-
Notifications
You must be signed in to change notification settings - Fork 373
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Guy Daich <guy.daich@sap.com>
- Loading branch information
Showing
9 changed files
with
1,386 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
// Copyright Envoy Gateway Authors | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// The full text of the Apache license is available in the LICENSE file at | ||
// the root of the repo. | ||
|
||
package v1alpha1 | ||
|
||
import ( | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" | ||
) | ||
|
||
const ( | ||
// KindEnvoyExtensionPolicy is the name of the EnvoyExtensionPolicy kind. | ||
KindEnvoyExtensionPolicy = "EnvoyExtensionPolicy" | ||
) | ||
|
||
// +kubebuilder:object:root=true | ||
// +kubebuilder:resource:shortName=eep | ||
// +kubebuilder:subresource:status | ||
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Accepted")].reason` | ||
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` | ||
|
||
// EnvoyExtensionPolicy allows the user to configure various envoy extensibility options for the Gateway. | ||
type EnvoyExtensionPolicy struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ObjectMeta `json:"metadata,omitempty"` | ||
|
||
// Spec defines the desired state of EnvoyExtensionPolicy. | ||
Spec EnvoyExtensionPolicySpec `json:"spec"` | ||
|
||
// Status defines the current status of EnvoyExtensionPolicy. | ||
Status EnvoyExtensionPolicyStatus `json:"status,omitempty"` | ||
} | ||
|
||
// EnvoyExtensionPolicySpec defines the desired state of EnvoyExtensionPolicy. | ||
type EnvoyExtensionPolicySpec struct { | ||
// +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'", message="this policy can only have a targetRef.group of gateway.networking.k8s.io" | ||
// +kubebuilder:validation:XValidation:rule="self.kind in ['Gateway']", message="this policy can only have a targetRef.kind of Gateway" | ||
// +kubebuilder:validation:XValidation:rule="!has(self.sectionName)",message="this policy does not yet support the sectionName field" | ||
// | ||
// TargetRef is the name of the Gateway resource this policy | ||
// is being attached to. | ||
// This Policy and the TargetRef MUST be in the same namespace | ||
// for this Policy to have effect and be applied to the Gateway. | ||
// TargetRef | ||
TargetRef gwapiv1a2.PolicyTargetReferenceWithSectionName `json:"targetRef"` | ||
|
||
// Priority of the EnvoyExtensionPolicy. | ||
// If multiple EnvoyExtensionPolices are applied to the same | ||
// TargetRef, extensions will execute in the ascending order of | ||
// the priority i.e. int32.min has the highest priority and | ||
// int32.max has the lowest priority. | ||
// Defaults to 0. | ||
// | ||
// +optional | ||
Priority int32 `json:"priority,omitempty"` | ||
|
||
// ExtProc defines the configuration for the external processor extension. | ||
// | ||
// +optional | ||
ExtProc *ExtProc `json:"extProc,omitempty"` | ||
} | ||
|
||
// EnvoyExtensionPolicyStatus defines the state of EnvoyExtensionPolicy | ||
type EnvoyExtensionPolicyStatus struct { | ||
// Conditions describe the current conditions of the EnvoyExtensionPolicy. | ||
// | ||
// +optional | ||
// +listType=map | ||
// +listMapKey=type | ||
// +kubebuilder:validation:MaxItems=8 | ||
Conditions []metav1.Condition `json:"conditions,omitempty"` | ||
} | ||
|
||
//+kubebuilder:object:root=true | ||
|
||
// EnvoyExtensionPolicyList contains a list of EnvoyExtensionPolicy resources. | ||
type EnvoyExtensionPolicyList struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ListMeta `json:"metadata,omitempty"` | ||
Items []EnvoyExtensionPolicy `json:"items"` | ||
} | ||
|
||
func init() { | ||
SchemeBuilder.Register(&EnvoyExtensionPolicy{}, &EnvoyExtensionPolicyList{}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,136 @@ | ||
// Copyright Envoy Gateway Authors | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// The full text of the Apache license is available in the LICENSE file at | ||
// the root of the repo. | ||
|
||
package v1alpha1 | ||
|
||
import ( | ||
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" | ||
) | ||
|
||
// +kubebuilder:validation:Enum=Default;Send;Skip | ||
type ExtProcHeaderProcessingMode string | ||
|
||
const ( | ||
DefaultExtProcHeaderProcessingMode ExtProcHeaderProcessingMode = "Default" | ||
SendExtProcHeaderProcessingMode ExtProcHeaderProcessingMode = "Send" | ||
SkipExtProcHeaderProcessingMode ExtProcHeaderProcessingMode = "Skip" | ||
) | ||
|
||
// +kubebuilder:validation:Enum=None;Streamed;Buffered;BufferedPartial | ||
type ExtProcBodyProcessingMode string | ||
|
||
const ( | ||
NoneExtProcHeaderProcessingMode ExtProcBodyProcessingMode = "None" | ||
StreamedExtProcHeaderProcessingMode ExtProcBodyProcessingMode = "Streamed" | ||
BufferedExtProcHeaderProcessingMode ExtProcBodyProcessingMode = "Buffered" | ||
BufferedPartialExtProcHeaderProcessingMode ExtProcBodyProcessingMode = "BufferedPartial" | ||
) | ||
|
||
type ProcessingModeOptions struct { | ||
// Defines header processing mode | ||
// | ||
// +optional | ||
Headers *ExtProcHeaderProcessingMode `json:"request,omitempty"` | ||
// Defines body processing mode | ||
// | ||
// +optional | ||
Body *ExtProcBodyProcessingMode `json:"response,omitempty"` | ||
} | ||
|
||
// ExtProcProcessingMode defines if and how headers and bodies are sent to the service. | ||
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/ext_proc/v3/processing_mode.proto#envoy-v3-api-msg-extensions-filters-http-ext-proc-v3-processingmode | ||
type ExtProcProcessingMode struct { | ||
// Defines header and body treatment for requests | ||
// | ||
// +kubebuilder:default:=Send | ||
// +optional | ||
Request *ProcessingModeOptions `json:"request,omitempty"` | ||
// Defines header and body treatment for responses | ||
// | ||
// +kubebuilder:default:=None | ||
// +optional | ||
Response *ProcessingModeOptions `json:"response,omitempty"` | ||
} | ||
|
||
// ExtProcAttributes defines which attributes are | ||
type ExtProcAttributes struct { | ||
// defines attributes to send for Request processing | ||
// | ||
// +optional | ||
Request []string `json:"request,omitempty"` | ||
// defines attributes to send for Response processing | ||
// | ||
// +optional | ||
Response []string `json:"response,omitempty"` | ||
} | ||
|
||
// MetadataNamespaces defines metadata namespaces that can be used to forward or receive dynamic metadata | ||
type MetadataNamespaces struct { | ||
// Specifies a list of metadata namespaces whose values, if present, will be passed to the ext_proc service as an opaque protobuf::Struct. | ||
// | ||
// +optional | ||
Untyped []string `json:"untyped,omitempty"` | ||
// Specifies a list of metadata namespaces whose values, if present, will be passed to the ext_proc service as a protobuf::Any. | ||
// | ||
// +optional | ||
Typed []string `json:"typed,omitempty"` | ||
} | ||
|
||
// ExtProcMetadataOptions defines options related to the sending and receiving of dynamic metadata | ||
type ExtProcMetadataOptions struct { | ||
// metadata namespaces forwarded to external processor | ||
// | ||
// +optional | ||
ForwardingNamespaces []MetadataNamespaces `json:"forwardingNamespaces,omitempty"` | ||
// metadata namespaces updatable by external processor | ||
// | ||
// +optional | ||
ReceivingNamespaces []MetadataNamespaces `json:"receivingNamespaces,omitempty"` | ||
} | ||
|
||
// +kubebuilder:validation:XValidation:rule="has(self.service) ? (!has(self.service.backendRef.group) || self.service.backendRef.group == \"\") : true", message="group is invalid, only the core API group (specified by omitting the group field or setting it to an empty string) is supported" | ||
// +kubebuilder:validation:XValidation:rule="has(self.service) ? (!has(self.service.backendRef.kind) || self.service.backendRef.kind == 'Service') : true", message="kind is invalid, only Service (specified by omitting the kind field or setting it to 'Service') is supported" | ||
// | ||
// ExtProc defines the configuration for External Processing. | ||
type ExtProc struct { | ||
// Service defines the configuration of the external processing service | ||
Service ExtProcService `json:"service"` | ||
// ProcessingMode defines how request and response headers and body are processed | ||
// Default: request and response headers are sent, bodies are not sent | ||
// | ||
// +optional | ||
ProcessingMode *ExtProcProcessingMode `json:"processingMode,omitempty"` | ||
// Attributes defines which envoy request and response attributes are provided as context to external processor | ||
// Default: no attributes are sent | ||
// | ||
// +optional | ||
Attributes *ExtProcAttributes `json:"attributes,omitempty"` | ||
// MetadataOptions defines options related to the sending and receiving of dynamic metadata | ||
// Default: no metadata context is sent or received | ||
// | ||
// +optional | ||
MetadataOptions *ExtProcMetadataOptions `json:"metadataOptions,omitempty"` | ||
// The timeout for a response to be returned from the external processor | ||
// Default: 200ms | ||
// | ||
// +optional | ||
MessageTimeout *gwapiv1.Duration `json:"messageTimeout,omitempty"` | ||
} | ||
|
||
// ExtProcService defines the gRPC External Processing service using the envoy grpc client | ||
// The processing request and response messages are defined in | ||
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/ext_proc/v3/external_processor.proto | ||
type ExtProcService struct { | ||
// BackendObjectReference references a Kubernetes object that represents the | ||
// backend server to which the processing requests will be sent. | ||
// Only service Kind is supported for now. | ||
BackendRef gwapiv1.BackendObjectReference `json:"backendRef"` | ||
|
||
// Metadata to include when initiating a stream to the grpc service. | ||
// For example, can be used to send authorization header for the connection with the external processor | ||
// | ||
// +optional | ||
InitialMetadata []gwapiv1.HTTPHeader `json:"initialMetadata,omitempty"` | ||
} |
Oops, something went wrong.