-
Notifications
You must be signed in to change notification settings - Fork 305
/
Copy pathingress.go
208 lines (177 loc) · 6.93 KB
/
ingress.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package annotations
import (
"errors"
"strconv"
v1 "k8s.io/api/networking/v1"
)
const (
// StatusPrefix is the prefix used in annotations used to record
// debug information in the Ingress annotations.
StatusPrefix = "ingress.kubernetes.io"
// AllowHTTPKey tells the Ingress controller to allow/block HTTP access.
// If either unset or set to true, the controller will create a
// forwarding-rule for port 80, and any additional rules based on the TLS
// section of the Ingress. If set to false, the controller will only create
// rules for port 443 based on the TLS section.
AllowHTTPKey = "kubernetes.io/ingress.allow-http"
// GlobalStaticIPNameKey tells the Ingress controller to use a specific GCE
// static ip for its forwarding rules. If specified, the Ingress controller
// assigns the static ip by this name to the forwarding rules of the given
// Ingress. The controller *does not* manage this ip, it is the users
// responsibility to create/delete it.
GlobalStaticIPNameKey = "kubernetes.io/ingress.global-static-ip-name"
// RegionalStaticIPNameKey tells the Ingress controller to use a specific GCE
// internal static ip for its forwarding rules. If specified, the Ingress controller
// assigns the static ip by this name to the forwarding rules of the given
// Ingress. The controller *does not* manage this ip, it is the users
// responsibility to create/delete it.
RegionalStaticIPNameKey = "kubernetes.io/ingress.regional-static-ip-name"
// PreSharedCertKey represents the specific pre-shared SSL
// certificate for the Ingress controller to use. The controller *does not*
// manage this certificate, it is the users responsibility to create/delete it.
// In GCP, the Ingress controller assigns the SSL certificate with this name
// to the target proxies of the Ingress.
PreSharedCertKey = "ingress.gcp.kubernetes.io/pre-shared-cert"
// IngressClassKey picks a specific "class" for the Ingress. The controller
// only processes Ingresses with this annotation either unset, or set
// to either gceIngressClass or the empty string.
IngressClassKey = "kubernetes.io/ingress.class"
GceIngressClass = "gce"
GceMultiIngressClass = "gce-multi-cluster"
GceL7ILBIngressClass = "gce-internal"
GceL7XLBRegionalIngressClass = "gce-regional-external"
// Label key to denote which GCE zone a Kubernetes node is in.
ZoneKey = "topology.kubernetes.io/zone"
DefaultZone = ""
// InstanceGroupsAnnotationKey is the annotation key used by controller to
// specify the name and zone of instance groups created for the ingress.
// This is read only for users. Controller will overwrite any user updates.
// This is only set for ingresses with ingressClass = "gce-multi-cluster"
InstanceGroupsAnnotationKey = "ingress.gcp.kubernetes.io/instance-groups"
// SuppressFirewallXPNErrorKey is the annotation key used by firewall
// controller whether to suppress firewallXPNError.
SuppressFirewallXPNErrorKey = "networking.gke.io/suppress-firewall-xpn-error"
// FrontendConfigKey is the annotation key used by controller to specify
// the FrontendConfig resource which should be associated with the Ingress.
// The value of the annotation is the name of the FrontendConfig resource.
// Examples:
// - annotations:
// networking.gke.io/v1beta1.FrontendConfig: 'my-frontendconfig'
FrontendConfigKey = "networking.gke.io/v1beta1.FrontendConfig"
// UrlMapKey is the annotation key used by controller to record GCP URL map.
UrlMapKey = StatusPrefix + "/url-map"
// UrlMapKey is the annotation key used by controller to record GCP URL map used for Https Redirects only.
RedirectUrlMapKey = StatusPrefix + "/redirect-url-map"
// HttpForwardingRuleKey is the annotation key used by controller to record
// GCP http forwarding rule.
HttpForwardingRuleKey = StatusPrefix + "/forwarding-rule"
// HttpsForwardingRuleKey is the annotation key used by controller to record
// GCP https forwarding rule.
HttpsForwardingRuleKey = StatusPrefix + "/https-forwarding-rule"
// TargetHttpProxyKey is the annotation key used by controller to record
// GCP target http proxy.
TargetHttpProxyKey = StatusPrefix + "/target-proxy"
// TargetHttpsProxyKey is the annotation key used by controller to record
// GCP target https proxy.
TargetHttpsProxyKey = StatusPrefix + "/https-target-proxy"
// SSLCertKey is the annotation key used by controller to record GCP ssl cert.
SSLCertKey = StatusPrefix + "/ssl-cert"
// StaticIPKey is the annotation key used by controller to record GCP static ip.
StaticIPKey = StatusPrefix + "/static-ip"
)
// Ingress represents ingress annotations.
type Ingress struct {
v map[string]string
}
// FromIngress extracts the annotations from an Ingress definition.
func FromIngress(ing *v1.Ingress) *Ingress {
result := &Ingress{}
if ing != nil {
result.v = ing.Annotations
}
return result
}
// AllowHTTP returns the allowHTTP flag. True by default.
func (ing *Ingress) AllowHTTP() bool {
val, ok := ing.v[AllowHTTPKey]
if !ok {
return true
}
v, err := strconv.ParseBool(val)
if err != nil {
return true
}
return v
}
// UseNamedTLS returns the name of the GCE SSL certificate. Empty by default.
func (ing *Ingress) UseNamedTLS() string {
val, ok := ing.v[PreSharedCertKey]
if !ok {
return ""
}
return val
}
func (ing *Ingress) StaticIPName() (string, error) {
globalIp := ing.GlobalStaticIPName()
regionalIp := ing.RegionalStaticIPName()
if globalIp != "" && regionalIp != "" {
return "", errors.New("Error: both global-static-ip and regional-static-ip cannot be specified")
}
if regionalIp != "" {
return regionalIp, nil
}
return globalIp, nil
}
func (ing *Ingress) GlobalStaticIPName() string {
val, ok := ing.v[GlobalStaticIPNameKey]
if !ok {
return ""
}
return val
}
func (ing *Ingress) RegionalStaticIPName() string {
val, ok := ing.v[RegionalStaticIPNameKey]
if !ok {
return ""
}
return val
}
func (ing *Ingress) IngressClass() string {
val, ok := ing.v[IngressClassKey]
if !ok {
return ""
}
return val
}
// SuppressFirewallXPNError returns the SuppressFirewallXPNErrorKey flag.
// False by default.
func (ing *Ingress) SuppressFirewallXPNError() bool {
val, ok := ing.v[SuppressFirewallXPNErrorKey]
if !ok {
return false
}
v, err := strconv.ParseBool(val)
if err != nil {
return false
}
return v
}
func (ing *Ingress) FrontendConfig() string {
val, ok := ing.v[FrontendConfigKey]
if !ok {
return ""
}
return val
}