-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
gateway: add a new api group (#1058)
Add a gateway.pomerium.io/v1alpha1 API group with a PolicyFilter CRD for use with routes defined via the Kubernetes Gateway API.
- Loading branch information
1 parent
b1d7252
commit 045c26d
Showing
5 changed files
with
322 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| // Package v1alpha1 contains custom resource definitions for use with the Gateway API. | ||
| package v1alpha1 | ||
|
|
||
| import ( | ||
| metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
| ) | ||
|
|
||
| // PolicyFilter represents a Pomerium policy that can be attached to a particular route defined | ||
| // via the Kubernetes Gateway API. | ||
| // | ||
| // +kubebuilder:object:root=true | ||
| // +kubebuilder:subresource:status | ||
| type PolicyFilter struct { | ||
| metav1.TypeMeta `json:",inline"` | ||
| metav1.ObjectMeta `json:"metadata,omitempty"` | ||
|
|
||
| // Spec defines the content of the policy. | ||
| Spec PolicyFilterSpec `json:"spec,omitempty"` | ||
|
|
||
| // Status contains the status of the policy (e.g. is the policy valid). | ||
| Status PolicyFilterStatus `json:"status,omitempty"` | ||
| } | ||
|
|
||
| // PolicyFilterSpec defines policy rules. | ||
| type PolicyFilterSpec struct { | ||
| // Policy rules in Pomerium Policy Language (PPL) syntax. May be expressed | ||
| // in either YAML or JSON format. | ||
| PPL string `json:"ppl,omitempty"` | ||
| } | ||
|
|
||
| // PolicyFilterStatus represents the state of a PolicyFilter. | ||
| type PolicyFilterStatus struct { | ||
| // Conditions describe the current state of the PolicyFilter. | ||
| // | ||
| // +optional | ||
| // +listType=map | ||
| // +listMapKey=type | ||
| Conditions []metav1.Condition `json:"conditions,omitempty"` | ||
| } | ||
|
|
||
| //+kubebuilder:object:root=true | ||
|
|
||
| // PolicyFilterList is a list of PolicyFilters. | ||
| type PolicyFilterList struct { | ||
| metav1.TypeMeta `json:",inline"` | ||
| metav1.ListMeta `json:"metadata,omitempty"` | ||
| Items []PolicyFilter `json:"items"` | ||
| } | ||
|
|
||
| func init() { | ||
| SchemeBuilder.Register(&PolicyFilter{}, &PolicyFilterList{}) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| // Package v1alpha1 contains API Schema definitions for the gateway v1alpha1 API group | ||
| // +kubebuilder:object:generate=true | ||
| // +groupName=gateway.pomerium.io | ||
| package v1alpha1 | ||
|
|
||
| import ( | ||
| "k8s.io/apimachinery/pkg/runtime/schema" | ||
| "sigs.k8s.io/controller-runtime/pkg/scheme" | ||
| ) | ||
|
|
||
| var ( | ||
| // GroupVersion is group version used to register these objects | ||
| GroupVersion = schema.GroupVersion{Group: "gateway.pomerium.io", Version: "v1alpha1"} | ||
|
|
||
| // SchemeBuilder is used to add go types to the GroupVersionKind scheme | ||
| SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} | ||
|
|
||
| // AddToScheme adds the types in this group-version to the given scheme. | ||
| AddToScheme = SchemeBuilder.AddToScheme | ||
| ) |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
132 changes: 132 additions & 0 deletions
132
config/crd/bases/gateway.pomerium.io_policyfilters.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,132 @@ | ||
| --- | ||
| apiVersion: apiextensions.k8s.io/v1 | ||
| kind: CustomResourceDefinition | ||
| metadata: | ||
| annotations: | ||
| controller-gen.kubebuilder.io/version: v0.14.0 | ||
| name: policyfilters.gateway.pomerium.io | ||
| spec: | ||
| group: gateway.pomerium.io | ||
| names: | ||
| kind: PolicyFilter | ||
| listKind: PolicyFilterList | ||
| plural: policyfilters | ||
| singular: policyfilter | ||
| scope: Namespaced | ||
| versions: | ||
| - name: v1alpha1 | ||
| schema: | ||
| openAPIV3Schema: | ||
| description: |- | ||
| PolicyFilter represents a Pomerium policy that can be attached to a particular route defined | ||
| via the Kubernetes Gateway API. | ||
| properties: | ||
| apiVersion: | ||
| description: |- | ||
| APIVersion defines the versioned schema of this representation of an object. | ||
| Servers should convert recognized schemas to the latest internal value, and | ||
| may reject unrecognized values. | ||
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | ||
| type: string | ||
| kind: | ||
| description: |- | ||
| Kind is a string value representing the REST resource this object represents. | ||
| Servers may infer this from the endpoint the client submits requests to. | ||
| Cannot be updated. | ||
| In CamelCase. | ||
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | ||
| type: string | ||
| metadata: | ||
| type: object | ||
| spec: | ||
| description: Spec defines the content of the policy. | ||
| properties: | ||
| ppl: | ||
| description: |- | ||
| Policy rules in Pomerium Policy Language (PPL) syntax. May be expressed | ||
| in either YAML or JSON format. | ||
| type: string | ||
| type: object | ||
| status: | ||
| description: Status contains the status of the policy (e.g. is the policy | ||
| valid). | ||
| properties: | ||
| conditions: | ||
| description: Conditions describe the current state of the PolicyFilter. | ||
| items: | ||
| description: "Condition contains details for one aspect of the current | ||
| state of this API Resource.\n---\nThis struct is intended for | ||
| direct use as an array at the field path .status.conditions. For | ||
| example,\n\n\n\ttype FooStatus struct{\n\t // Represents the | ||
| observations of a foo's current state.\n\t // Known .status.conditions.type | ||
| are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // | ||
| +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t | ||
| \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" | ||
| patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t | ||
| \ // other fields\n\t}" | ||
| properties: | ||
| lastTransitionTime: | ||
| description: |- | ||
| lastTransitionTime is the last time the condition transitioned from one status to another. | ||
| This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. | ||
| format: date-time | ||
| type: string | ||
| message: | ||
| description: |- | ||
| message is a human readable message indicating details about the transition. | ||
| This may be an empty string. | ||
| maxLength: 32768 | ||
| type: string | ||
| observedGeneration: | ||
| description: |- | ||
| observedGeneration represents the .metadata.generation that the condition was set based upon. | ||
| For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date | ||
| with respect to the current state of the instance. | ||
| format: int64 | ||
| minimum: 0 | ||
| type: integer | ||
| reason: | ||
| description: |- | ||
| reason contains a programmatic identifier indicating the reason for the condition's last transition. | ||
| Producers of specific condition types may define expected values and meanings for this field, | ||
| and whether the values are considered a guaranteed API. | ||
| The value should be a CamelCase string. | ||
| This field may not be empty. | ||
| maxLength: 1024 | ||
| minLength: 1 | ||
| pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ | ||
| type: string | ||
| status: | ||
| description: status of the condition, one of True, False, Unknown. | ||
| enum: | ||
| - "True" | ||
| - "False" | ||
| - Unknown | ||
| type: string | ||
| type: | ||
| description: |- | ||
| type of condition in CamelCase or in foo.example.com/CamelCase. | ||
| --- | ||
| Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be | ||
| useful (see .node.status.conditions), the ability to deconflict is important. | ||
| The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) | ||
| maxLength: 316 | ||
| pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ | ||
| type: string | ||
| required: | ||
| - lastTransitionTime | ||
| - message | ||
| - reason | ||
| - status | ||
| - type | ||
| type: object | ||
| type: array | ||
| x-kubernetes-list-map-keys: | ||
| - type | ||
| x-kubernetes-list-type: map | ||
| type: object | ||
| type: object | ||
| served: true | ||
| storage: true | ||
| subresources: | ||
| status: {} |