`
// TCP connection timeout.
ConnectTimeout string `json:"connectTimeout,omitempty"`
}
// Settings applicable to HTTP1.1/HTTP2/GRPC connections.
type HTTPSettings struct {
// Maximum number of pending HTTP requests to a destination. Default 1024.
HTTP1MaxPendingRequests int32 `json:"http1MaxPendingRequests,omitempty"`
// Maximum number of requests to a backend. Default 1024.
HTTP2MaxRequests int32 `json:"http2MaxRequests,omitempty"`
// Maximum number of requests per connection to a backend. Setting this
// parameter to 1 disables keep alive.
MaxRequestsPerConnection int32 `json:"maxRequestsPerConnection,omitempty"`
// Maximum number of retries that can be outstanding to all hosts in a
// cluster at a given time. Defaults to 3.
MaxRetries int32 `json:"maxRetries,omitempty"`
}
// A Circuit breaker implementation that tracks the status of each
// individual host in the upstream service. Applicable to both HTTP and
// TCP services. For HTTP services, hosts that continually return 5xx
// errors for API calls are ejected from the pool for a pre-defined period
// of time. For TCP services, connection timeouts or connection
// failures to a given host counts as an error when measuring the
// consecutive errors metric. See Envoy's [outlier
// detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/outlier)
// for more details.
//
// The following rule sets a connection pool size of 100 connections and
// 1000 concurrent HTTP2 requests, with no more than 10 req/connection to
// "reviews" service. In addition, it configures upstream hosts to be
// scanned every 5 mins, such that any host that fails 7 consecutive times
// with 5XX error code will be ejected for 15 minutes.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: reviews-cb-policy
// spec:
// host: reviews.prod.svc.cluster.local
// trafficPolicy:
// connectionPool:
// tcp:
// maxConnections: 100
// http:
// http2MaxRequests: 1000
// maxRequestsPerConnection: 10
// outlierDetection:
// consecutiveErrors: 7
// interval: 5m
// baseEjectionTime: 15m
type OutlierDetection struct {
// Number of errors before a host is ejected from the connection
// pool. Defaults to 5. When the upstream host is accessed over HTTP, a
// 5xx return code qualifies as an error. When the upstream host is
// accessed over an opaque TCP connection, connect timeouts and
// connection error/failure events qualify as an error.
ConsecutiveErrors int32 `json:"consecutiveErrors,omitempty"`
// Time interval between ejection sweep analysis. format:
// 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.
Interval string `json:"interval,omitempty"`
// Minimum ejection duration. A host will remain ejected for a period
// equal to the product of minimum ejection duration and the number of
// times the host has been ejected. This technique allows the system to
// automatically increase the ejection period for unhealthy upstream
// servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.
BaseEjectionTime string `json:"baseEjectionTime,omitempty"`
// Maximum % of hosts in the load balancing pool for the upstream
// service that can be ejected. Defaults to 10%.
MaxEjectionPercent int32 `json:"maxEjectionPercent,omitempty"`
}
// SSL/TLS related settings for upstream connections. See Envoy's [TLS
// context](https://www.envoyproxy.io/docs/envoy/latest/api-v1/cluster_manager/cluster_ssl.html#config-cluster-manager-cluster-ssl)
// for more details. These settings are common to both HTTP and TCP upstreams.
//
// For example, the following rule configures a client to use mutual TLS
// for connections to upstream database cluster.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: db-mtls
// spec:
// host: mydbserver.prod.svc.cluster.local
// trafficPolicy:
// tls:
// mode: MUTUAL
// clientCertificate: /etc/certs/myclientcert.pem
// privateKey: /etc/certs/client_private_key.pem
// caCertificates: /etc/certs/rootcacerts.pem
//
// The following rule configures a client to use TLS when talking to a
// foreign service whose domain matches *.foo.com.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: tls-foo
// spec:
// host: "*.foo.com"
// trafficPolicy:
// tls:
// mode: SIMPLE
//
// The following rule configures a client to use Istio mutual TLS when talking
// to rating services.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: ratings-istio-mtls
// spec:
// host: ratings.prod.svc.cluster.local
// trafficPolicy:
// tls:
// mode: ISTIO_MUTUAL
type TLSSettings struct {
// REQUIRED: Indicates whether connections to this port should be secured
// using TLS. The value of this field determines how TLS is enforced.
Mode TLSmode `json:"mode"`
// REQUIRED if mode is `MUTUAL`. The path to the file holding the
// client-side TLS certificate to use.
// Should be empty if mode is `ISTIO_MUTUAL`.
ClientCertificate string `json:"clientCertificate,omitempty"`
// REQUIRED if mode is `MUTUAL`. The path to the file holding the
// client's private key.
// Should be empty if mode is `ISTIO_MUTUAL`.
PrivateKey string `json:"privateKey,omitempty"`
// OPTIONAL: The path to the file containing certificate authority
// certificates to use in verifying a presented server certificate. If
// omitted, the proxy will not verify the server's certificate.
// Should be empty if mode is `ISTIO_MUTUAL`.
CaCertificates string `json:"caCertificates,omitempty"`
// A list of alternate names to verify the subject identity in the
// certificate. If specified, the proxy will verify that the server
// certificate's subject alt name matches one of the specified values.
// Should be empty if mode is `ISTIO_MUTUAL`.
SubjectAltNames []string `json:"subjectAltNames,omitempty"`
// SNI string to present to the server during TLS handshake.
// Should be empty if mode is `ISTIO_MUTUAL`.
Sni string `json:"sni,omitempty"`
}
// TLS connection mode
type TLSmode string
const (
// Do not setup a TLS connection to the upstream endpoint.
TLSmodeDisable TLSmode = "DISABLE"
// Originate a TLS connection to the upstream endpoint.
TLSmodeSimple TLSmode = "SIMPLE"
// Secure connections to the upstream using mutual TLS by presenting
// client certificates for authentication.
TLSmodeMutual TLSmode = "MUTUAL"
// Secure connections to the upstream using mutual TLS by presenting
// client certificates for authentication.
// Compared to Mutual mode, this mode uses certificates generated
// automatically by Istio for mTLS authentication. When this mode is
// used, all other fields in `TLSSettings` should be empty.
TLSmodeIstioMutual TLSmode = "ISTIO_MUTUAL"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// DestinationRuleList is a list of DestinationRule resources
type DestinationRuleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []DestinationRule `json:"items"`
}

23
vendor/github.com/knative/pkg/apis/istio/v1alpha3/doc.go generated vendored Normal file
View File

@ -0,0 +1,23 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Api versions allow the api contract for a resource to be changed while keeping
// backward compatibility by support multiple concurrent versions
// of the same resource
// +k8s:deepcopy-gen=package
// +groupName=networking.istio.io
package v1alpha3

336
vendor/github.com/knative/pkg/apis/istio/v1alpha3/gateway_types.go generated vendored Normal file
View File

@ -0,0 +1,336 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Gateway describes a load balancer operating at the edge of the mesh
// receiving incoming or outgoing HTTP/TCP connections. The specification
// describes a set of ports that should be exposed, the type of protocol to
// use, SNI configuration for the load balancer, etc.
//
// For example, the following gateway spec sets up a proxy to act as a load
// balancer exposing port 80 and 9080 (http), 443 (https), and port 2379
// (TCP) for ingress. The gateway will be applied to the proxy running on
// a pod with labels "app: my-gateway-controller". While Istio will configure the
// proxy to listen on these ports, it is the responsibility of the user to
// ensure that external traffic to these ports are allowed into the mesh.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: Gateway
// metadata:
// name: my-gateway
// spec:
// selector:
// app: my-gatweway-controller
// servers:
// - port:
// number: 80
// name: http
// protocol: HTTP
// hosts:
// - uk.bookinfo.com
// - eu.bookinfo.com
// tls:
// httpsRedirect: true # sends 302 redirect for http requests
// - port:
// number: 443
// name: https
// protocol: HTTPS
// hosts:
// - uk.bookinfo.com
// - eu.bookinfo.com
// tls:
// mode: SIMPLE #enables HTTPS on this port
// serverCertificate: /etc/certs/servercert.pem
// privateKey: /etc/certs/privatekey.pem
// - port:
// number: 9080
// name: http-wildcard
// protocol: HTTP
// # no hosts implies wildcard match
// - port:
// number: 2379 #to expose internal service via external port 2379
// name: mongo
// protocol: MONGO
//
// The gateway specification above describes the L4-L6 properties of a load
// balancer. A VirtualService can then be bound to a gateway to control
// the forwarding of traffic arriving at a particular host or gateway port.
//
// For example, the following VirtualService splits traffic for
// https://uk.bookinfo.com/reviews, https://eu.bookinfo.com/reviews,
// http://uk.bookinfo.com:9080/reviews, http://eu.bookinfo.com:9080/reviews
// into two versions (prod and qa) of an internal reviews service on port
// 9080. In addition, requests containing the cookie user: dev-123 will be
// sent to special port 7777 in the qa version. The same rule is also
// applicable inside the mesh for requests to the reviews.prod
// service. This rule is applicable across ports 443, 9080. Note that
// http://uk.bookinfo.com gets redirected to https://uk.bookinfo.com
// (i.e. 80 redirects to 443).
//
// apiVersion: networking.istio.io/v1alpha3
// kind: VirtualService
// metadata:
// name: bookinfo-rule
// spec:
// hosts:
// - reviews.prod
// - uk.bookinfo.com
// - eu.bookinfo.com
// gateways:
// - my-gateway
// - mesh # applies to all the sidecars in the mesh
// http:
// - match:
// - headers:
// cookie:
// user: dev-123
// route:
// - destination:
// port:
// number: 7777
// name: reviews.qa
// - match:
// uri:
// prefix: /reviews/
// route:
// - destination:
// port:
// number: 9080 # can be omitted if its the only port for reviews
// name: reviews.prod
// weight: 80
// - destination:
// name: reviews.qa
// weight: 20
//
// The following VirtualService forwards traffic arriving at (external) port
// 2379 from 172.17.16.0/24 subnet to internal Mongo server on port 5555. This
// rule is not applicable internally in the mesh as the gateway list omits
// the reserved name "mesh".
//
// apiVersion: networking.istio.io/v1alpha3
// kind: VirtualService
// metadata:
// name: bookinfo-Mongo
// spec:
// hosts:
// - mongosvr #name of Mongo service
// gateways:
// - my-gateway
// tcp:
// - match:
// - port:
// number: 2379
// sourceSubnet: "172.17.16.0/24"
// route:
// - destination:
// name: mongo.prod
//
type Gateway struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec GatewaySpec `json:"spec"`
}
type GatewaySpec struct {
// REQUIRED: A list of server specifications.
Servers []Server `json:"servers"`
// One or more labels that indicate a specific set of pods/VMs
// on which this gateway configuration should be applied.
// If no selectors are provided, the gateway will be implemented by
// the default istio-ingress controller.
Selector map[string]string `json:"selector,omitempty"`
}
// Server describes the properties of the proxy on a given load balancer port.
// For example,
//
// apiVersion: networking.istio.io/v1alpha3
// kind: Gateway
// metadata:
// name: my-ingress
// spec:
// selector:
// app: my-ingress-controller
// servers:
// - port:
// number: 80
// name: http2
// protocol: HTTP2
//
// Another example
//
// apiVersion: networking.istio.io/v1alpha3
// kind: Gateway
// metadata:
// name: my-tcp-ingress
// spec:
// selector:
// app: my-tcp-ingress-controller
// servers:
// - port:
// number: 27018
// name: mongo
// protocol: MONGO
//
// The following is an example of TLS configuration for port 443
//
// apiVersion: networking.istio.io/v1alpha3
// kind: Gateway
// metadata:
// name: my-tls-ingress
// spec:
// selector:
// app: my-tls-ingress-controller
// servers:
// - port:
// number: 443
// name: https
// protocol: HTTPS
// tls:
// mode: SIMPLE
// serverCertificate: /etc/certs/server.pem
// privateKey: /etc/certs/privatekey.pem
//
type Server struct {
// REQUIRED: The Port on which the proxy should listen for incoming
// connections
Port Port `json:"port"`
// A list of hosts exposed by this gateway. While
// typically applicable to HTTP services, it can also be used for TCP
// services using TLS with SNI. Standard DNS wildcard prefix syntax
// is permitted.
//
// A VirtualService that is bound to a gateway must having a matching host
// in its default destination. Specifically one of the VirtualService
// destination hosts is a strict suffix of a gateway host or
// a gateway host is a suffix of one of the VirtualService hosts.
Hosts []string `json:"hosts,omitempty"`
// Set of TLS related options that govern the server's behavior. Use
// these options to control if all http requests should be redirected to
// https, and the TLS modes to use.
TLS *TLSOptions `json:"tls,omitempty"`
}
type TLSOptions struct {
// If set to true, the load balancer will send a 302 redirect for all
// http connections, asking the clients to use HTTPS.
HTTPSRedirect bool `json:"httpsRedirect"`
// Optional: Indicates whether connections to this port should be
// secured using TLS. The value of this field determines how TLS is
// enforced.
Mode TLSMode `json:"mode,omitempty"`
// REQUIRED if mode is "SIMPLE" or "MUTUAL". The path to the file
// holding the server-side TLS certificate to use.
ServerCertificate string `json:"serverCertificate"`
// REQUIRED if mode is "SIMPLE" or "MUTUAL". The path to the file
// holding the server's private key.
PrivateKey string `json:"privateKey"`
// REQUIRED if mode is "MUTUAL". The path to a file containing
// certificate authority certificates to use in verifying a presented
// client side certificate.
CaCertificates string `json:"caCertificates"`
// The credentialName stands for a unique identifier that can be used
// to identify the serverCertificate and the privateKey. The
// credentialName appended with suffix "-cacert" is used to identify
// the CaCertificates associated with this server. Gateway workloads
// capable of fetching credentials from a remote credential store such
// as Kubernetes secrets, will be configured to retrieve the
// serverCertificate and the privateKey using credentialName, instead
// of using the file system paths specified above. If using mutual TLS,
// gateway workload instances will retrieve the CaCertificates using
// credentialName-cacert. The semantics of the name are platform
// dependent. In Kubernetes, the default Istio supplied credential
// server expects the credentialName to match the name of the
// Kubernetes secret that holds the server certificate, the private
// key, and the CA certificate (if using mutual TLS). Set the
// `ISTIO_META_USER_SDS` metadata variable in the gateway's proxy to
// enable the dynamic credential fetching feature.
CredentialName string `json:"credentialName,omitempty"`
// A list of alternate names to verify the subject identity in the
// certificate presented by the client.
SubjectAltNames []string `json:"subjectAltNames"`
}
// TLS modes enforced by the proxy
type TLSMode string
const (
// If set to "PASSTHROUGH", the proxy will forward the connection
// to the upstream server selected based on the SNI string presented
// by the client.
TLSModePassThrough TLSMode = "PASSTHROUGH"
// If set to "SIMPLE", the proxy will secure connections with
// standard TLS semantics.
TLSModeSimple TLSMode = "SIMPLE"
// If set to "MUTUAL", the proxy will secure connections to the
// upstream using mutual TLS by presenting client certificates for
// authentication.
TLSModeMutual TLSMode = "MUTUAL"
)
// Port describes the properties of a specific port of a service.
type Port struct {
// REQUIRED: A valid non-negative integer port number.
Number int `json:"number"`
// REQUIRED: The protocol exposed on the port.
// MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP.
Protocol PortProtocol `json:"protocol"`
// Label assigned to the port.
Name string `json:"name,omitempty"`
}
type PortProtocol string
const (
ProtocolHTTP PortProtocol = "HTTP"
ProtocolHTTPS PortProtocol = "HTTPS"
ProtocolGRPC PortProtocol = "GRPC"
ProtocolHTTP2 PortProtocol = "HTTP2"
ProtocolMongo PortProtocol = "Mongo"
ProtocolTCP PortProtocol = "TCP"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// GatewayList is a list of Gateway resources
type GatewayList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Gateway `json:"items"`
}

58
vendor/github.com/knative/pkg/apis/istio/v1alpha3/register.go generated vendored Normal file
View File

@ -0,0 +1,58 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import (
"github.com/knative/pkg/apis/istio"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
)
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: istio.GroupName, Version: "v1alpha3"}
// Kind takes an unqualified kind and returns back a Group qualified GroupKind
func Kind(kind string) schema.GroupKind {
return SchemeGroupVersion.WithKind(kind).GroupKind()
}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
AddToScheme = SchemeBuilder.AddToScheme
)
// Adds the list of known types to Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&VirtualService{},
&Gateway{},
&DestinationRule{},
&VirtualServiceList{},
&GatewayList{},
&DestinationRuleList{},
&ServiceEntry{},
&ServiceEntryList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

39
vendor/github.com/knative/pkg/apis/istio/v1alpha3/service_entry.go generated vendored Normal file
View File

@ -0,0 +1,39 @@
package v1alpha3
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type ServiceEntry struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ServiceEntrySpec `json:"spec"`
}
type ServiceEntrySpec struct {
Hosts []string `json:"hosts,omitempty"`
Addresses []string `json:"addresses,omitempty"`
Ports []Port `json:"ports,omitempty"`
Location int32 `json:"location,omitempty"`
Resolution int32 `json:"resolution,omitempty"`
Endpoints []ServiceEntry_Endpoint `json:"endpoints,omitempty"`
}
type ServiceEntry_Endpoint struct {
Address string `json:"address,omitempty"`
Ports map[string]uint32 `json:"ports,omitempty"`
Labels map[string]string `json:"labels,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type ServiceEntryList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []ServiceEntry `json:"items"`
}

882
vendor/github.com/knative/pkg/apis/istio/v1alpha3/virtualservice_types.go generated vendored Normal file
View File

@ -0,0 +1,882 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import (
"github.com/knative/pkg/apis/istio/common/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// VirtualService
type VirtualService struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec VirtualServiceSpec `json:"spec"`
}
// A VirtualService defines a set of traffic routing rules to apply when a host is
// addressed. Each routing rule defines matching criteria for traffic of a specific
// protocol. If the traffic is matched, then it is sent to a named destination service
// (or subset/version of it) defined in the registry.
//
// The source of traffic can also be matched in a routing rule. This allows routing
// to be customized for specific client contexts.
//
// The following example routes all HTTP traffic by default to
// pods of the reviews service with label "version: v1". In addition,
// HTTP requests containing /wpcatalog/, /consumercatalog/ url prefixes will
// be rewritten to /newcatalog and sent to pods with label "version: v2". The
// rules will be applied at the gateway named "bookinfo" as well as at all
// the sidecars in the mesh (indicated by the reserved gateway name
// "mesh").
//
// apiVersion: networking.istio.io/v1alpha3
// kind: VirtualService
// metadata:
// name: reviews-route
// spec:
// hosts:
// - reviews
// gateways: # if omitted, defaults to "mesh"
// - bookinfo
// - mesh
// http:
// - match:
// - uri:
// prefix: "/wpcatalog"
// - uri:
// prefix: "/consumercatalog"
// rewrite:
// uri: "/newcatalog"
// route:
// - destination:
// host: reviews
// subset: v2
// - route:
// - destination:
// host: reviews
// subset: v1
//
// A subset/version of a route destination is identified with a reference
// to a named service subset which must be declared in a corresponding
// DestinationRule.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: reviews-destination
// spec:
// host: reviews
// subsets:
// - name: v1
// labels:
// version: v1
// - name: v2
// labels:
// version: v2
//
// A host name can be defined by only one VirtualService. A single
// VirtualService can be used to describe traffic properties for multiple
// HTTP and TCP ports.
type VirtualServiceSpec struct {
// REQUIRED. The destination address for traffic captured by this virtual
// service. Could be a DNS name with wildcard prefix or a CIDR
// prefix. Depending on the platform, short-names can also be used
// instead of a FQDN (i.e. has no dots in the name). In such a scenario,
// the FQDN of the host would be derived based on the underlying
// platform.
//
// For example on Kubernetes, when hosts contains a short name, Istio will
// interpret the short name based on the namespace of the rule. Thus, when a
// client namespace applies a rule in the "default" namespace containing a name
// "reviews, Istio will setup routes to the "reviews.default.svc.cluster.local"
// service. However, if a different name such as "reviews.sales.svc.cluster.local"
// is used, it would be treated as a FQDN during virtual host matching.
// In Consul, a plain service name would be resolved to the FQDN
// "reviews.service.consul".
//
// Note that the hosts field applies to both HTTP and TCP
// services. Service inside the mesh, i.e., those found in the service
// registry, must always be referred to using their alphanumeric
// names. IP addresses or CIDR prefixes are allowed only for services
// defined via the Gateway.
Hosts []string `json:"hosts"`
// The names of gateways and sidecars that should apply these routes. A
// single VirtualService is used for sidecars inside the mesh as well
// as for one or more gateways. The selection condition imposed by this field
// can be overridden using the source field in the match conditions of HTTP/TCP
// routes. The reserved word "mesh" is used to imply all the sidecars in
// the mesh. When this field is omitted, the default gateway ("mesh")
// will be used, which would apply the rule to all sidecars in the
// mesh. If a list of gateway names is provided, the rules will apply
// only to the gateways. To apply the rules to both gateways and sidecars,
// specify "mesh" as one of the gateway names.
Gateways []string `json:"gateways,omitempty"`
// An ordered list of route rules for HTTP traffic.
// The first rule matching an incoming request is used.
HTTP []HTTPRoute `json:"http,omitempty"`
// An ordered list of route rules for TCP traffic.
// The first rule matching an incoming request is used.
TCP []TCPRoute `json:"tcp,omitempty"`
TLS []TLSRoute `json:"tls,omitempty"`
}
// Describes match conditions and actions for routing HTTP/1.1, HTTP2, and
// gRPC traffic. See VirtualService for usage examples.
type HTTPRoute struct {
// Match conditions to be satisfied for the rule to be
// activated. All conditions inside a single match block have AND
// semantics, while the list of match blocks have OR semantics. The rule
// is matched if any one of the match blocks succeed.
Match []HTTPMatchRequest `json:"match,omitempty"`
// A http rule can either redirect or forward (default) traffic. The
// forwarding target can be one of several versions of a service (see
// glossary in beginning of document). Weights associated with the
// service version determine the proportion of traffic it receives.
Route []HTTPRouteDestination `json:"route,omitempty"`
// A http rule can either redirect or forward (default) traffic. If
// traffic passthrough option is specified in the rule,
// route/redirect will be ignored. The redirect primitive can be used to
// send a HTTP 302 redirect to a different URI or Authority.
Redirect *HTTPRedirect `json:"redirect,omitempty"`
// Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with
// Redirect primitive. Rewrite will be performed before forwarding.
Rewrite *HTTPRewrite `json:"rewrite,omitempty"`
// Indicates that a HTTP/1.1 client connection to this particular route
// should be allowed (and expected) to upgrade to a WebSocket connection.
// The default is false. Istio's reference sidecar implementation (Envoy)
// expects the first request to this route to contain the WebSocket
// upgrade headers. Otherwise, the request will be rejected. Note that
// Websocket allows secondary protocol negotiation which may then be
// subject to further routing rules based on the protocol selected.
WebsocketUpgrade bool `json:"websocketUpgrade,omitempty"`
// Timeout for HTTP requests.
Timeout string `json:"timeout,omitempty"`
// Retry policy for HTTP requests.
Retries *HTTPRetry `json:"retries,omitempty"`
// Fault injection policy to apply on HTTP traffic.
Fault *HTTPFaultInjection `json:"fault,omitempty"`
// Mirror HTTP traffic to a another destination in addition to forwarding
// the requests to the intended destination. Mirrored traffic is on a
// best effort basis where the sidecar/gateway will not wait for the
// mirrored cluster to respond before returning the response from the
// original destination. Statistics will be generated for the mirrored
// destination.
Mirror *Destination `json:"mirror,omitempty"`
// Additional HTTP headers to add before forwarding a request to the
// destination service.
DeprecatedAppendHeaders map[string]string `json:"appendHeaders,omitempty"`
// Header manipulation rules
Headers *Headers `json:"headers,omitempty"`
// Http headers to remove before returning the response to the caller
RemoveResponseHeaders map[string]string `json:"removeResponseHeaders,omitempty"`
// Cross-Origin Resource Sharing policy
CorsPolicy *CorsPolicy `json:"corsPolicy,omitempty"`
}
// Headers describes header manipulation rules.
type Headers struct {
// Header manipulation rules to apply before forwarding a request
// to the destination service
Request *HeaderOperations `json:"request,omitempty"`
// Header manipulation rules to apply before returning a response
// to the caller
Response *HeaderOperations `json:"response,omitempty"`
}
// HeaderOperations Describes the header manipulations to apply
type HeaderOperations struct {
// Overwrite the headers specified by key with the given values
Set map[string]string `json:"set,omitempty"`
// Append the given values to the headers specified by keys
// (will create a comma-separated list of values)
Add map[string]string `json:"add,omitempty"`
// Remove a the specified headers
Remove []string `json:"remove,omitempty"`
}
// HttpMatchRequest specifies a set of criterion to be met in order for the
// rule to be applied to the HTTP request. For example, the following
// restricts the rule to match only requests where the URL path
// starts with /ratings/v2/ and the request contains a "cookie" with value
// "user=jason".
//
// apiVersion: networking.istio.io/v1alpha3
// kind: VirtualService
// metadata:
// name: ratings-route
// spec:
// hosts:
// - ratings
// http:
// - match:
// - headers:
// cookie:
// regex: "^(.*?;)?(user=jason)(;.*)?"
// uri:
// prefix: "/ratings/v2/"
// route:
// - destination:
// host: ratings
//
// HTTPMatchRequest CANNOT be empty.
type HTTPMatchRequest struct {
// URI to match
// values are case-sensitive and formatted as follows:
//
// - `exact: "value"` for exact string match
//
// - `prefix: "value"` for prefix-based match
//
// - `regex: "value"` for ECMAscript style regex-based match
//
URI *v1alpha1.StringMatch `json:"uri,omitempty"`
// URI Scheme
// values are case-sensitive and formatted as follows:
//
// - `exact: "value"` for exact string match
//
// - `prefix: "value"` for prefix-based match
//
// - `regex: "value"` for ECMAscript style regex-based match
//
Scheme *v1alpha1.StringMatch `json:"scheme,omitempty"`
// HTTP Method
// values are case-sensitive and formatted as follows:
//
// - `exact: "value"` for exact string match
//
// - `prefix: "value"` for prefix-based match
//
// - `regex: "value"` for ECMAscript style regex-based match
//
Method *v1alpha1.StringMatch `json:"method,omitempty"`
// HTTP Authority
// values are case-sensitive and formatted as follows:
//
// - `exact: "value"` for exact string match
//
// - `prefix: "value"` for prefix-based match
//
// - `regex: "value"` for ECMAscript style regex-based match
//
Authority *v1alpha1.StringMatch `json:"authority,omitempty"`
// The header keys must be lowercase and use hyphen as the separator,
// e.g. _x-request-id_.
//
// Header values are case-sensitive and formatted as follows:
//
// - `exact: "value"` for exact string match
//
// - `prefix: "value"` for prefix-based match
//
// - `regex: "value"` for ECMAscript style regex-based match
//
// **Note:** The keys `uri`, `scheme`, `method`, and `authority` will be ignored.
Headers map[string]v1alpha1.StringMatch `json:"headers,omitempty"`
// Specifies the ports on the host that is being addressed. Many services
// only expose a single port or label ports with the protocols they support,
// in these cases it is not required to explicitly select the port.
Port uint32 `json:"port,omitempty"`
// One or more labels that constrain the applicability of a rule to
// workloads with the given labels. If the VirtualService has a list of
// gateways specified at the top, it should include the reserved gateway
// `mesh` in order for this field to be applicable.
SourceLabels map[string]string `json:"sourceLabels,omitempty"`
// Names of gateways where the rule should be applied to. Gateway names
// at the top of the VirtualService (if any) are overridden. The gateway match is
// independent of sourceLabels.
Gateways []string `json:"gateways,omitempty"`
}
type HTTPRouteDestination struct {
// REQUIRED. Destination uniquely identifies the instances of a service
// to which the request/connection should be forwarded to.
Destination Destination `json:"destination"`
// REQUIRED. The proportion of traffic to be forwarded to the service
// version. (0-100). Sum of weights across destinations SHOULD BE == 100.
// If there is only destination in a rule, the weight value is assumed to
// be 100.
Weight int `json:"weight"`
// Header manipulation rules
Headers *Headers `json:"headers,omitempty"`
}
// Destination indicates the network addressable service to which the
// request/connection will be sent after processing a routing rule. The
// destination.name should unambiguously refer to a service in the service
// registry. It can be a short name or a fully qualified domain name from
// the service registry, a resolvable DNS name, an IP address or a service
// name from the service registry and a subset name. The order of inference
// is as follows:
//
// 1. Service registry lookup. The entire name is looked up in the service
// registry. If the lookup succeeds, the search terminates. The requests
// will be routed to any instance of the service in the mesh. When the
// service name consists of a single word, the FQDN will be constructed in
// a platform specific manner. For example, in Kubernetes, the namespace
// associated with the routing rule will be used to identify the service as
// <servicename>.<rulenamespace>. However, if the service name contains
// multiple words separated by a dot (e.g., reviews.prod), the name in its
// entirety would be looked up in the service registry.
//
// 2. Runtime DNS lookup by the proxy. If step 1 fails, and the name is not
// an IP address, it will be considered as a DNS name that is not in the
// service registry (e.g., wikipedia.org). The sidecar/gateway will resolve
// the DNS and load balance requests appropriately. See Envoy's strict_dns
// for details.
//
// The following example routes all traffic by default to pods of the
// reviews service with label "version: v1" (i.e., subset v1), and some
// to subset v2, in a kubernetes environment.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: VirtualService
// metadata:
// name: reviews-route
// spec:
// hosts:
// - reviews # namespace is same as the client/caller's namespace
// http:
// - match:
// - uri:
// prefix: "/wpcatalog"
// - uri:
// prefix: "/consumercatalog"
// rewrite:
// uri: "/newcatalog"
// route:
// - destination:
// host: reviews
// subset: v2
// - route:
// - destination:
// host: reviews
// subset: v1
//
// And the associated DestinationRule
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: reviews-destination
// spec:
// host: reviews
// subsets:
// - name: v1
// labels:
// version: v1
// - name: v2
// labels:
// version: v2
//
// The following VirtualService sets a timeout of 5s for all calls to
// productpage.prod service. Notice that there are no subsets defined in
// this rule. Istio will fetch all instances of productpage.prod service
// from the service registry and populate the sidecar's load balancing
// pool.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: VirtualService
// metadata:
// name: my-productpage-rule
// spec:
// hosts:
// - productpage.prod # in kubernetes, this applies only to prod namespace
// http:
// - timeout: 5s
// route:
// - destination:
// host: productpage.prod
//
// The following sets a timeout of 5s for all calls to the external
// service wikipedia.org, as there is no internal service of that name.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: VirtualService
// metadata:
// name: my-wiki-rule
// spec:
// hosts:
// - wikipedia.org
// http:
// - timeout: 5s
// route:
// - destination:
// host: wikipedia.org
//
type Destination struct {
// REQUIRED. The name of a service from the service registry. Service
// names are looked up from the platform's service registry (e.g.,
// Kubernetes services, Consul services, etc.) and from the hosts
// declared by [ServiceEntry](#ServiceEntry). Traffic forwarded to
// destinations that are not found in either of the two, will be dropped.
//
// *Note for Kubernetes users*: When short names are used (e.g. "reviews"
// instead of "reviews.default.svc.cluster.local"), Istio will interpret
// the short name based on the namespace of the rule, not the service. A
// rule in the "default" namespace containing a host "reviews will be
// interpreted as "reviews.default.svc.cluster.local", irrespective of
// the actual namespace associated with the reviews service. _To avoid
// potential misconfigurations, it is recommended to always use fully
// qualified domain names over short names._
Host string `json:"host"`
// The name of a subset within the service. Applicable only to services
// within the mesh. The subset must be defined in a corresponding
// DestinationRule.
Subset string `json:"subset,omitempty"`
// Specifies the port on the host that is being addressed. If a service
// exposes only a single port it is not required to explicitly select the
// port.
Port PortSelector `json:"port,omitempty"`
}
// PortSelector specifies the number of a port to be used for
// matching or selection for final routing.
type PortSelector struct {
// Choose one of the fields below.
// Valid port number
Number uint32 `json:"number,omitempty"`
// Valid port name
Name string `json:"name,omitempty"`
}
// Describes match conditions and actions for routing TCP traffic. The
// following routing rule forwards traffic arriving at port 27017 for
// mongo.prod.svc.cluster.local from 172.17.16.* subnet to another Mongo
// server on port 5555.
//
// ```yaml
// apiVersion: networking.istio.io/v1alpha3
// kind: VirtualService
// metadata:
// name: bookinfo-Mongo
// spec:
// hosts:
// - mongo.prod.svc.cluster.local
// tcp:
// - match:
// - port: 27017
// sourceSubnet: "172.17.16.0/24"
// route:
// - destination:
// host: mongo.backup.svc.cluster.local
// port:
// number: 5555
// ```
type TCPRoute struct {
// Match conditions to be satisfied for the rule to be
// activated. All conditions inside a single match block have AND
// semantics, while the list of match blocks have OR semantics. The rule
// is matched if any one of the match blocks succeed.
Match []L4MatchAttributes `json:"match"`
// The destinations to which the connection should be forwarded to. Weights
// must add to 100%.
Route []HTTPRouteDestination `json:"route"`
}
// Describes match conditions and actions for routing unterminated TLS
// traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS
// traffic arriving at port 443 of gateway called mygateway to internal
// services in the mesh based on the SNI value.
//
// ```yaml
// kind: VirtualService
// metadata:
// name: bookinfo-sni
// spec:
// hosts:
// - '*.bookinfo.com'
// gateways:
// - mygateway
// tls:
// - match:
// - port: 443
// sniHosts:
// - login.bookinfo.com
// route:
// - destination:
// host: login.prod.svc.cluster.local
// - match:
// - port: 443
// sniHosts:
// - reviews.bookinfo.com
// route:
// - destination:
// host: reviews.prod.svc.cluster.local
// ```
type TLSRoute struct {
// REQUIRED. Match conditions to be satisfied for the rule to be
// activated. All conditions inside a single match block have AND
// semantics, while the list of match blocks have OR semantics. The rule
// is matched if any one of the match blocks succeed.
Match []TLSMatchAttributes `json:"match"`
// The destination to which the connection should be forwarded to.
Route []HTTPRouteDestination `json:"route"`
}
// L4 connection match attributes. Note that L4 connection matching support
// is incomplete.
type L4MatchAttributes struct {
// IPv4 or IPv6 ip address of destination with optional subnet. E.g.,
// a.b.c.d/xx form or just a.b.c.d.
DestinationSubnets []string `json:"destinationSubnets,omitempty"`
// Specifies the port on the host that is being addressed. Many services
// only expose a single port or label ports with the protocols they support,
// in these cases it is not required to explicitly select the port.
Port int `json:"port,omitempty"`
// One or more labels that constrain the applicability of a rule to
// workloads with the given labels. If the VirtualService has a list of
// gateways specified at the top, it should include the reserved gateway
// `mesh` in order for this field to be applicable.
SourceLabels map[string]string `json:"sourceLabels,omitempty"`
// Names of gateways where the rule should be applied to. Gateway names
// at the top of the VirtualService (if any) are overridden. The gateway match is
// independent of sourceLabels.
Gateways []string `json:"gateways,omitempty"`
}
// TLS connection match attributes.
type TLSMatchAttributes struct {
// REQUIRED. SNI (server name indicator) to match on. Wildcard prefixes
// can be used in the SNI value, e.g., *.com will match foo.example.com
// as well as example.com. An SNI value must be a subset (i.e., fall
// within the domain) of the corresponding virtual service's hosts
SniHosts []string `json:"sniHosts"`
// IPv4 or IPv6 ip addresses of destination with optional subnet. E.g.,
// a.b.c.d/xx form or just a.b.c.d.
DestinationSubnets []string `json:"destinationSubnets,omitempty"`
// Specifies the port on the host that is being addressed. Many services
// only expose a single port or label ports with the protocols they support,
// in these cases it is not required to explicitly select the port.
Port int `json:"port,omitempty"`
// One or more labels that constrain the applicability of a rule to
// workloads with the given labels. If the VirtualService has a list of
// gateways specified at the top, it should include the reserved gateway
// `mesh` in order for this field to be applicable.
SourceLabels map[string]string `json:"sourceLabels,omitempty"`
// Names of gateways where the rule should be applied to. Gateway names
// at the top of the VirtualService (if any) are overridden. The gateway match is
// independent of sourceLabels.
Gateways []string `json:"gateways,omitempty"`
}
// HTTPRedirect can be used to send a 302 redirect response to the caller,
// where the Authority/Host and the URI in the response can be swapped with
// the specified values. For example, the following rule redirects
// requests for /v1/getProductRatings API on the ratings service to
// /v1/bookRatings provided by the bookratings service.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: VirtualService
// metadata:
// name: ratings-route
// spec:
// hosts:
// - ratings
// http:
// - match:
// - uri:
// exact: /v1/getProductRatings
// redirect:
// uri: /v1/bookRatings
// authority: bookratings.default.svc.cluster.local
// ...
//
type HTTPRedirect struct {
// On a redirect, overwrite the Path portion of the URL with this
// value. Note that the entire path will be replaced, irrespective of the
// request URI being matched as an exact path or prefix.
URI string `json:"uri,omitempty"`
// On a redirect, overwrite the Authority/Host portion of the URL with
// this value.
Authority string `json:"authority,omitempty"`
}
// HTTPRewrite can be used to rewrite specific parts of a HTTP request
// before forwarding the request to the destination. Rewrite primitive can
// be used only with the HTTPRouteDestinations. The following example
// demonstrates how to rewrite the URL prefix for api call (/ratings) to
// ratings service before making the actual API call.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: VirtualService
// metadata:
// name: ratings-route
// spec:
// hosts:
// - ratings
// http:
// - match:
// - uri:
// prefix: /ratings
// rewrite:
// uri: /v1/bookRatings
// route:
// - destination:
// host: ratings
// subset: v1
//
type HTTPRewrite struct {
// rewrite the path (or the prefix) portion of the URI with this
// value. If the original URI was matched based on prefix, the value
// provided in this field will replace the corresponding matched prefix.
URI string `json:"uri,omitempty"`
// rewrite the Authority/Host header with this value.
Authority string `json:"authority,omitempty"`
}
// Describes the retry policy to use when a HTTP request fails. For
// example, the following rule sets the maximum number of retries to 3 when
// calling ratings:v1 service, with a 2s timeout per retry attempt.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: VirtualService
// metadata:
// name: ratings-route
// spec:
// hosts:
// - ratings
// http:
// - route:
// - destination:
// host: ratings
// subset: v1
// retries:
// attempts: 3
// perTryTimeout: 2s
//
type HTTPRetry struct {
// REQUIRED. Number of retries for a given request. The interval
// between retries will be determined automatically (25ms+). Actual
// number of retries attempted depends on the httpReqTimeout.
Attempts int `json:"attempts"`
// Timeout per retry attempt for a given request. format: 1h/1m/1s/1ms. MUST BE >=1ms.
PerTryTimeout string `json:"perTryTimeout"`
}
// Describes the Cross-Origin Resource Sharing (CORS) policy, for a given
// service. Refer to
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
// for further details about cross origin resource sharing. For example,
// the following rule restricts cross origin requests to those originating
// from example.com domain using HTTP POST/GET, and sets the
// Access-Control-Allow-Credentials header to false. In addition, it only
// exposes X-Foo-bar header and sets an expiry period of 1 day.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: VirtualService
// metadata:
// name: ratings-route
// spec:
// hosts:
// - ratings
// http:
// - route:
// - destination:
// host: ratings
// subset: v1
// corsPolicy:
// allowOrigin:
// - example.com
// allowMethods:
// - POST
// - GET
// allowCredentials: false
// allowHeaders:
// - X-Foo-Bar
// maxAge: "1d"
//
type CorsPolicy struct {
// The list of origins that are allowed to perform CORS requests. The
// content will be serialized into the Access-Control-Allow-Origin
// header. Wildcard * will allow all origins.
AllowOrigin []string `json:"allowOrigin,omitempty"`
// List of HTTP methods allowed to access the resource. The content will
// be serialized into the Access-Control-Allow-Methods header.
AllowMethods []string `json:"allowMethods,omitempty"`
// List of HTTP headers that can be used when requesting the
// resource. Serialized to Access-Control-Allow-Methods header.
AllowHeaders []string `json:"allowHeaders,omitempty"`
// A white list of HTTP headers that the browsers are allowed to
// access. Serialized into Access-Control-Expose-Headers header.
ExposeHeaders []string `json:"exposeHeaders,omitempty"`
// Specifies how long the results of a preflight request can be
// cached. Translates to the Access-Control-Max-Age header.
MaxAge string `json:"maxAge,omitempty"`
// Indicates whether the caller is allowed to send the actual request
// (not the preflight) using credentials. Translates to
// Access-Control-Allow-Credentials header.
AllowCredentials bool `json:"allowCredentials,omitempty"`
}
// HTTPFaultInjection can be used to specify one or more faults to inject
// while forwarding http requests to the destination specified in a route.
// Fault specification is part of a VirtualService rule. Faults include
// aborting the Http request from downstream service, and/or delaying
// proxying of requests. A fault rule MUST HAVE delay or abort or both.
//
// *Note:* Delay and abort faults are independent of one another, even if
// both are specified simultaneously.
type HTTPFaultInjection struct {
// Delay requests before forwarding, emulating various failures such as
// network issues, overloaded upstream service, etc.
Delay *InjectDelay `json:"delay,omitempty"`
// Abort Http request attempts and return error codes back to downstream
// service, giving the impression that the upstream service is faulty.
Abort *InjectAbort `json:"abort,omitempty"`
}
// Delay specification is used to inject latency into the request
// forwarding path. The following example will introduce a 5 second delay
// in 10% of the requests to the "v1" version of the "reviews"
// service from all pods with label env: prod
//
// apiVersion: networking.istio.io/v1alpha3
// kind: VirtualService
// metadata:
// name: reviews-route
// spec:
// hosts:
// - reviews
// http:
// - match:
// - sourceLabels:
// env: prod
// route:
// - destination:
// host: reviews
// subset: v1
// fault:
// delay:
// percent: 10
// fixedDelay: 5s
//
// The _fixedDelay_ field is used to indicate the amount of delay in
// seconds. An optional _percent_ field, a value between 0 and 100, can
// be used to only delay a certain percentage of requests. If left
// unspecified, all request will be delayed.
type InjectDelay struct {
// Percentage of requests on which the delay will be injected (0-100).
Percent int `json:"percent,omitempty"`
// REQUIRED. Add a fixed delay before forwarding the request. Format:
// 1h/1m/1s/1ms. MUST be >=1ms.
FixedDelay string `json:"fixedDelay"`
// (-- Add a delay (based on an exponential function) before forwarding
// the request. mean delay needed to derive the exponential delay
// values --)
ExponentialDelay string `json:"exponentialDelay,omitempty"`
}
// Abort specification is used to prematurely abort a request with a
// pre-specified error code. The following example will return an HTTP
// 400 error code for 10% of the requests to the "ratings" service "v1".
//
// apiVersion: networking.istio.io/v1alpha3
// kind: VirtualService
// metadata:
// name: ratings-route
// spec:
// hosts:
// - ratings
// http:
// - route:
// - destination:
// host: ratings
// subset: v1
// fault:
// abort:
// percent: 10
// httpStatus: 400
//
// The _httpStatus_ field is used to indicate the HTTP status code to
// return to the caller. The optional _percent_ field, a value between 0
// and 100, is used to only abort a certain percentage of requests. If
// not specified, all requests are aborted.
type InjectAbort struct {
// Percentage of requests to be aborted with the error code provided (0-100).
Percent int `json:"percent,omitempty"`
// REQUIRED. HTTP status code to use to abort the Http request.
HTTPStatus int `json:"httpStatus"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// VirtualServiceList is a list of VirtualService resources
type VirtualServiceList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []VirtualService `json:"items"`
}

1287
vendor/github.com/knative/pkg/apis/istio/v1alpha3/zz_generated.deepcopy.go generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

75
vendor/github.com/knative/pkg/code-of-conduct.md generated vendored Normal file
View File

@ -0,0 +1,75 @@
# Contributor Covenant Code of Conduct
## Our Pledge
In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, gender identity and expression, level of
experience, education, socio-economic status, nationality, personal appearance,
race, religion, or sexual identity and orientation.
## Our Standards
Examples of behavior that contributes to creating a positive environment
include:
- Using welcoming and inclusive language
- Being respectful of differing viewpoints and experiences
- Gracefully accepting constructive criticism
- Focusing on what is best for the community
- Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
- The use of sexualized language or imagery and unwelcome sexual attention or
advances
- Trolling, insulting/derogatory comments, and personal or political attacks
- Public or private harassment
- Publishing others' private information, such as a physical or electronic
address, without explicit permission
- Other conduct which could reasonably be considered inappropriate in a
professional setting
## Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct, or to ban temporarily or permanently any
contributor for other behaviors that they deem inappropriate, threatening,
offensive, or harmful.
## Scope
This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an appointed
representative at an online or offline event. Representation of a project may be
further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at
knative-code-of-conduct@googlegroups.com. All complaints will be reviewed and
investigated and will result in a response that is deemed necessary and
appropriate to the circumstances. The project team is obligated to maintain
confidentiality with regard to the reporter of an incident. Further details of
specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 1.4, available at
https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
[homepage]: https://www.contributor-covenant.org