knative
/
pkg
mirror of https://github.com/knative/pkg.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Istio DestinationRule and Policy into Istio apis and clients (#43) 

* initial draft

* fix incorrect dependency on knative/serving

* 1. Move StringMatch from istio/v1alpha3 to istio/common/v1alpha1. 2. Add field excludedPaths into Policy

* fix typo
This commit is contained in:
Zhimin Xiang 2018-08-22 16:16:59 -07:00 committed by Knative Prow Robot
parent f4a77d7708
commit 62d2560a1f
38 changed files with 2957 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
apis/istio/authentication/register.go Normal file
View File

@ -0,0 +1,21 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package authentication
const (
GroupName = "authentication.istio.io"
)

22
apis/istio/authentication/v1alpha1/doc.go Normal file
View File

@ -0,0 +1,22 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Api versions allow the api contract for a resource to be changed while keeping
// backward compatibility by support multiple concurrent versions
// of the same resource
// +k8s:deepcopy-gen=package
// +groupName=authentication.istio.io
package v1alpha1

345
apis/istio/authentication/v1alpha1/policy_types.go Normal file
View File

@ -0,0 +1,345 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/knative/pkg/apis/istio/common/v1alpha1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// VirtualService
type Policy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec PolicySpec `json:"spec"`
}
// Policy defines what authentication methods can be accepted on workload(s),
// and if authenticated, which method/certificate will set the request principal
// (i.e request.auth.principal attribute).
//
// Authentication policy is composed of 2-part authentication:
// - peer: verify caller service credentials. This part will set source.user
// (peer identity).
// - origin: verify the origin credentials. This part will set request.auth.user
// (origin identity), as well as other attributes like request.auth.presenter,
// request.auth.audiences and raw claims. Note that the identity could be
// end-user, service account, device etc.
//
// Last but not least, the principal binding rule defines which identity (peer
// or origin) should be used as principal. By default, it uses peer.
//
// Examples:
//
// Policy to enable mTLS for all services in namespace frod
//
// apiVersion: authentication.istio.io/v1alpha1
// kind: Policy
// metadata:
// name: mTLS_enable
// namespace: frod
// spec:
// peers:
// - mtls:
//
// Policy to disable mTLS for "productpage" service
//
// apiVersion: authentication.istio.io/v1alpha1
// kind: Policy
// metadata:
// name: mTLS_disable
// namespace: frod
// spec:
// targets:
// - name: productpage
//
// Policy to require mTLS for peer authentication, and JWT for origin authenticationn
// for productpage:9000. Principal is set from origin identity.
//
// apiVersion: authentication.istio.io/v1alpha1
// kind: Policy
// metadata:
// name: mTLS_enable
// namespace: frod
// spec:
// target:
// - name: productpage
// ports:
// - number: 9000
// peers:
// - mtls:
// origins:
// - jwt:
// issuer: "https://securetoken.google.com"
// audiences:
// - "productpage"
// jwksUri: "https://www.googleapis.com/oauth2/v1/certs"
// jwt_headers:
// - "x-goog-iap-jwt-assertion"
// principaBinding: USE_ORIGIN
//
// Policy to require mTLS for peer authentication, and JWT for origin authenticationn
// for productpage:9000, but allow origin authentication failed. Principal is set
// from origin identity.
// Note: this example can be used for use cases when we want to allow request from
// certain peers, given it comes with an approperiate authorization poicy to check
// and reject request accoridingly.
//
// apiVersion: authentication.istio.io/v1alpha1
// kind: Policy
// metadata:
// name: mTLS_enable
// namespace: frod
// spec:
// target:
// - name: productpage
// ports:
// - number: 9000
// peers:
// - mtls:
// origins:
// - jwt:
// issuer: "https://securetoken.google.com"
// audiences:
// - "productpage"
// jwksUri: "https://www.googleapis.com/oauth2/v1/certs"
// jwt_headers:
// - "x-goog-iap-jwt-assertion"
// originIsOptional: true
// principalBinding: USE_ORIGIN
type PolicySpec struct {
// List rules to select destinations that the policy should be applied on.
// If empty, policy will be used on all destinations in the same namespace.
Targets []TargetSelector `json:"targets,omitempty"`
// List of authentication methods that can be used for peer authentication.
// They will be evaluated in order; the first validate one will be used to
// set peer identity (source.user) and other peer attributes. If none of
// these methods pass, and peer_is_optional flag is false (see below),
// request will be rejected with authentication failed error (401).
// Leave the list empty if peer authentication is not required
Peers []PeerAuthenticationMethod `json:"peers,omitempty"`
// Set this flag to true to accept request (for peer authentication perspective),
// even when none of the peer authentication methods defined above satisfied.
// Typically, this is used to delay the rejection decision to next layer (e.g
// authorization).
// This flag is ignored if no authentication defined for peer (peers field is empty).
PeerIsOptional bool `json:"peerIsOptional,omitempty"`
// List of authentication methods that can be used for origin authentication.
// Similar to peers, these will be evaluated in order; the first validate one
// will be used to set origin identity and attributes (i.e request.auth.user,
// request.auth.issuer etc). If none of these methods pass, and origin_is_optional
// is false (see below), request will be rejected with authentication failed
// error (401).
// Leave the list empty if origin authentication is not required.
Origins []OriginAuthenticationMethod `json:"origins,omitempty"`
// Set this flag to true to accept request (for origin authentication perspective),
// even when none of the origin authentication methods defined above satisfied.
// Typically, this is used to delay the rejection decision to next layer (e.g
// authorization).
// This flag is ignored if no authentication defined for origin (origins field is empty).
OriginIsOptional bool `json:"originIsOptional,omitempty"`
// Define whether peer or origin identity should be use for principal. Default
// value is USE_PEER.
// If peer (or orgin) identity is not available, either because of peer/origin
// authentication is not defined, or failed, principal will be left unset.
// In other words, binding rule does not affect the decision to accept or
// reject request.
PrincipalBinding PrincipalBinding `json:"principalBinding,omitempty"`
}
// TargetSelector defines a matching rule to a service/destination.
type TargetSelector struct {
// REQUIRED. The name must be a short name from the service registry. The
// fully qualified domain name will be resolved in a platform specific manner.
Name string `json:"name"`
// Specifies the ports on the destination. Leave empty to match all ports
// that are exposed.
Ports []PortSelector `json:"ports,omitempty"`
}
// PortSelector specifies the name or number of a port to be used for
// matching targets for authenticationn policy. This is copied from
// networking API to avoid dependency.
type PortSelector struct {
// It is requred to specify exactly one of the fields:
// Number or Name
// Valid port number
Number uint32 `json:"number,omitempty"`
// Port name
Name string `json:"name,omitempty"`
}
// PeerAuthenticationMethod defines one particular type of authentication, e.g
// mutual TLS, JWT etc, (no authentication is one type by itself) that can
// be used for peer authentication.
// The type can be progammatically determine by checking the type of the
// "params" field.
type PeerAuthenticationMethod struct {
// It is requred to specify exactly one of the fields:
// Mtls or Jwt
// Set if mTLS is used.
Mtls *MutualTls `json:"mtls,omitempty"`
// Set if JWT is used. This option is not yet available.
Jwt *Jwt `json:"jwt,omitempty"`
}
// Defines the acceptable connection TLS mode.
type Mode string
const (
// Client cert must be presented, connection is in TLS.
ModeStrict Mode = "STRICT"
// Connection can be either plaintext or TLS, and client cert can be omitted.
ModePermissive Mode = "PERMISSIVE"
)
// TLS authentication params.
type MutualTls struct {
// WILL BE DEPRECATED, if set, will translates to `TLS_PERMISSIVE` mode.
// Set this flag to true to allow regular TLS (i.e without client x509
// certificate). If request carries client certificate, identity will be
// extracted and used (set to peer identity). Otherwise, peer identity will
// be left unset.
// When the flag is false (default), request must have client certificate.
AllowTls bool `json:"allowTls,omitempty"`
// Defines the mode of mTLS authentication.
Mode Mode `json:"mode,omitempty"`
}
// JSON Web Token (JWT) token format for authentication as defined by
// https://tools.ietf.org/html/rfc7519. See [OAuth
// 2.0](https://tools.ietf.org/html/rfc6749) and [OIDC
// 1.0](http://openid.net/connect) for how this is used in the whole
// authentication flow.
//
// Example,
//
// issuer: https://example.com
// audiences:
// - bookstore_android.apps.googleusercontent.com
// bookstore_web.apps.googleusercontent.com
// jwksUri: https://example.com/.well-known/jwks.json
//
type Jwt struct {
// Identifies the issuer that issued the JWT. See
// [issuer](https://tools.ietf.org/html/rfc7519#section-4.1.1)
// Usually a URL or an email address.
//
// Example: https://securetoken.google.com
// Example: 1234567-compute@developer.gserviceaccount.com
Issuer string `json:"issuer,omitempty"`
// The list of JWT
// [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3).
// that are allowed to access. A JWT containing any of these
// audiences will be accepted.
//
// The service name will be accepted if audiences is empty.
//
// Example:
//
// ```yaml
// audiences:
// - bookstore_android.apps.googleusercontent.com
// bookstore_web.apps.googleusercontent.com
// ```
Audiences []string `json:"audiences,omitempty"`
// URL of the provider's public key set to validate signature of the
// JWT. See [OpenID
// Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
//
// Optional if the key set document can either (a) be retrieved from
// [OpenID
// Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) of
// the issuer or (b) inferred from the email domain of the issuer (e.g. a
// Google service account).
//
// Example: https://www.googleapis.com/oauth2/v1/certs
JwksUri string `json:"jwksUri,omitempty"`
// Two fields below define where to extract the JWT from an HTTP request.
//
// If no explicit location is specified the following default
// locations are tried in order:
//
// 1) The Authorization header using the Bearer schema,
// e.g. Authorization: Bearer <token>. (see
// [Authorization Request Header
// Field](https://tools.ietf.org/html/rfc6750#section-2.1))
//
// 2) `access_token` query parameter (see
// [URI Query Parameter](https://tools.ietf.org/html/rfc6750#section-2.3))
// JWT is sent in a request header. `header` represents the
// header name.
//
// For example, if `header=x-goog-iap-jwt-assertion`, the header
// format will be x-goog-iap-jwt-assertion: <JWT>.
JwtHeaders []string `json:"jwtHeaders,omitempty"`
// JWT is sent in a query parameter. `query` represents the
// query parameter name.
//
// For example, `query=jwt_token`.
JwtParams []string `json:"jwtParams,omitempty"`
// URL paths that should be excluded from the JWT validation. If the request path is matched,
// the JWT validation will be skipped and the request will proceed regardless.
// This is useful to keep a couple of URLs public for external health checks.
// Example: "/health_check", "/status/cpu_usage".
ExcludedPaths []v1alpha1.StringMatch `json:"excludedPaths,omitempty"`
}
// OriginAuthenticationMethod defines authentication method/params for origin
// authentication. Origin could be end-user, device, delegate service etc.
// Currently, only JWT is supported for origin authentication.
type OriginAuthenticationMethod struct {
// Jwt params for the method.
Jwt *Jwt `json:"jwt,omitempty"`
}
// Associates authentication with request principal.
type PrincipalBinding string
const (
// Principal will be set to the identity from peer authentication.
PrincipalBindingUserPeer PrincipalBinding = "USE_PEER"
// Principal will be set to the identity from peer authentication.
PrincipalBindingUserOrigin PrincipalBinding = "USE_ORIGIN"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PolicyLIst is a list of Policy resources
type PolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []Policy `json:"items"`
}

52
apis/istio/authentication/v1alpha1/register.go Normal file
View File

@ -0,0 +1,52 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
"github.com/knative/pkg/apis/istio/authentication"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
)
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: authentication.GroupName, Version: "v1alpha1"}
// Kind takes an unqualified kind and returns back a Group qualified GroupKind
func Kind(kind string) schema.GroupKind {
return SchemeGroupVersion.WithKind(kind).GroupKind()
}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
AddToScheme = SchemeBuilder.AddToScheme
)
// Adds the list of known types to Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&Policy{},
&PolicyList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

259
apis/istio/authentication/v1alpha1/zz_generated.deepcopy.go generated Normal file
View File

@ -0,0 +1,259 @@
// +build !ignore_autogenerated
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1alpha1
import (
commonv1alpha1 "github.com/knative/pkg/apis/istio/common/v1alpha1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Jwt) DeepCopyInto(out *Jwt) {
*out = *in
if in.Audiences != nil {
in, out := &in.Audiences, &out.Audiences
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.JwtHeaders != nil {
in, out := &in.JwtHeaders, &out.JwtHeaders
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.JwtParams != nil {
in, out := &in.JwtParams, &out.JwtParams
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.ExcludedPaths != nil {
in, out := &in.ExcludedPaths, &out.ExcludedPaths
*out = make([]commonv1alpha1.StringMatch, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Jwt.
func (in *Jwt) DeepCopy() *Jwt {
if in == nil {
return nil
}
out := new(Jwt)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *MutualTls) DeepCopyInto(out *MutualTls) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MutualTls.
func (in *MutualTls) DeepCopy() *MutualTls {
if in == nil {
return nil
}
out := new(MutualTls)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OriginAuthenticationMethod) DeepCopyInto(out *OriginAuthenticationMethod) {
*out = *in
if in.Jwt != nil {
in, out := &in.Jwt, &out.Jwt
*out = new(Jwt)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginAuthenticationMethod.
func (in *OriginAuthenticationMethod) DeepCopy() *OriginAuthenticationMethod {
if in == nil {
return nil
}
out := new(OriginAuthenticationMethod)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PeerAuthenticationMethod) DeepCopyInto(out *PeerAuthenticationMethod) {
*out = *in
if in.Mtls != nil {
in, out := &in.Mtls, &out.Mtls
*out = new(MutualTls)
**out = **in
}
if in.Jwt != nil {
in, out := &in.Jwt, &out.Jwt
*out = new(Jwt)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PeerAuthenticationMethod.
func (in *PeerAuthenticationMethod) DeepCopy() *PeerAuthenticationMethod {
if in == nil {
return nil
}
out := new(PeerAuthenticationMethod)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Policy) DeepCopyInto(out *Policy) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
func (in *Policy) DeepCopy() *Policy {
if in == nil {
return nil
}
out := new(Policy)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Policy) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyList) DeepCopyInto(out *PolicyList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Policy, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.
func (in *PolicyList) DeepCopy() *PolicyList {
if in == nil {
return nil
}
out := new(PolicyList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *PolicyList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicySpec) DeepCopyInto(out *PolicySpec) {
*out = *in
if in.Targets != nil {
in, out := &in.Targets, &out.Targets
*out = make([]TargetSelector, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.Peers != nil {
in, out := &in.Peers, &out.Peers
*out = make([]PeerAuthenticationMethod, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.Origins != nil {
in, out := &in.Origins, &out.Origins
*out = make([]OriginAuthenticationMethod, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec.
func (in *PolicySpec) DeepCopy() *PolicySpec {
if in == nil {
return nil
}
out := new(PolicySpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PortSelector) DeepCopyInto(out *PortSelector) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector.
func (in *PortSelector) DeepCopy() *PortSelector {
if in == nil {
return nil
}
out := new(PortSelector)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TargetSelector) DeepCopyInto(out *TargetSelector) {
*out = *in
if in.Ports != nil {
in, out := &in.Ports, &out.Ports
*out = make([]PortSelector, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetSelector.
func (in *TargetSelector) DeepCopy() *TargetSelector {
if in == nil {
return nil
}
out := new(TargetSelector)
in.DeepCopyInto(out)
return out
}

35
apis/istio/common/v1alpha1/string.go Normal file
View File

@ -0,0 +1,35 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
// Describes how to match a given string in HTTP headers. Match is
// case-sensitive.
type StringMatch struct {
// Specified exactly one of the fields below.
// exact string match
Exact string `json:"exact,omitempty"`
// prefix-based match
Prefix string `json:"prefix,omitempty"`
// suffix-based match.
Suffix string `json:"prefix,omitempty"`
// ECMAscript style regex-based match
Regex string `json:"regex,omitempty"`
}

547
apis/istio/v1alpha3/destinationrule_types.go Normal file
View File

@ -0,0 +1,547 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha3
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// DestinationRule
type DestinationRule struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec DestinationRuleSpec `json:"spec"`
}
// DestinationRule defines policies that apply to traffic intended for a
// service after routing has occurred. These rules specify configuration
// for load balancing, connection pool size from the sidecar, and outlier
// detection settings to detect and evict unhealthy hosts from the load
// balancing pool. For example, a simple load balancing policy for the
// ratings service would look as follows:
//
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: bookinfo-ratings
// spec:
// host: ratings.prod.svc.cluster.local
// trafficPolicy:
// loadBalancer:
// simple: LEAST_CONN
//
//
// Version specific policies can be specified by defining a named
// subset and overriding the settings specified at the service level. The
// following rule uses a round robin load balancing policy for all traffic
// going to a subset named testversion that is composed of endpoints (e.g.,
// pods) with labels (version:v3).
//
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: bookinfo-ratings
// spec:
// host: ratings.prod.svc.cluster.local
// trafficPolicy:
// loadBalancer:
// simple: LEAST_CONN
// subsets:
// - name: testversion
// labels:
// version: v3
// trafficPolicy:
// loadBalancer:
// simple: ROUND_ROBIN
//
//
// **Note:** Policies specified for subsets will not take effect until
// a route rule explicitly sends traffic to this subset.
//
// Traffic policies can be customized to specific ports as well. The
// following rule uses the least connection load balancing policy for all
// traffic to port 80, while uses a round robin load balancing setting for
// traffic to the port 9080.
//
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: bookinfo-ratings-port
// spec:
// host: ratings.prod.svc.cluster.local
// trafficPolicy: # Apply to all ports
// portLevelSettings:
// - port:
// number: 80
// loadBalancer:
// simple: LEAST_CONN
// - port:
// number: 9080
// loadBalancer:
// simple: ROUND_ROBIN
//
type DestinationRuleSpec struct {
// REQUIRED. The name of a service from the service registry. Service
// names are looked up from the platform's service registry (e.g.,
// Kubernetes services, Consul services, etc.) and from the hosts
// declared by [ServiceEntries](#ServiceEntry). Rules defined for
// services that do not exist in the service registry will be ignored.
//
// *Note for Kubernetes users*: When short names are used (e.g. "reviews"
// instead of "reviews.default.svc.cluster.local"), Istio will interpret
// the short name based on the namespace of the rule, not the service. A
// rule in the "default" namespace containing a host "reviews will be
// interpreted as "reviews.default.svc.cluster.local", irrespective of
// the actual namespace associated with the reviews service. _To avoid
// potential misconfigurations, it is recommended to always use fully
// qualified domain names over short names._
//
// Note that the host field applies to both HTTP and TCP services.
Host string `json:"host"`
// Traffic policies to apply (load balancing policy, connection pool
// sizes, outlier detection).
TrafficPolicy *TrafficPolicy `json:"trafficPolicy,omitempty"`
// One or more named sets that represent individual versions of a
// service. Traffic policies can be overridden at subset level.
Subsets []Subset `json:"subsets,omitempty"`
}
// Traffic policies to apply for a specific destination, across all
// destination ports. See DestinationRule for examples.
type TrafficPolicy struct {
// Settings controlling the load balancer algorithms.
LoadBalancer *LoadBalancerSettings `json:"loadBalancer,omitempty"`
// Settings controlling the volume of connections to an upstream service
ConnectionPool *ConnectionPoolSettings `json:"connectionPool,omitempty"`
// Settings controlling eviction of unhealthy hosts from the load balancing pool
OutlierDetection *OutlierDetection `json:"outlierDetection,omitempty"`
// TLS related settings for connections to the upstream service.
Tls *TLSSettings `json:"tls,omitempty"`
// Traffic policies specific to individual ports. Note that port level
// settings will override the destination-level settings. Traffic
// settings specified at the destination-level will not be inherited when
// overridden by port-level settings, i.e. default values will be applied
// to fields omitted in port-level traffic policies.
PortLevelSettings []PortTrafficPolicy `json:"portLevelSettings,omitempty"`
}
// Traffic policies that apply to specific ports of the service
type PortTrafficPolicy struct {
// Specifies the port name or number of a port on the destination service
// on which this policy is being applied.
//
// Names must comply with DNS label syntax (rfc1035) and therefore cannot
// collide with numbers. If there are multiple ports on a service with
// the same protocol the names should be of the form <protocol-name>-<DNS
// label>.
Port PortSelector `json:"port"`
// Settings controlling the load balancer algorithms.
LoadBalancer *LoadBalancerSettings `json:"loadBalancer,omitempty"`
// Settings controlling the volume of connections to an upstream service
ConnectionPool *ConnectionPoolSettings `json:"connectionPool,omitempty"`
// Settings controlling eviction of unhealthy hosts from the load balancing pool
OutlierDetection *OutlierDetection `json:"outlierDetection,omitempty"`
// TLS related settings for connections to the upstream service.
Tls *TLSSettings `json:"tls,omitempty"`
}
// A subset of endpoints of a service. Subsets can be used for scenarios
// like A/B testing, or routing to a specific version of a service. Refer
// to [VirtualService](#VirtualService) documentation for examples of using
// subsets in these scenarios. In addition, traffic policies defined at the
// service-level can be overridden at a subset-level. The following rule
// uses a round robin load balancing policy for all traffic going to a
// subset named testversion that is composed of endpoints (e.g., pods) with
// labels (version:v3).
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: bookinfo-ratings
// spec:
// host: ratings.prod.svc.cluster.local
// trafficPolicy:
// loadBalancer:
// simple: LEAST_CONN
// subsets:
// - name: testversion
// labels:
// version: v3
// trafficPolicy:
// loadBalancer:
// simple: ROUND_ROBIN
//
// **Note:** Policies specified for subsets will not take effect until
// a route rule explicitly sends traffic to this subset.
type Subset struct {
// REQUIRED. Name of the subset. The service name and the subset name can
// be used for traffic splitting in a route rule.
Name string `json:"port"`
// REQUIRED. Labels apply a filter over the endpoints of a service in the
// service registry. See route rules for examples of usage.
Labels map[string]string `json:"labels"`
// Traffic policies that apply to this subset. Subsets inherit the
// traffic policies specified at the DestinationRule level. Settings
// specified at the subset level will override the corresponding settings
// specified at the DestinationRule level.
TrafficPolicy *TrafficPolicy `json:"trafficPolicy,omitempty"`
}
// Load balancing policies to apply for a specific destination. See Envoy's
// load balancing
// [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/load_balancing.html)
// for more details.
//
// For example, the following rule uses a round robin load balancing policy
// for all traffic going to the ratings service.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: bookinfo-ratings
// spec:
// host: ratings.prod.svc.cluster.local
// trafficPolicy:
// loadBalancer:
// simple: ROUND_ROBIN
//
// The following example sets up sticky sessions for the ratings service
// hashing-based load balancer for the same ratings service using the
// the User cookie as the hash key.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: bookinfo-ratings
// spec:
// host: ratings.prod.svc.cluster.local
// trafficPolicy:
// loadBalancer:
// consistentHash:
// httpCookie:
// name: user
// ttl: 0s
type LoadBalancerSettings struct {
// It is requred to specify exactly one of the fields:
// Simple or ConsistentHash
Simple SimpleLB `json:"simple,omitempty"`
ConsistentHash *ConsistentHashLB `json:"consistentHash,omitempty"`
}
// Standard load balancing algorithms that require no tuning.
type SimpleLB string
const (
// Round Robin policy. Default
SimpleLBRoundRobin SimpleLB = "ROUND_ROBIN"
// The least request load balancer uses an O(1) algorithm which selects
// two random healthy hosts and picks the host which has fewer active
// requests.
SimpleLBLeastConn SimpleLB = "LEAST_CONN"
// The random load balancer selects a random healthy host. The random
// load balancer generally performs better than round robin if no health
// checking policy is configured.
SimpleLBRandom SimpleLB = "RANDOM"
// This option will forward the connection to the original IP address
// requested by the caller without doing any form of load
// balancing. This option must be used with care. It is meant for
// advanced use cases. Refer to Original Destination load balancer in
// Envoy for further details.
SimpleLBPassthrough SimpleLB = "PASSTHROUGH"
)
// Consistent Hash-based load balancing can be used to provide soft
// session affinity based on HTTP headers, cookies or other
// properties. This load balancing policy is applicable only for HTTP
// connections. The affinity to a particular destination host will be
// lost when one or more hosts are added/removed from the destination
// service.
type ConsistentHashLB struct {
// It is requred to specify exactly one of the fields as hash key:
// HttpHeaderName, HttpCookie, or UseSourceIP.
// Hash based on a specific HTTP header.
HttpHeaderName string `json:"httpHeaderName,omitempty"`
// Hash based on HTTP cookie.
HttpCookie *HTTPCookie `json:"httpCookie,omitempty"`
// Hash based on the source IP address.
UseSourceIp bool `json:"useSourceIp,omitempty"`
// The minimum number of virtual nodes to use for the hash
// ring. Defaults to 1024. Larger ring sizes result in more granular
// load distributions. If the number of hosts in the load balancing
// pool is larger than the ring size, each host will be assigned a
// single virtual node.
MinimumRingSize uint64 `json:"minimumRingSize,omitempty"`
}
// Describes a HTTP cookie that will be used as the hash key for the
// Consistent Hash load balancer. If the cookie is not present, it will
// be generated.
type HTTPCookie struct {
// REQUIRED. Name of the cookie.
Name string `json:"name"`
// Path to set for the cookie.
Path string `json:"path,omitempty"`
// REQUIRED. Lifetime of the cookie.
Ttl string `json:"ttl"`
}
// Connection pool settings for an upstream host. The settings apply to
// each individual host in the upstream service. See Envoy's [circuit
// breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/circuit_breaking)
// for more details. Connection pool settings can be applied at the TCP
// level as well as at HTTP level.
//
// For example, the following rule sets a limit of 100 connections to redis
// service called myredissrv with a connect timeout of 30ms
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: bookinfo-redis
// spec:
// host: myredissrv.prod.svc.cluster.local
// trafficPolicy:
// connectionPool:
// tcp:
// maxConnections: 100
// connectTimeout: 30ms
type ConnectionPoolSettings struct {
// Settings common to both HTTP and TCP upstream connections.
Tcp *TCPSettings `json:"tcp,omitempty"`
// HTTP connection pool settings.
Http *HTTPSettings `json:"http,omitempty"`
}
// Settings common to both HTTP and TCP upstream connections.
type TCPSettings struct {
// Maximum number of HTTP1 /TCP connections to a destination host.
MaxConnections int32 `json:"maxConnections,omitempty"`
// TCP connection timeout.
ConnectTimeout string `json:"connectTimeout,omitempty"`
}
// Settings applicable to HTTP1.1/HTTP2/GRPC connections.
type HTTPSettings struct {
// Maximum number of pending HTTP requests to a destination. Default 1024.
Http1MaxPendingRequests int32 `json:"http1MaxPendingRequests,omitempty"`
// Maximum number of requests to a backend. Default 1024.
Http2MaxRequests int32 `json:"http2MaxRequests,omitempty"`
// Maximum number of requests per connection to a backend. Setting this
// parameter to 1 disables keep alive.
MaxRequestsPerConnection int32 `json:"maxRequestsPerConnection,omitempty"`
// Maximum number of retries that can be outstanding to all hosts in a
// cluster at a given time. Defaults to 3.
MaxRetries int32 `json:"maxRetries,omitempty"`
}
// A Circuit breaker implementation that tracks the status of each
// individual host in the upstream service. Applicable to both HTTP and
// TCP services. For HTTP services, hosts that continually return 5xx
// errors for API calls are ejected from the pool for a pre-defined period
// of time. For TCP services, connection timeouts or connection
// failures to a given host counts as an error when measuring the
// consecutive errors metric. See Envoy's [outlier
// detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/outlier)
// for more details.
//
// The following rule sets a connection pool size of 100 connections and
// 1000 concurrent HTTP2 requests, with no more than 10 req/connection to
// "reviews" service. In addition, it configures upstream hosts to be
// scanned every 5 mins, such that any host that fails 7 consecutive times
// with 5XX error code will be ejected for 15 minutes.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: reviews-cb-policy
// spec:
// host: reviews.prod.svc.cluster.local
// trafficPolicy:
// connectionPool:
// tcp:
// maxConnections: 100
// http:
// http2MaxRequests: 1000
// maxRequestsPerConnection: 10
// outlierDetection:
// consecutiveErrors: 7
// interval: 5m
// baseEjectionTime: 15m
type OutlierDetection struct {
// Number of errors before a host is ejected from the connection
// pool. Defaults to 5. When the upstream host is accessed over HTTP, a
// 5xx return code qualifies as an error. When the upstream host is
// accessed over an opaque TCP connection, connect timeouts and
// connection error/failure events qualify as an error.
ConsecutiveErrors int32 `json:"consecutiveErrors,omitempty"`
// Time interval between ejection sweep analysis. format:
// 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.
Interval string `json:"interval,omitempty"`
// Minimum ejection duration. A host will remain ejected for a period
// equal to the product of minimum ejection duration and the number of
// times the host has been ejected. This technique allows the system to
// automatically increase the ejection period for unhealthy upstream
// servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.
BaseEjectionTime string `json:"baseEjectionTime,omitempty"`
// Maximum % of hosts in the load balancing pool for the upstream
// service that can be ejected. Defaults to 10%.
MaxEjectionPercent int32 `json:"maxEjectionPercent,omitempty"`
}
// SSL/TLS related settings for upstream connections. See Envoy's [TLS
// context](https://www.envoyproxy.io/docs/envoy/latest/api-v1/cluster_manager/cluster_ssl.html#config-cluster-manager-cluster-ssl)
// for more details. These settings are common to both HTTP and TCP upstreams.
//
// For example, the following rule configures a client to use mutual TLS
// for connections to upstream database cluster.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: db-mtls
// spec:
// host: mydbserver.prod.svc.cluster.local
// trafficPolicy:
// tls:
// mode: MUTUAL
// clientCertificate: /etc/certs/myclientcert.pem
// privateKey: /etc/certs/client_private_key.pem
// caCertificates: /etc/certs/rootcacerts.pem
//
// The following rule configures a client to use TLS when talking to a
// foreign service whose domain matches *.foo.com.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: tls-foo
// spec:
// host: "*.foo.com"
// trafficPolicy:
// tls:
// mode: SIMPLE
//
// The following rule configures a client to use Istio mutual TLS when talking
// to rating services.
//
// apiVersion: networking.istio.io/v1alpha3
// kind: DestinationRule
// metadata:
// name: ratings-istio-mtls
// spec:
// host: ratings.prod.svc.cluster.local
// trafficPolicy:
// tls:
// mode: ISTIO_MUTUAL
type TLSSettings struct {
// REQUIRED: Indicates whether connections to this port should be secured
// using TLS. The value of this field determines how TLS is enforced.
Mode TLSmode `json:"mode"`
// REQUIRED if mode is `MUTUAL`. The path to the file holding the
// client-side TLS certificate to use.
// Should be empty if mode is `ISTIO_MUTUAL`.
ClientCertificate string `json:"clientCertificate,omitempty"`
// REQUIRED if mode is `MUTUAL`. The path to the file holding the
// client's private key.
// Should be empty if mode is `ISTIO_MUTUAL`.
PrivateKey string `json:"privateKey,omitempty"`
// OPTIONAL: The path to the file containing certificate authority
// certificates to use in verifying a presented server certificate. If
// omitted, the proxy will not verify the server's certificate.
// Should be empty if mode is `ISTIO_MUTUAL`.
CaCertificates string `json:"caCertificates,omitempty"`
// A list of alternate names to verify the subject identity in the
// certificate. If specified, the proxy will verify that the server
// certificate's subject alt name matches one of the specified values.
// Should be empty if mode is `ISTIO_MUTUAL`.
SubjectAltNames []string `json:"subjectAltNames,omitempty"`
// SNI string to present to the server during TLS handshake.
// Should be empty if mode is `ISTIO_MUTUAL`.
Sni string `json:"sni,omitempty"`
}
// TLS connection mode
type TLSmode string
const (
// Do not setup a TLS connection to the upstream endpoint.
TLSmodeDisable TLSmode = "DISABLE"
// Originate a TLS connection to the upstream endpoint.
TLSmodeSimple TLSmode = "SIMPLE"
// Secure connections to the upstream using mutual TLS by presenting
// client certificates for authentication.
TLSmodeMutual TLSmode = "MUTUAL"
// Secure connections to the upstream using mutual TLS by presenting
// client certificates for authentication.
// Compared to Mutual mode, this mode uses certificates generated
// automatically by Istio for mTLS authentication. When this mode is
// used, all other fields in `TLSSettings` should be empty.
TLSmodeIstioMutual TLSmode = "ISTIO_MUTUAL"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// DestinationRuleList is a list of DestinationRule resources
type DestinationRuleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []DestinationRule `json:"items"`
}

2
apis/istio/v1alpha3/register.go
View File

@ -46,8 +46,10 @@ func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&VirtualService{},
&Gateway{},
&DestinationRule{},
&VirtualServiceList{},
&GatewayList{},
&DestinationRuleList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil

26
apis/istio/v1alpha3/virtualservice_types.go
View File

@ -18,6 +18,7 @@ package v1alpha3
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/knative/pkg/apis/istio/common/v1alpha1"
)
// +genclient
@ -234,7 +235,7 @@ type HTTPMatchRequest struct {
//
// - `regex: "value"` for ECMAscript style regex-based match
//
Uri *StringMatch `json:"uri,omitempty"`
Uri *v1alpha1.StringMatch `json:"uri,omitempty"`
// URI Scheme
// values are case-sensitive and formatted as follows:
@ -245,7 +246,7 @@ type HTTPMatchRequest struct {
//
// - `regex: "value"` for ECMAscript style regex-based match
//
Scheme *StringMatch `json:"scheme,omitempty"`
Scheme *v1alpha1.StringMatch `json:"scheme,omitempty"`
// HTTP Method
// values are case-sensitive and formatted as follows:
@ -256,7 +257,7 @@ type HTTPMatchRequest struct {
//
// - `regex: "value"` for ECMAscript style regex-based match
//
Method *StringMatch `json:"method,omitempty"`
Method *v1alpha1.StringMatch `json:"method,omitempty"`
// HTTP Authority
// values are case-sensitive and formatted as follows:
@ -267,7 +268,7 @@ type HTTPMatchRequest struct {
//
// - `regex: "value"` for ECMAscript style regex-based match
//
Authority *StringMatch `json:"authority,omitempty"`
Authority *v1alpha1.StringMatch `json:"authority,omitempty"`
// The header keys must be lowercase and use hyphen as the separator,
// e.g. _x-request-id_.
@ -281,22 +282,7 @@ type HTTPMatchRequest struct {
// - `regex: "value"` for ECMAscript style regex-based match
//
// **Note:** The keys `uri`, `scheme`, `method`, and `authority` will be ignored.
Headers map[string]StringMatch `json:"headers,omitempty"`
}
// Describes how to match a given string in HTTP headers. Match is
// case-sensitive.
type StringMatch struct {
// Specified exactly one of the fields below.
// exact string match
Exact string `json:"exact,omitempty"`
// prefix-based match
Prefix string `json:"prefix,omitempty"`
// ECMAscript style regex-based match
Regex string `json:"regex,omitempty"`
Headers map[string]v1alpha1.StringMatch `json:"headers,omitempty"`
}
type DestinationWeight struct {

352
apis/istio/v1alpha3/zz_generated.deepcopy.go generated
View File

@ -21,9 +21,57 @@ limitations under the License.
package v1alpha3
import (
v1alpha1 "github.com/knative/pkg/apis/istio/common/v1alpha1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ConnectionPoolSettings) DeepCopyInto(out *ConnectionPoolSettings) {
*out = *in
if in.Tcp != nil {
in, out := &in.Tcp, &out.Tcp
*out = new(TCPSettings)
**out = **in
}
if in.Http != nil {
in, out := &in.Http, &out.Http
*out = new(HTTPSettings)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings.
func (in *ConnectionPoolSettings) DeepCopy() *ConnectionPoolSettings {
if in == nil {
return nil
}
out := new(ConnectionPoolSettings)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ConsistentHashLB) DeepCopyInto(out *ConsistentHashLB) {
*out = *in
if in.HttpCookie != nil {
in, out := &in.HttpCookie, &out.HttpCookie
*out = new(HTTPCookie)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsistentHashLB.
func (in *ConsistentHashLB) DeepCopy() *ConsistentHashLB {
if in == nil {
return nil
}
out := new(ConsistentHashLB)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CorsPolicy) DeepCopyInto(out *CorsPolicy) {
*out = *in
@ -77,6 +125,94 @@ func (in *Destination) DeepCopy() *Destination {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DestinationRule) DeepCopyInto(out *DestinationRule) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRule.
func (in *DestinationRule) DeepCopy() *DestinationRule {
if in == nil {
return nil
}
out := new(DestinationRule)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *DestinationRule) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DestinationRuleList) DeepCopyInto(out *DestinationRuleList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]DestinationRule, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRuleList.
func (in *DestinationRuleList) DeepCopy() *DestinationRuleList {
if in == nil {
return nil
}
out := new(DestinationRuleList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *DestinationRuleList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DestinationRuleSpec) DeepCopyInto(out *DestinationRuleSpec) {
*out = *in
if in.TrafficPolicy != nil {
in, out := &in.TrafficPolicy, &out.TrafficPolicy
*out = new(TrafficPolicy)
(*in).DeepCopyInto(*out)
}
if in.Subsets != nil {
in, out := &in.Subsets, &out.Subsets
*out = make([]Subset, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRuleSpec.
func (in *DestinationRuleSpec) DeepCopy() *DestinationRuleSpec {
if in == nil {
return nil
}
out := new(DestinationRuleSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DestinationWeight) DeepCopyInto(out *DestinationWeight) {
*out = *in
@ -184,6 +320,22 @@ func (in *GatewaySpec) DeepCopy() *GatewaySpec {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *HTTPCookie) DeepCopyInto(out *HTTPCookie) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPCookie.
func (in *HTTPCookie) DeepCopy() *HTTPCookie {
if in == nil {
return nil
}
out := new(HTTPCookie)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *HTTPFaultInjection) DeepCopyInto(out *HTTPFaultInjection) {
*out = *in
@ -215,27 +367,27 @@ func (in *HTTPMatchRequest) DeepCopyInto(out *HTTPMatchRequest) {
*out = *in
if in.Uri != nil {
in, out := &in.Uri, &out.Uri
*out = new(StringMatch)
*out = new(v1alpha1.StringMatch)
**out = **in
}
if in.Scheme != nil {
in, out := &in.Scheme, &out.Scheme
*out = new(StringMatch)
*out = new(v1alpha1.StringMatch)
**out = **in
}
if in.Method != nil {
in, out := &in.Method, &out.Method
*out = new(StringMatch)
*out = new(v1alpha1.StringMatch)
**out = **in
}
if in.Authority != nil {
in, out := &in.Authority, &out.Authority
*out = new(StringMatch)
*out = new(v1alpha1.StringMatch)
**out = **in
}
if in.Headers != nil {
in, out := &in.Headers, &out.Headers
*out = make(map[string]StringMatch, len(*in))
*out = make(map[string]v1alpha1.StringMatch, len(*in))
for key, val := range *in {
(*out)[key] = val
}
@ -368,6 +520,22 @@ func (in *HTTPRoute) DeepCopy() *HTTPRoute {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *HTTPSettings) DeepCopyInto(out *HTTPSettings) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPSettings.
func (in *HTTPSettings) DeepCopy() *HTTPSettings {
if in == nil {
return nil
}
out := new(HTTPSettings)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *InjectAbort) DeepCopyInto(out *InjectAbort) {
*out = *in
@ -428,6 +596,43 @@ func (in *L4MatchAttributes) DeepCopy() *L4MatchAttributes {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *LoadBalancerSettings) DeepCopyInto(out *LoadBalancerSettings) {
*out = *in
if in.ConsistentHash != nil {
in, out := &in.ConsistentHash, &out.ConsistentHash
*out = new(ConsistentHashLB)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings.
func (in *LoadBalancerSettings) DeepCopy() *LoadBalancerSettings {
if in == nil {
return nil
}
out := new(LoadBalancerSettings)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OutlierDetection) DeepCopyInto(out *OutlierDetection) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutlierDetection.
func (in *OutlierDetection) DeepCopy() *OutlierDetection {
if in == nil {
return nil
}
out := new(OutlierDetection)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Port) DeepCopyInto(out *Port) {
*out = *in
@ -460,6 +665,43 @@ func (in *PortSelector) DeepCopy() *PortSelector {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PortTrafficPolicy) DeepCopyInto(out *PortTrafficPolicy) {
*out = *in
out.Port = in.Port
if in.LoadBalancer != nil {
in, out := &in.LoadBalancer, &out.LoadBalancer
*out = new(LoadBalancerSettings)
(*in).DeepCopyInto(*out)
}
if in.ConnectionPool != nil {
in, out := &in.ConnectionPool, &out.ConnectionPool
*out = new(ConnectionPoolSettings)
(*in).DeepCopyInto(*out)
}
if in.OutlierDetection != nil {
in, out := &in.OutlierDetection, &out.OutlierDetection
*out = new(OutlierDetection)
**out = **in
}
if in.Tls != nil {
in, out := &in.Tls, &out.Tls
*out = new(TLSSettings)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortTrafficPolicy.
func (in *PortTrafficPolicy) DeepCopy() *PortTrafficPolicy {
if in == nil {
return nil
}
out := new(PortTrafficPolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Server) DeepCopyInto(out *Server) {
*out = *in
@ -488,17 +730,29 @@ func (in *Server) DeepCopy() *Server {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *StringMatch) DeepCopyInto(out *StringMatch) {
func (in *Subset) DeepCopyInto(out *Subset) {
*out = *in
if in.Labels != nil {
in, out := &in.Labels, &out.Labels
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.TrafficPolicy != nil {
in, out := &in.TrafficPolicy, &out.TrafficPolicy
*out = new(TrafficPolicy)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch.
func (in *StringMatch) DeepCopy() *StringMatch {
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subset.
func (in *Subset) DeepCopy() *Subset {
if in == nil {
return nil
}
out := new(StringMatch)
out := new(Subset)
in.DeepCopyInto(out)
return out
}
@ -527,6 +781,22 @@ func (in *TCPRoute) DeepCopy() *TCPRoute {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TCPSettings) DeepCopyInto(out *TCPSettings) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPSettings.
func (in *TCPSettings) DeepCopy() *TCPSettings {
if in == nil {
return nil
}
out := new(TCPSettings)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TLSOptions) DeepCopyInto(out *TLSOptions) {
*out = *in
@ -548,6 +818,70 @@ func (in *TLSOptions) DeepCopy() *TLSOptions {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TLSSettings) DeepCopyInto(out *TLSSettings) {
*out = *in
if in.SubjectAltNames != nil {
in, out := &in.SubjectAltNames, &out.SubjectAltNames
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSettings.
func (in *TLSSettings) DeepCopy() *TLSSettings {
if in == nil {
return nil
}
out := new(TLSSettings)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TrafficPolicy) DeepCopyInto(out *TrafficPolicy) {
*out = *in
if in.LoadBalancer != nil {
in, out := &in.LoadBalancer, &out.LoadBalancer
*out = new(LoadBalancerSettings)
(*in).DeepCopyInto(*out)
}
if in.ConnectionPool != nil {
in, out := &in.ConnectionPool, &out.ConnectionPool
*out = new(ConnectionPoolSettings)
(*in).DeepCopyInto(*out)
}
if in.OutlierDetection != nil {
in, out := &in.OutlierDetection, &out.OutlierDetection
*out = new(OutlierDetection)
**out = **in
}
if in.Tls != nil {
in, out := &in.Tls, &out.Tls
*out = new(TLSSettings)
(*in).DeepCopyInto(*out)
}
if in.PortLevelSettings != nil {
in, out := &in.PortLevelSettings, &out.PortLevelSettings
*out = make([]PortTrafficPolicy, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy.
func (in *TrafficPolicy) DeepCopy() *TrafficPolicy {
if in == nil {
return nil
}
out := new(TrafficPolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VirtualService) DeepCopyInto(out *VirtualService) {
*out = *in

24
client/clientset/versioned/clientset.go generated
View File

@ -19,6 +19,7 @@ limitations under the License.
package versioned
import (
authenticationv1alpha1 "github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1"
networkingv1alpha3 "github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3"
discovery "k8s.io/client-go/discovery"
rest "k8s.io/client-go/rest"
@ -27,6 +28,9 @@ import (
type Interface interface {
Discovery() discovery.DiscoveryInterface
AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface
// Deprecated: please explicitly pick a version if possible.
Authentication() authenticationv1alpha1.AuthenticationV1alpha1Interface
NetworkingV1alpha3() networkingv1alpha3.NetworkingV1alpha3Interface
// Deprecated: please explicitly pick a version if possible.
Networking() networkingv1alpha3.NetworkingV1alpha3Interface
@ -36,7 +40,19 @@ type Interface interface {
// version included in a Clientset.
type Clientset struct {
*discovery.DiscoveryClient
networkingV1alpha3 *networkingv1alpha3.NetworkingV1alpha3Client
authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client
networkingV1alpha3 *networkingv1alpha3.NetworkingV1alpha3Client
}
// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
return c.authenticationV1alpha1
}
// Deprecated: Authentication retrieves the default version of AuthenticationClient.
// Please explicitly pick a version.
func (c *Clientset) Authentication() authenticationv1alpha1.AuthenticationV1alpha1Interface {
return c.authenticationV1alpha1
}
// NetworkingV1alpha3 retrieves the NetworkingV1alpha3Client
@ -66,6 +82,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
}
var cs Clientset
var err error
cs.authenticationV1alpha1, err = authenticationv1alpha1.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
cs.networkingV1alpha3, err = networkingv1alpha3.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
@ -82,6 +102,7 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *Clientset {
var cs Clientset
cs.authenticationV1alpha1 = authenticationv1alpha1.NewForConfigOrDie(c)
cs.networkingV1alpha3 = networkingv1alpha3.NewForConfigOrDie(c)
cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
@ -91,6 +112,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
// New creates a new Clientset for the given RESTClient.
func New(c rest.Interface) *Clientset {
var cs Clientset
cs.authenticationV1alpha1 = authenticationv1alpha1.New(c)
cs.networkingV1alpha3 = networkingv1alpha3.New(c)
cs.DiscoveryClient = discovery.NewDiscoveryClient(c)

12
client/clientset/versioned/fake/clientset_generated.go generated
View File

@ -20,6 +20,8 @@ package fake
import (
clientset "github.com/knative/pkg/client/clientset/versioned"
authenticationv1alpha1 "github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1"
fakeauthenticationv1alpha1 "github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/fake"
networkingv1alpha3 "github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3"
fakenetworkingv1alpha3 "github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3/fake"
"k8s.io/apimachinery/pkg/runtime"
@ -71,6 +73,16 @@ func (c *Clientset) Discovery() discovery.DiscoveryInterface {
var _ clientset.Interface = &Clientset{}
// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
return &fakeauthenticationv1alpha1.FakeAuthenticationV1alpha1{Fake: &c.Fake}
}
// Authentication retrieves the AuthenticationV1alpha1Client
func (c *Clientset) Authentication() authenticationv1alpha1.AuthenticationV1alpha1Interface {
return &fakeauthenticationv1alpha1.FakeAuthenticationV1alpha1{Fake: &c.Fake}
}
// NetworkingV1alpha3 retrieves the NetworkingV1alpha3Client
func (c *Clientset) NetworkingV1alpha3() networkingv1alpha3.NetworkingV1alpha3Interface {
return &fakenetworkingv1alpha3.FakeNetworkingV1alpha3{Fake: &c.Fake}

2
client/clientset/versioned/fake/register.go generated
View File

@ -19,6 +19,7 @@ limitations under the License.
package fake
import (
authenticationv1alpha1 "github.com/knative/pkg/apis/istio/authentication/v1alpha1"
networkingv1alpha3 "github.com/knative/pkg/apis/istio/v1alpha3"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
@ -50,5 +51,6 @@ func init() {
// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
// correctly.
func AddToScheme(scheme *runtime.Scheme) {
authenticationv1alpha1.AddToScheme(scheme)
networkingv1alpha3.AddToScheme(scheme)
}

2
client/clientset/versioned/scheme/register.go generated
View File

@ -19,6 +19,7 @@ limitations under the License.
package scheme
import (
authenticationv1alpha1 "github.com/knative/pkg/apis/istio/authentication/v1alpha1"
networkingv1alpha3 "github.com/knative/pkg/apis/istio/v1alpha3"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
@ -50,5 +51,6 @@ func init() {
// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
// correctly.
func AddToScheme(scheme *runtime.Scheme) {
authenticationv1alpha1.AddToScheme(scheme)
networkingv1alpha3.AddToScheme(scheme)
}

90
client/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go generated Normal file
View File

@ -0,0 +1,90 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "github.com/knative/pkg/apis/istio/authentication/v1alpha1"
"github.com/knative/pkg/client/clientset/versioned/scheme"
serializer "k8s.io/apimachinery/pkg/runtime/serializer"
rest "k8s.io/client-go/rest"
)
type AuthenticationV1alpha1Interface interface {
RESTClient() rest.Interface
PoliciesGetter
}
// AuthenticationV1alpha1Client is used to interact with features provided by the authentication.istio.io group.
type AuthenticationV1alpha1Client struct {
restClient rest.Interface
}
func (c *AuthenticationV1alpha1Client) Policies(namespace string) PolicyInterface {
return newPolicies(c, namespace)
}
// NewForConfig creates a new AuthenticationV1alpha1Client for the given config.
func NewForConfig(c *rest.Config) (*AuthenticationV1alpha1Client, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
}
client, err := rest.RESTClientFor(&config)
if err != nil {
return nil, err
}
return &AuthenticationV1alpha1Client{client}, nil
}
// NewForConfigOrDie creates a new AuthenticationV1alpha1Client for the given config and
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *AuthenticationV1alpha1Client {
client, err := NewForConfig(c)
if err != nil {
panic(err)
}
return client
}
// New creates a new AuthenticationV1alpha1Client for the given RESTClient.
func New(c rest.Interface) *AuthenticationV1alpha1Client {
return &AuthenticationV1alpha1Client{c}
}
func setConfigDefaults(config *rest.Config) error {
gv := v1alpha1.SchemeGroupVersion
config.GroupVersion = &gv
config.APIPath = "/apis"
config.NegotiatedSerializer = serializer.DirectCodecFactory{CodecFactory: scheme.Codecs}
if config.UserAgent == "" {
config.UserAgent = rest.DefaultKubernetesUserAgent()
}
return nil
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *AuthenticationV1alpha1Client) RESTClient() rest.Interface {
if c == nil {
return nil
}
return c.restClient
}

20
client/clientset/versioned/typed/authentication/v1alpha1/doc.go generated Normal file
View File

@ -0,0 +1,20 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// This package has the automatically generated typed clients.
package v1alpha1

20
client/clientset/versioned/typed/authentication/v1alpha1/fake/doc.go generated Normal file
View File

@ -0,0 +1,20 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// Package fake has the automatically generated clients.
package fake

40
client/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go generated Normal file
View File

@ -0,0 +1,40 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha1 "github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1"
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
)
type FakeAuthenticationV1alpha1 struct {
*testing.Fake
}
func (c *FakeAuthenticationV1alpha1) Policies(namespace string) v1alpha1.PolicyInterface {
return &FakePolicies{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakeAuthenticationV1alpha1) RESTClient() rest.Interface {
var ret *rest.RESTClient
return ret
}

128
client/clientset/versioned/typed/authentication/v1alpha1/fake/fake_policy.go generated Normal file
View File

@ -0,0 +1,128 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha1 "github.com/knative/pkg/apis/istio/authentication/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakePolicies implements PolicyInterface
type FakePolicies struct {
Fake *FakeAuthenticationV1alpha1
ns string
}
var policiesResource = schema.GroupVersionResource{Group: "authentication.istio.io", Version: "v1alpha1", Resource: "policies"}
var policiesKind = schema.GroupVersionKind{Group: "authentication.istio.io", Version: "v1alpha1", Kind: "Policy"}
// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any.
func (c *FakePolicies) Get(name string, options v1.GetOptions) (result *v1alpha1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(policiesResource, c.ns, name), &v1alpha1.Policy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.Policy), err
}
// List takes label and field selectors, and returns the list of Policies that match those selectors.
func (c *FakePolicies) List(opts v1.ListOptions) (result *v1alpha1.PolicyList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(policiesResource, policiesKind, c.ns, opts), &v1alpha1.PolicyList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha1.PolicyList{ListMeta: obj.(*v1alpha1.PolicyList).ListMeta}
for _, item := range obj.(*v1alpha1.PolicyList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested policies.
func (c *FakePolicies) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(policiesResource, c.ns, opts))
}
// Create takes the representation of a policy and creates it. Returns the server's representation of the policy, and an error, if there is any.
func (c *FakePolicies) Create(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(policiesResource, c.ns, policy), &v1alpha1.Policy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.Policy), err
}
// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any.
func (c *FakePolicies) Update(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(policiesResource, c.ns, policy), &v1alpha1.Policy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.Policy), err
}
// Delete takes name of the policy and deletes it. Returns an error if one occurs.
func (c *FakePolicies) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(policiesResource, c.ns, name), &v1alpha1.Policy{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakePolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(policiesResource, c.ns, listOptions)
_, err := c.Fake.Invokes(action, &v1alpha1.PolicyList{})
return err
}
// Patch applies the patch and returns the patched policy.
func (c *FakePolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(policiesResource, c.ns, name, data, subresources...), &v1alpha1.Policy{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.Policy), err
}

21
client/clientset/versioned/typed/authentication/v1alpha1/generated_expansion.go generated Normal file
View File

@ -0,0 +1,21 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
type PolicyExpansion interface{}

157
client/clientset/versioned/typed/authentication/v1alpha1/policy.go generated Normal file
View File

@ -0,0 +1,157 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "github.com/knative/pkg/apis/istio/authentication/v1alpha1"
scheme "github.com/knative/pkg/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// PoliciesGetter has a method to return a PolicyInterface.
// A group's client should implement this interface.
type PoliciesGetter interface {
Policies(namespace string) PolicyInterface
}
// PolicyInterface has methods to work with Policy resources.
type PolicyInterface interface {
Create(*v1alpha1.Policy) (*v1alpha1.Policy, error)
Update(*v1alpha1.Policy) (*v1alpha1.Policy, error)
Delete(name string, options *v1.DeleteOptions) error
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
Get(name string, options v1.GetOptions) (*v1alpha1.Policy, error)
List(opts v1.ListOptions) (*v1alpha1.PolicyList, error)
Watch(opts v1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error)
PolicyExpansion
}
// policies implements PolicyInterface
type policies struct {
client rest.Interface
ns string
}
// newPolicies returns a Policies
func newPolicies(c *AuthenticationV1alpha1Client, namespace string) *policies {
return &policies{
client: c.RESTClient(),
ns: namespace,
}
}
// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any.
func (c *policies) Get(name string, options v1.GetOptions) (result *v1alpha1.Policy, err error) {
result = &v1alpha1.Policy{}
err = c.client.Get().
Namespace(c.ns).
Resource("policies").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of Policies that match those selectors.
func (c *policies) List(opts v1.ListOptions) (result *v1alpha1.PolicyList, err error) {
result = &v1alpha1.PolicyList{}
err = c.client.Get().
Namespace(c.ns).
Resource("policies").
VersionedParams(&opts, scheme.ParameterCodec).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested policies.
func (c *policies) Watch(opts v1.ListOptions) (watch.Interface, error) {
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("policies").
VersionedParams(&opts, scheme.ParameterCodec).
Watch()
}
// Create takes the representation of a policy and creates it. Returns the server's representation of the policy, and an error, if there is any.
func (c *policies) Create(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
result = &v1alpha1.Policy{}
err = c.client.Post().
Namespace(c.ns).
Resource("policies").
Body(policy).
Do().
Into(result)
return
}
// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any.
func (c *policies) Update(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
result = &v1alpha1.Policy{}
err = c.client.Put().
Namespace(c.ns).
Resource("policies").
Name(policy.Name).
Body(policy).
Do().
Into(result)
return
}
// Delete takes name of the policy and deletes it. Returns an error if one occurs.
func (c *policies) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("policies").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *policies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("policies").
VersionedParams(&listOptions, scheme.ParameterCodec).
Body(options).
Do().
Error()
}
// Patch applies the patch and returns the patched policy.
func (c *policies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error) {
result = &v1alpha1.Policy{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("policies").
SubResource(subresources...).
Name(name).
Body(data).
Do().
Into(result)
return
}

157
client/clientset/versioned/typed/istio/v1alpha3/destinationrule.go generated Normal file
View File

@ -0,0 +1,157 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha3
import (
v1alpha3 "github.com/knative/pkg/apis/istio/v1alpha3"
scheme "github.com/knative/pkg/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// DestinationRulesGetter has a method to return a DestinationRuleInterface.
// A group's client should implement this interface.
type DestinationRulesGetter interface {
DestinationRules(namespace string) DestinationRuleInterface
}
// DestinationRuleInterface has methods to work with DestinationRule resources.
type DestinationRuleInterface interface {
Create(*v1alpha3.DestinationRule) (*v1alpha3.DestinationRule, error)
Update(*v1alpha3.DestinationRule) (*v1alpha3.DestinationRule, error)
Delete(name string, options *v1.DeleteOptions) error
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
Get(name string, options v1.GetOptions) (*v1alpha3.DestinationRule, error)
List(opts v1.ListOptions) (*v1alpha3.DestinationRuleList, error)
Watch(opts v1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha3.DestinationRule, err error)
DestinationRuleExpansion
}
// destinationRules implements DestinationRuleInterface
type destinationRules struct {
client rest.Interface
ns string
}
// newDestinationRules returns a DestinationRules
func newDestinationRules(c *NetworkingV1alpha3Client, namespace string) *destinationRules {
return &destinationRules{
client: c.RESTClient(),
ns: namespace,
}
}
// Get takes name of the destinationRule, and returns the corresponding destinationRule object, and an error if there is any.
func (c *destinationRules) Get(name string, options v1.GetOptions) (result *v1alpha3.DestinationRule, err error) {
result = &v1alpha3.DestinationRule{}
err = c.client.Get().
Namespace(c.ns).
Resource("destinationrules").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of DestinationRules that match those selectors.
func (c *destinationRules) List(opts v1.ListOptions) (result *v1alpha3.DestinationRuleList, err error) {
result = &v1alpha3.DestinationRuleList{}
err = c.client.Get().
Namespace(c.ns).
Resource("destinationrules").
VersionedParams(&opts, scheme.ParameterCodec).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested destinationRules.
func (c *destinationRules) Watch(opts v1.ListOptions) (watch.Interface, error) {
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("destinationrules").
VersionedParams(&opts, scheme.ParameterCodec).
Watch()
}
// Create takes the representation of a destinationRule and creates it. Returns the server's representation of the destinationRule, and an error, if there is any.
func (c *destinationRules) Create(destinationRule *v1alpha3.DestinationRule) (result *v1alpha3.DestinationRule, err error) {
result = &v1alpha3.DestinationRule{}
err = c.client.Post().
Namespace(c.ns).
Resource("destinationrules").
Body(destinationRule).
Do().
Into(result)
return
}
// Update takes the representation of a destinationRule and updates it. Returns the server's representation of the destinationRule, and an error, if there is any.
func (c *destinationRules) Update(destinationRule *v1alpha3.DestinationRule) (result *v1alpha3.DestinationRule, err error) {
result = &v1alpha3.DestinationRule{}
err = c.client.Put().
Namespace(c.ns).
Resource("destinationrules").
Name(destinationRule.Name).
Body(destinationRule).
Do().
Into(result)
return
}
// Delete takes name of the destinationRule and deletes it. Returns an error if one occurs.
func (c *destinationRules) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("destinationrules").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *destinationRules) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("destinationrules").
VersionedParams(&listOptions, scheme.ParameterCodec).
Body(options).
Do().
Error()
}
// Patch applies the patch and returns the patched destinationRule.
func (c *destinationRules) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha3.DestinationRule, err error) {
result = &v1alpha3.DestinationRule{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("destinationrules").
SubResource(subresources...).
Name(name).
Body(data).
Do().
Into(result)
return
}

128
client/clientset/versioned/typed/istio/v1alpha3/fake/fake_destinationrule.go generated Normal file
View File

@ -0,0 +1,128 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha3 "github.com/knative/pkg/apis/istio/v1alpha3"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakeDestinationRules implements DestinationRuleInterface
type FakeDestinationRules struct {
Fake *FakeNetworkingV1alpha3
ns string
}
var destinationrulesResource = schema.GroupVersionResource{Group: "networking.istio.io", Version: "v1alpha3", Resource: "destinationrules"}
var destinationrulesKind = schema.GroupVersionKind{Group: "networking.istio.io", Version: "v1alpha3", Kind: "DestinationRule"}
// Get takes name of the destinationRule, and returns the corresponding destinationRule object, and an error if there is any.
func (c *FakeDestinationRules) Get(name string, options v1.GetOptions) (result *v1alpha3.DestinationRule, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(destinationrulesResource, c.ns, name), &v1alpha3.DestinationRule{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha3.DestinationRule), err
}
// List takes label and field selectors, and returns the list of DestinationRules that match those selectors.
func (c *FakeDestinationRules) List(opts v1.ListOptions) (result *v1alpha3.DestinationRuleList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(destinationrulesResource, destinationrulesKind, c.ns, opts), &v1alpha3.DestinationRuleList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha3.DestinationRuleList{ListMeta: obj.(*v1alpha3.DestinationRuleList).ListMeta}
for _, item := range obj.(*v1alpha3.DestinationRuleList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested destinationRules.
func (c *FakeDestinationRules) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(destinationrulesResource, c.ns, opts))
}
// Create takes the representation of a destinationRule and creates it. Returns the server's representation of the destinationRule, and an error, if there is any.
func (c *FakeDestinationRules) Create(destinationRule *v1alpha3.DestinationRule) (result *v1alpha3.DestinationRule, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(destinationrulesResource, c.ns, destinationRule), &v1alpha3.DestinationRule{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha3.DestinationRule), err
}
// Update takes the representation of a destinationRule and updates it. Returns the server's representation of the destinationRule, and an error, if there is any.
func (c *FakeDestinationRules) Update(destinationRule *v1alpha3.DestinationRule) (result *v1alpha3.DestinationRule, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(destinationrulesResource, c.ns, destinationRule), &v1alpha3.DestinationRule{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha3.DestinationRule), err
}
// Delete takes name of the destinationRule and deletes it. Returns an error if one occurs.
func (c *FakeDestinationRules) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(destinationrulesResource, c.ns, name), &v1alpha3.DestinationRule{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeDestinationRules) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(destinationrulesResource, c.ns, listOptions)
_, err := c.Fake.Invokes(action, &v1alpha3.DestinationRuleList{})
return err
}
// Patch applies the patch and returns the patched destinationRule.
func (c *FakeDestinationRules) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha3.DestinationRule, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(destinationrulesResource, c.ns, name, data, subresources...), &v1alpha3.DestinationRule{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha3.DestinationRule), err
}

4
client/clientset/versioned/typed/istio/v1alpha3/fake/fake_istio_client.go generated
View File

@ -28,6 +28,10 @@ type FakeNetworkingV1alpha3 struct {
*testing.Fake
}
func (c *FakeNetworkingV1alpha3) DestinationRules(namespace string) v1alpha3.DestinationRuleInterface {
return &FakeDestinationRules{c, namespace}
}
func (c *FakeNetworkingV1alpha3) Gateways(namespace string) v1alpha3.GatewayInterface {
return &FakeGateways{c, namespace}
}

2
client/clientset/versioned/typed/istio/v1alpha3/generated_expansion.go generated
View File

@ -18,6 +18,8 @@ limitations under the License.
package v1alpha3
type DestinationRuleExpansion interface{}
type GatewayExpansion interface{}
type VirtualServiceExpansion interface{}

5
client/clientset/versioned/typed/istio/v1alpha3/istio_client.go generated
View File

@ -27,6 +27,7 @@ import (
type NetworkingV1alpha3Interface interface {
RESTClient() rest.Interface
DestinationRulesGetter
GatewaysGetter
VirtualServicesGetter
}
@ -36,6 +37,10 @@ type NetworkingV1alpha3Client struct {
restClient rest.Interface
}
func (c *NetworkingV1alpha3Client) DestinationRules(namespace string) DestinationRuleInterface {
return newDestinationRules(c, namespace)
}
func (c *NetworkingV1alpha3Client) Gateways(namespace string) GatewayInterface {
return newGateways(c, namespace)
}

46
client/informers/externalversions/authentication/interface.go generated Normal file
View File

@ -0,0 +1,46 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package authentication
import (
v1alpha1 "github.com/knative/pkg/client/informers/externalversions/authentication/v1alpha1"
internalinterfaces "github.com/knative/pkg/client/informers/externalversions/internalinterfaces"
)
// Interface provides access to each of this group's versions.
type Interface interface {
// V1alpha1 provides access to shared informers for resources in V1alpha1.
V1alpha1() v1alpha1.Interface
}
type group struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// V1alpha1 returns a new v1alpha1.Interface.
func (g *group) V1alpha1() v1alpha1.Interface {
return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
}

45
client/informers/externalversions/authentication/v1alpha1/interface.go generated Normal file
View File

@ -0,0 +1,45 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha1
import (
internalinterfaces "github.com/knative/pkg/client/informers/externalversions/internalinterfaces"
)
// Interface provides access to all the informers in this group version.
type Interface interface {
// Policies returns a PolicyInformer.
Policies() PolicyInformer
}
type version struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// Policies returns a PolicyInformer.
func (v *version) Policies() PolicyInformer {
return &policyInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

89
client/informers/externalversions/authentication/v1alpha1/policy.go generated Normal file
View File

@ -0,0 +1,89 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha1
import (
time "time"
authenticationv1alpha1 "github.com/knative/pkg/apis/istio/authentication/v1alpha1"
versioned "github.com/knative/pkg/client/clientset/versioned"
internalinterfaces "github.com/knative/pkg/client/informers/externalversions/internalinterfaces"
v1alpha1 "github.com/knative/pkg/client/listers/authentication/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
)
// PolicyInformer provides access to a shared informer and lister for
// Policies.
type PolicyInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1alpha1.PolicyLister
}
type policyInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewPolicyInformer constructs a new informer for Policy type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewPolicyInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredPolicyInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredPolicyInformer constructs a new informer for Policy type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredPolicyInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.AuthenticationV1alpha1().Policies(namespace).List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.AuthenticationV1alpha1().Policies(namespace).Watch(options)
},
},
&authenticationv1alpha1.Policy{},
resyncPeriod,
indexers,
)
}
func (f *policyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredPolicyInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *policyInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&authenticationv1alpha1.Policy{}, f.defaultInformer)
}
func (f *policyInformer) Lister() v1alpha1.PolicyLister {
return v1alpha1.NewPolicyLister(f.Informer().GetIndexer())
}

6
client/informers/externalversions/factory.go generated
View File

@ -24,6 +24,7 @@ import (
time "time"
versioned "github.com/knative/pkg/client/clientset/versioned"
authentication "github.com/knative/pkg/client/informers/externalversions/authentication"
internalinterfaces "github.com/knative/pkg/client/informers/externalversions/internalinterfaces"
istio "github.com/knative/pkg/client/informers/externalversions/istio"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -172,9 +173,14 @@ type SharedInformerFactory interface {
ForResource(resource schema.GroupVersionResource) (GenericInformer, error)
WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool
Authentication() authentication.Interface
Networking() istio.Interface
}
func (f *sharedInformerFactory) Authentication() authentication.Interface {
return authentication.New(f, f.namespace, f.tweakListOptions)
}
func (f *sharedInformerFactory) Networking() istio.Interface {
return istio.New(f, f.namespace, f.tweakListOptions)
}

9
client/informers/externalversions/generic.go generated
View File

@ -21,6 +21,7 @@ package externalversions
import (
"fmt"
v1alpha1 "github.com/knative/pkg/apis/istio/authentication/v1alpha1"
v1alpha3 "github.com/knative/pkg/apis/istio/v1alpha3"
schema "k8s.io/apimachinery/pkg/runtime/schema"
cache "k8s.io/client-go/tools/cache"
@ -52,7 +53,13 @@ func (f *genericInformer) Lister() cache.GenericLister {
// TODO extend this to unknown resources with a client pool
func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) {
switch resource {
// Group=networking.istio.io, Version=v1alpha3
// Group=authentication.istio.io, Version=v1alpha1
case v1alpha1.SchemeGroupVersion.WithResource("policies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Authentication().V1alpha1().Policies().Informer()}, nil
// Group=networking.istio.io, Version=v1alpha3
case v1alpha3.SchemeGroupVersion.WithResource("destinationrules"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Networking().V1alpha3().DestinationRules().Informer()}, nil
case v1alpha3.SchemeGroupVersion.WithResource("gateways"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Networking().V1alpha3().Gateways().Informer()}, nil
case v1alpha3.SchemeGroupVersion.WithResource("virtualservices"):

89
client/informers/externalversions/istio/v1alpha3/destinationrule.go generated Normal file
View File

@ -0,0 +1,89 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha3
import (
time "time"
istiov1alpha3 "github.com/knative/pkg/apis/istio/v1alpha3"
versioned "github.com/knative/pkg/client/clientset/versioned"
internalinterfaces "github.com/knative/pkg/client/informers/externalversions/internalinterfaces"
v1alpha3 "github.com/knative/pkg/client/listers/istio/v1alpha3"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
)
// DestinationRuleInformer provides access to a shared informer and lister for
// DestinationRules.
type DestinationRuleInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1alpha3.DestinationRuleLister
}
type destinationRuleInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewDestinationRuleInformer constructs a new informer for DestinationRule type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewDestinationRuleInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredDestinationRuleInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredDestinationRuleInformer constructs a new informer for DestinationRule type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredDestinationRuleInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.NetworkingV1alpha3().DestinationRules(namespace).List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.NetworkingV1alpha3().DestinationRules(namespace).Watch(options)
},
},
&istiov1alpha3.DestinationRule{},
resyncPeriod,
indexers,
)
}
func (f *destinationRuleInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredDestinationRuleInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *destinationRuleInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&istiov1alpha3.DestinationRule{}, f.defaultInformer)
}
func (f *destinationRuleInformer) Lister() v1alpha3.DestinationRuleLister {
return v1alpha3.NewDestinationRuleLister(f.Informer().GetIndexer())
}

7
client/informers/externalversions/istio/v1alpha3/interface.go generated
View File

@ -24,6 +24,8 @@ import (
// Interface provides access to all the informers in this group version.
type Interface interface {
// DestinationRules returns a DestinationRuleInformer.
DestinationRules() DestinationRuleInformer
// Gateways returns a GatewayInformer.
Gateways() GatewayInformer
// VirtualServices returns a VirtualServiceInformer.
@ -41,6 +43,11 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// DestinationRules returns a DestinationRuleInformer.
func (v *version) DestinationRules() DestinationRuleInformer {
return &destinationRuleInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}
// Gateways returns a GatewayInformer.
func (v *version) Gateways() GatewayInformer {
return &gatewayInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}

27
client/listers/authentication/v1alpha1/expansion_generated.go generated Normal file
View File

@ -0,0 +1,27 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
// PolicyListerExpansion allows custom methods to be added to
// PolicyLister.
type PolicyListerExpansion interface{}
// PolicyNamespaceListerExpansion allows custom methods to be added to
// PolicyNamespaceLister.
type PolicyNamespaceListerExpansion interface{}

94
client/listers/authentication/v1alpha1/policy.go generated Normal file
View File

@ -0,0 +1,94 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "github.com/knative/pkg/apis/istio/authentication/v1alpha1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// PolicyLister helps list Policies.
type PolicyLister interface {
// List lists all Policies in the indexer.
List(selector labels.Selector) (ret []*v1alpha1.Policy, err error)
// Policies returns an object that can list and get Policies.
Policies(namespace string) PolicyNamespaceLister
PolicyListerExpansion
}
// policyLister implements the PolicyLister interface.
type policyLister struct {
indexer cache.Indexer
}
// NewPolicyLister returns a new PolicyLister.
func NewPolicyLister(indexer cache.Indexer) PolicyLister {
return &policyLister{indexer: indexer}
}
// List lists all Policies in the indexer.
func (s *policyLister) List(selector labels.Selector) (ret []*v1alpha1.Policy, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.Policy))
})
return ret, err
}
// Policies returns an object that can list and get Policies.
func (s *policyLister) Policies(namespace string) PolicyNamespaceLister {
return policyNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// PolicyNamespaceLister helps list and get Policies.
type PolicyNamespaceLister interface {
// List lists all Policies in the indexer for a given namespace.
List(selector labels.Selector) (ret []*v1alpha1.Policy, err error)
// Get retrieves the Policy from the indexer for a given namespace and name.
Get(name string) (*v1alpha1.Policy, error)
PolicyNamespaceListerExpansion
}
// policyNamespaceLister implements the PolicyNamespaceLister
// interface.
type policyNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all Policies in the indexer for a given namespace.
func (s policyNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.Policy, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.Policy))
})
return ret, err
}
// Get retrieves the Policy from the indexer for a given namespace and name.
func (s policyNamespaceLister) Get(name string) (*v1alpha1.Policy, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1alpha1.Resource("policy"), name)
}
return obj.(*v1alpha1.Policy), nil
}

94
client/listers/istio/v1alpha3/destinationrule.go generated Normal file
View File

@ -0,0 +1,94 @@
/*
Copyright 2018 The Knative Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha3
import (
v1alpha3 "github.com/knative/pkg/apis/istio/v1alpha3"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// DestinationRuleLister helps list DestinationRules.
type DestinationRuleLister interface {
// List lists all DestinationRules in the indexer.
List(selector labels.Selector) (ret []*v1alpha3.DestinationRule, err error)
// DestinationRules returns an object that can list and get DestinationRules.
DestinationRules(namespace string) DestinationRuleNamespaceLister
DestinationRuleListerExpansion
}
// destinationRuleLister implements the DestinationRuleLister interface.
type destinationRuleLister struct {
indexer cache.Indexer
}
// NewDestinationRuleLister returns a new DestinationRuleLister.
func NewDestinationRuleLister(indexer cache.Indexer) DestinationRuleLister {
return &destinationRuleLister{indexer: indexer}
}
// List lists all DestinationRules in the indexer.
func (s *destinationRuleLister) List(selector labels.Selector) (ret []*v1alpha3.DestinationRule, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha3.DestinationRule))
})
return ret, err
}
// DestinationRules returns an object that can list and get DestinationRules.
func (s *destinationRuleLister) DestinationRules(namespace string) DestinationRuleNamespaceLister {
return destinationRuleNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// DestinationRuleNamespaceLister helps list and get DestinationRules.
type DestinationRuleNamespaceLister interface {
// List lists all DestinationRules in the indexer for a given namespace.
List(selector labels.Selector) (ret []*v1alpha3.DestinationRule, err error)
// Get retrieves the DestinationRule from the indexer for a given namespace and name.
Get(name string) (*v1alpha3.DestinationRule, error)
DestinationRuleNamespaceListerExpansion
}
// destinationRuleNamespaceLister implements the DestinationRuleNamespaceLister
// interface.
type destinationRuleNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all DestinationRules in the indexer for a given namespace.
func (s destinationRuleNamespaceLister) List(selector labels.Selector) (ret []*v1alpha3.DestinationRule, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha3.DestinationRule))
})
return ret, err
}
// Get retrieves the DestinationRule from the indexer for a given namespace and name.
func (s destinationRuleNamespaceLister) Get(name string) (*v1alpha3.DestinationRule, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1alpha3.Resource("destinationrule"), name)
}
return obj.(*v1alpha3.DestinationRule), nil
}

8
client/listers/istio/v1alpha3/expansion_generated.go generated
View File

@ -18,6 +18,14 @@ limitations under the License.
package v1alpha3
// DestinationRuleListerExpansion allows custom methods to be added to
// DestinationRuleLister.
type DestinationRuleListerExpansion interface{}
// DestinationRuleNamespaceListerExpansion allows custom methods to be added to
// DestinationRuleNamespaceLister.
type DestinationRuleNamespaceListerExpansion interface{}
// GatewayListerExpansion allows custom methods to be added to
// GatewayLister.
type GatewayListerExpansion interface{}

2
hack/update-codegen.sh
View File

@ -29,7 +29,7 @@ go install ./vendor/k8s.io/code-generator/cmd/deepcopy-gen
# instead of the $GOPATH directly. For normal projects this can be dropped.
${CODEGEN_PKG}/generate-groups.sh "deepcopy,client,informer,lister" \
github.com/knative/pkg/client github.com/knative/pkg/apis \
"istio:v1alpha3" \
"istio:v1alpha3 istio/authentication:v1alpha1" \
--go-header-file ${PKG_ROOT}/hack/boilerplate/boilerplate.go.txt
# Depends on generate-groups.sh to install bin/deepcopy-gen