1 // Copyright 2020 Datawire. All rights reserved 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 /////////////////////////////////////////////////////////////////////////// 16 // Important: Run "make generate-fast" to regenerate code after modifying 17 // this file. 18 /////////////////////////////////////////////////////////////////////////// 19 20 package v3alpha1 21 22 import ( 23 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 24 ) 25 26 // TODO(lukeshu): In v3alpha2, get rid of unnecessary nesting and move `ModuleSpec.config.*` to 27 // `ModuleSpec.*`. 28 type ModuleSpec struct { 29 AmbassadorID AmbassadorID `json:"ambassador_id,omitempty"` 30 31 // TODO(lukeshu): In v3alpha2, change the default from `diagnostics.enabled=true` to 32 // `diagnostics.enabled=false`. This needs conversion support in apiext. See the related 33 // comment in irambassador.py. 34 // 35 // TODO(lukeshu): Structurally type ModuleSpec.Config. 36 // 37 // +kubebuilder:validation:Required 38 Config UntypedDict `json:"config,omitempty"` 39 } 40 41 // A Module defines system-wide configuration. The type of module is 42 // controlled by the .metadata.name; valid names are "ambassador" or 43 // "tls". 44 // 45 // https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module 46 // https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated 47 // 48 // +kubebuilder:object:root=true 49 type Module struct { 50 metav1.TypeMeta `json:""` 51 metav1.ObjectMeta `json:"metadata,omitempty"` 52 53 Spec ModuleSpec `json:"spec,omitempty"` 54 } 55 56 // ModuleList contains a list of Modules. 57 // 58 // +kubebuilder:object:root=true 59 type ModuleList struct { 60 metav1.TypeMeta `json:""` 61 metav1.ListMeta `json:"metadata,omitempty"` 62 Items []Module `json:"items"` 63 } 64 65 type Features struct { 66 // The diagnostic service (at /ambassador/v0/diag/) defaults on, but 67 // you can disable the api route. It will remain accessible on 68 // diag_port. 69 Diagnostics bool `json:"diagnostics,omitempty"` 70 71 // Should we automatically add Linkerd `l5d-dst-override` headers? 72 LinkerdHeaders bool `json:"linkerd_headers,omitempty"` 73 74 // Should we enable the gRPC-http11 bridge? 75 GrpcHttp11Bridge bool `json:"grpc_http11_bridge,omitempty"` 76 77 // Should we enable the grpc-Web protocol? 78 GrpcWeb bool `json:"grpc_web,omitempty"` 79 80 // Should we enable http/1.0 protocol? 81 Http10 bool `json:"http10,omitempty"` 82 83 // Should we do IPv4 DNS lookups when contacting services? Defaults to true, 84 // but can be overridden in a [`Mapping`](/reference/mappings). 85 Ipv4Dns bool `json:"ipv4_dns,omitempty"` 86 87 // Should we do IPv6 DNS lookups when contacting services? Defaults to false, 88 // but can be overridden in a [`Mapping`](/reference/mappings). 89 Ipv6Dns bool `json:"ipv6_dns,omitempty"` 90 91 // liveness_probe defaults on, but you can disable the api route. 92 // It will remain accessible on diag_port. 93 LivenessProbe bool `json:"liveness_probe,omitempty"` 94 95 // readiness_probe defaults on, but you can disable the api route. 96 // It will remain accessible on diag_port. 97 ReadinessProbe bool `json:"readiness_probe,omitempty"` 98 99 // xff_num_trusted_hops controls the how Envoy sets the trusted 100 // client IP address of a request. If you have a proxy in front 101 // of Ambassador, Envoy will set the trusted client IP to the 102 // address of that proxy. To preserve the orginal client IP address, 103 // setting x_num_trusted_hops: 1 will tell Envoy to use the client IP 104 // address in X-Forwarded-For. Please see the envoy documentation for 105 // more information: https://www.envoyproxy.io/docs/envoy/latest/configuration/http_conn_man/headers#x-forwarded-for 106 XffNumTrustedHops int `json:"xff_num_trusted_hops,omitempty"` 107 108 // proxy_proto controls whether Envoy will honor the PROXY 109 // protocol on incoming requests. 110 ProxyProto bool `json:"proxy_proto,omitempty"` 111 112 // remote_address controls whether Envoy will trust the remote 113 // address of incoming connections or rely exclusively on the 114 // X-Forwarded_For header. 115 RemoteAddress bool `json:"remote_address,omitempty"` 116 117 // Ambassador lets through only the HTTP requests with 118 // `X-FORWARDED-PROTO: https` header set, and redirects all the other 119 // requests to HTTPS if this field is set to true. Note that `use_remote_address` 120 // must be set to false for this feature to work as expected. 121 XForwardedProtoRedirect bool `json:"x_forwarded_proto_redirect,omitempty"` 122 } 123 124 // AmbassadorConfigSpec defines the desired state of AmbassadorConfig 125 type AmbassadorConfigSpec struct { 126 // Common to all Ambassador objects (and optional). 127 AmbassadorID AmbassadorID `json:"ambassador_id,omitempty"` 128 129 // admin_port is the port where Ambassador's Envoy will listen for 130 // low-level admin requests. You should almost never need to change 131 // this. 132 AdminPort int `json:"admin_port,omitempty"` 133 134 // diag_port is the port where Ambassador will listen for requests 135 // to the diagnostic service. 136 DiagPort int `json:"diag_port,omitempty"` 137 138 // By default Envoy sets server_name response header to 'envoy' 139 // Override it with this variable 140 ServerName string `json:"server_name,omitempty"` 141 142 // If present, service_port will be the port Ambassador listens 143 // on for microservice access. If not present, Ambassador will 144 // use 8443 if TLS is configured, 8080 otherwise. 145 ServicePort int `json:"service_port,omitempty"` 146 147 Features *Features `json:"features,omitempty"` 148 149 // run a custom lua script on every request. see below for more details. 150 LuaScripts string `json:"lua_scripts,omitempty"` 151 152 // +kubebuilder:validation:Enum={"text", "json"} 153 EnvoyLogType string `json:"envoy_log_type,omitempty"` 154 155 // envoy_log_path defines the path of log envoy will use. By default this is standard output 156 EnvoyLogPath string `json:"envoy_log_path,omitempty"` 157 158 LoadBalancer *LoadBalancer `json:"load_balancer,omitempty"` 159 160 CircuitBreakers *CircuitBreaker `json:"circuit_breakers,omitempty"` 161 162 // List of HTTP error response overrides. 163 // +kubebuilder:validation:MinItems=1 164 ErrorResponseOverrides []ErrorResponseOverride `json:"error_response_overrides,omitempty"` 165 166 // List of headers whose names should be rewritten to the case-sensitive value 167 // present in the list. Applies to both upstream and downstream headers. 168 // +kubebuilder:validation:MinItems=1 169 HeaderCaseOverrides []string `json:"header_case_overrides,omitempty"` 170 171 RetryPolicy *RetryPolicy `json:"retry_policy,omitempty"` 172 173 Cors *CORS `json:"cors,omitempty"` 174 175 // Set the default upstream-connection request timeout. If not set (the default), upstream 176 // requests will be subject to a 3000 millisecond timeout. 177 ClusterRequestTimeout *MillisecondDuration `json:"cluster_request_timeout_ms,omitempty"` 178 179 // Set the default upstream-connection idle timeout. If not set (the default), upstream 180 // connections will never be closed due to idling. 181 ClusterIdleTimeout *MillisecondDuration `json:"cluster_idle_timeout_ms,omitempty"` 182 183 // Set the default upstream-connection max connection lifetime. If not set (the default), upstream 184 // connections may never close. 185 ClusterMaxConnectionLifetime *MillisecondDuration `json:"cluster_max_connection_lifetime_ms,omitempty"` 186 187 // RegexType did something in Emissary 1.x and 2.x, but does nothing in 3.x. 188 // 189 // +kubebuilder:validation:Enum={"safe", "unsafe"} 190 RegexType string `json:"regex_type,omitempty"` 191 192 // This field controls the RE2 “program size” which is a rough estimate of how complex a compiled regex is to 193 // evaluate. A regex that has a program size greater than the configured value will fail to compile. 194 RegexMaxSize int `json:"regex_max_size,omitempty"` 195 } 196 197 // AmbassadorConfigStatus defines the observed state of AmbassadorConfig 198 type AmbassadorConfigStatus struct { 199 } 200 201 /* 202 // AmbassadorConfig is the Schema for the ambassadorconfigs API 203 // 204 // + kubebuilder:object:root=true 205 type AmbassadorConfig struct { 206 metav1.TypeMeta `json:""` 207 metav1.ObjectMeta `json:"metadata,omitempty"` 208 209 Spec AmbassadorConfigSpec `json:"spec,omitempty"` 210 Status AmbassadorConfigStatus `json:"status,omitempty"` 211 } 212 213 // AmbassadorConfigList contains a list of AmbassadorConfigs. 214 // 215 // + kubebuilder:object:root=true 216 type AmbassadorConfigList struct { 217 metav1.TypeMeta `json:""` 218 metav1.ListMeta `json:"metadata,omitempty"` 219 Items []AmbassadorConfig `json:"items"` 220 } 221 */ 222 223 func init() { 224 SchemeBuilder.Register(&Module{}, &ModuleList{}) 225 //SchemeBuilder.Register(&AmbassadorConfig{}, &AmbassadorConfigList{}) 226 } 227