@@ -16,6 +16,51 @@ limitations under the License.
1616
1717package v1alpha1
1818
19+ // ListenerProtocol represents the protocol used by a listener.
20+ // +kubebuilder:validation:Enum=HTTP;HTTPS;SCTP;PROMETHEUS;TCP;TERMINATED_HTTPS;UDP
21+ type ListenerProtocol string
22+
23+ const (
24+ ListenerProtocolHTTP ListenerProtocol = "HTTP"
25+ ListenerProtocolHTTPS ListenerProtocol = "HTTPS"
26+ ListenerProtocolSCTP ListenerProtocol = "SCTP"
27+ ListenerProtocolPROMETHEUS ListenerProtocol = "PROMETHEUS"
28+ ListenerProtocolTCP ListenerProtocol = "TCP"
29+ ListenerProtocolTerminatedHTTPS ListenerProtocol = "TERMINATED_HTTPS"
30+ ListenerProtocolUDP ListenerProtocol = "UDP"
31+ )
32+
33+ // ListenerClientAuthentication represents TLS client authentication mode.
34+ // +kubebuilder:validation:Enum=NONE;OPTIONAL;MANDATORY
35+ type ListenerClientAuthentication string
36+
37+ const (
38+ ListenerClientAuthNone ListenerClientAuthentication = "NONE"
39+ ListenerClientAuthOptional ListenerClientAuthentication = "OPTIONAL"
40+ ListenerClientAuthMandatory ListenerClientAuthentication = "MANDATORY"
41+ )
42+
43+ // +kubebuilder:validation:MinLength:=1
44+ // +kubebuilder:validation:MaxLength:=255
45+ type ListenerTag string
46+
47+ // ListenerHSTS represents HTTP Strict Transport Security configuration.
48+ type ListenerHSTS struct {
49+ // maxAge is the maximum time in seconds that the browser should remember
50+ // that this site is only to be accessed using HTTPS.
51+ // +kubebuilder:validation:Minimum=0
52+ // +optional
53+ MaxAge * int32 `json:"maxAge,omitempty"`
54+
55+ // includeSubDomains specifies whether this rule applies to all subdomains.
56+ // +optional
57+ IncludeSubDomains * bool `json:"includeSubDomains,omitempty"`
58+
59+ // preload specifies whether the domain should be included in browsers' preload list.
60+ // +optional
61+ Preload * bool `json:"preload,omitempty"`
62+ }
63+
1964// ListenerResourceSpec contains the desired state of the resource.
2065type ListenerResourceSpec struct {
2166 // name will be the name of the created resource. If not specified, the
@@ -29,50 +74,195 @@ type ListenerResourceSpec struct {
2974 // +optional
3075 Description * string `json:"description,omitempty"`
3176
32- // loadBalancerRef is a reference to the ORC LoadBalancer which this resource is associated with .
77+ // loadBalancerRef is a reference to the LoadBalancer this listener belongs to .
3378 // +required
3479 // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="loadBalancerRef is immutable"
3580 LoadBalancerRef KubernetesNameRef `json:"loadBalancerRef,omitempty"`
3681
37- // poolRef is a reference to the ORC Pool which this resource is associated with.
82+ // protocol is the protocol the listener will use.
83+ // +required
84+ // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="protocol is immutable"
85+ Protocol ListenerProtocol `json:"protocol,omitempty"`
86+
87+ // protocolPort is the port on which the listener will accept connections.
88+ // +required
89+ // +kubebuilder:validation:Minimum=1
90+ // +kubebuilder:validation:Maximum=65535
91+ // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="protocolPort is immutable"
92+ ProtocolPort int32 `json:"protocolPort,omitempty"`
93+
94+ // adminStateUp is the administrative state of the listener, which is up (true) or down (false).
95+ // +optional
96+ AdminStateUp * bool `json:"adminStateUp,omitempty"`
97+
98+ // connectionLimit is the maximum number of connections permitted for this listener.
99+ // Default value is -1 which represents infinite connections.
100+ // +kubebuilder:validation:Minimum=-1
38101 // +optional
39- // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="poolRef is immutable"
40- PoolRef * KubernetesNameRef `json:"poolRef,omitempty"`
102+ ConnectionLimit * int32 `json:"connectionLimit,omitempty"`
41103
42- // TODO(scaffolding): Add more types.
43- // To see what is supported, you can take inspiration from the CreateOpts structure from
44- // github.com/gophercloud/gophercloud/v2/openstack/loadbalancer/v2/listeners
45- //
46- // Until you have implemented mutability for the field, you must add a CEL validation
47- // preventing the field being modified:
48- // `// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="<fieldname> is immutable"`
104+ // defaultTLSContainerRef is a reference to a secret containing a PKCS12 format
105+ // certificate/key bundle for TERMINATED_HTTPS listeners.
106+ // +kubebuilder:validation:MaxLength=255
107+ // +optional
108+ // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="defaultTLSContainerRef is immutable"
109+ DefaultTLSContainerRef * string `json:"defaultTLSContainerRef,omitempty"`
110+
111+ // sniContainerRefs is a list of references to secrets containing PKCS12 format
112+ // certificate/key bundles for TERMINATED_HTTPS listeners using SNI.
113+ // +listType=set
114+ // +optional
115+ // +kubebuilder:validation:MaxItems:=25
116+ // +kubebuilder:validation:items:MaxLength=255
117+ SNIContainerRefs []string `json:"sniContainerRefs,omitempty"`
118+
119+ // defaultPoolRef is a reference to the default Pool for this listener.
120+ // +optional
121+ // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="defaultPoolRef is immutable"
122+ DefaultPoolRef * KubernetesNameRef `json:"defaultPoolRef,omitempty"`
123+
124+ // insertHeaders is a dictionary of optional headers to insert into the request
125+ // before it is sent to the backend member.
126+ // +optional
127+ InsertHeaders map [string ]string `json:"insertHeaders,omitempty"`
128+
129+ // timeoutClientData is the frontend client inactivity timeout in milliseconds.
130+ // +kubebuilder:validation:Minimum=0
131+ // +optional
132+ TimeoutClientData * int32 `json:"timeoutClientData,omitempty"`
133+
134+ // timeoutMemberConnect is the backend member connection timeout in milliseconds.
135+ // +kubebuilder:validation:Minimum=0
136+ // +optional
137+ TimeoutMemberConnect * int32 `json:"timeoutMemberConnect,omitempty"`
138+
139+ // timeoutMemberData is the backend member inactivity timeout in milliseconds.
140+ // +kubebuilder:validation:Minimum=0
141+ // +optional
142+ TimeoutMemberData * int32 `json:"timeoutMemberData,omitempty"`
143+
144+ // timeoutTCPInspect is the time in milliseconds to wait for additional TCP packets
145+ // for content inspection.
146+ // +kubebuilder:validation:Minimum=0
147+ // +optional
148+ TimeoutTCPInspect * int32 `json:"timeoutTCPInspect,omitempty"`
149+
150+ // allowedCIDRs is a list of IPv4/IPv6 CIDRs that are permitted to connect to this listener.
151+ // +listType=set
152+ // +optional
153+ // +kubebuilder:validation:MaxItems:=256
154+ // +kubebuilder:validation:items:MaxLength=64
155+ AllowedCIDRs []string `json:"allowedCIDRs,omitempty"`
156+
157+ // tlsCiphers is a colon-separated list of ciphers for TLS-terminated listeners.
158+ // +kubebuilder:validation:MaxLength=2048
159+ // +optional
160+ TLSCiphers * string `json:"tlsCiphers,omitempty"`
161+
162+ // tlsVersions is a list of TLS protocol versions to be used by the listener.
163+ // +listType=set
164+ // +optional
165+ // +kubebuilder:validation:MaxItems:=10
166+ // +kubebuilder:validation:items:MaxLength=32
167+ TLSVersions []string `json:"tlsVersions,omitempty"`
168+
169+ // alpnProtocols is a list of ALPN protocols for TLS-enabled listeners.
170+ // +listType=set
171+ // +optional
172+ // +kubebuilder:validation:MaxItems:=10
173+ // +kubebuilder:validation:items:MaxLength=32
174+ ALPNProtocols []string `json:"alpnProtocols,omitempty"`
175+
176+ // clientAuthentication is the TLS client authentication mode.
177+ // +optional
178+ // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="clientAuthentication is immutable"
179+ ClientAuthentication * ListenerClientAuthentication `json:"clientAuthentication,omitempty"`
180+
181+ // clientCATLSContainerRef is a reference to a secret containing the CA certificate
182+ // for client authentication.
183+ // +kubebuilder:validation:MaxLength=255
184+ // +optional
185+ // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="clientCATLSContainerRef is immutable"
186+ ClientCATLSContainerRef * string `json:"clientCATLSContainerRef,omitempty"`
187+
188+ // clientCRLContainerRef is a reference to a secret containing the CA revocation list
189+ // for client authentication.
190+ // +kubebuilder:validation:MaxLength=255
191+ // +optional
192+ // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="clientCRLContainerRef is immutable"
193+ ClientCRLContainerRef * string `json:"clientCRLContainerRef,omitempty"`
194+
195+ // hsts is the HTTP Strict Transport Security configuration.
196+ // +optional
197+ HSTS * ListenerHSTS `json:"hsts,omitempty"`
198+
199+ // tags is a list of tags which will be applied to the listener.
200+ // +kubebuilder:validation:MaxItems:=64
201+ // +listType=set
202+ // +optional
203+ Tags []ListenerTag `json:"tags,omitempty"`
49204}
50205
51- // ListenerFilter defines an existing resource by its properties
206+ // ListenerFilter defines an existing resource by its properties.
52207// +kubebuilder:validation:MinProperties:=1
53208type ListenerFilter struct {
54- // name of the existing resource
209+ // name of the existing resource.
55210 // +optional
56211 Name * OpenStackName `json:"name,omitempty"`
57212
58- // description of the existing resource
213+ // description of the existing resource.
59214 // +kubebuilder:validation:MinLength:=1
60215 // +kubebuilder:validation:MaxLength:=255
61216 // +optional
62217 Description * string `json:"description,omitempty"`
63218
64- // loadBalancerRef is a reference to the ORC LoadBalancer which this resource is associated with .
219+ // loadBalancerRef filters by the LoadBalancer this listener belongs to .
65220 // +optional
66221 LoadBalancerRef * KubernetesNameRef `json:"loadBalancerRef,omitempty"`
67222
68- // TODO(scaffolding): Add more types.
69- // To see what is supported, you can take inspiration from the ListOpts structure from
70- // github.com/gophercloud/gophercloud/v2/openstack/loadbalancer/v2/listeners
223+ // protocol filters by the protocol used by the listener.
224+ // +optional
225+ Protocol * ListenerProtocol `json:"protocol,omitempty"`
226+
227+ // protocolPort filters by the port used by the listener.
228+ // +kubebuilder:validation:Minimum=1
229+ // +kubebuilder:validation:Maximum=65535
230+ // +optional
231+ ProtocolPort * int32 `json:"protocolPort,omitempty"`
232+
233+ // tags is a list of tags to filter by. If specified, the resource must
234+ // have all of the tags specified to be included in the result.
235+ // +listType=set
236+ // +optional
237+ // +kubebuilder:validation:MaxItems:=64
238+ Tags []ListenerTag `json:"tags,omitempty"`
239+
240+ // tagsAny is a list of tags to filter by. If specified, the resource
241+ // must have at least one of the tags specified to be included in the
242+ // result.
243+ // +listType=set
244+ // +optional
245+ // +kubebuilder:validation:MaxItems:=64
246+ TagsAny []ListenerTag `json:"tagsAny,omitempty"`
247+
248+ // notTags is a list of tags to filter by. If specified, resources which
249+ // contain all of the given tags will be excluded from the result.
250+ // +listType=set
251+ // +optional
252+ // +kubebuilder:validation:MaxItems:=64
253+ NotTags []ListenerTag `json:"notTags,omitempty"`
254+
255+ // notTagsAny is a list of tags to filter by. If specified, resources
256+ // which contain any of the given tags will be excluded from the result.
257+ // +listType=set
258+ // +optional
259+ // +kubebuilder:validation:MaxItems:=64
260+ NotTagsAny []ListenerTag `json:"notTagsAny,omitempty"`
71261}
72262
73263// ListenerResourceStatus represents the observed state of the resource.
74264type ListenerResourceStatus struct {
75- // name is a Human -readable name for the resource. Might not be unique .
265+ // name is a human -readable name for the resource.
76266 // +kubebuilder:validation:MaxLength=1024
77267 // +optional
78268 Name string `json:"name,omitempty"`
@@ -82,17 +272,75 @@ type ListenerResourceStatus struct {
82272 // +optional
83273 Description string `json:"description,omitempty"`
84274
85- // loadBalancerID is the ID of the LoadBalancer to which the resource is associated .
275+ // loadBalancerID is the ID of the LoadBalancer this listener belongs to .
86276 // +kubebuilder:validation:MaxLength=1024
87277 // +optional
88278 LoadBalancerID string `json:"loadBalancerID,omitempty"`
89279
90- // poolID is the ID of the Pool to which the resource is associated.
280+ // protocol is the protocol used by the listener.
281+ // +kubebuilder:validation:MaxLength=64
282+ // +optional
283+ Protocol string `json:"protocol,omitempty"`
284+
285+ // protocolPort is the port used by the listener.
286+ // +optional
287+ ProtocolPort int32 `json:"protocolPort,omitempty"`
288+
289+ // adminStateUp is the administrative state of the listener,
290+ // which is up (true) or down (false).
291+ // +optional
292+ AdminStateUp * bool `json:"adminStateUp,omitempty"`
293+
294+ // connectionLimit is the maximum number of connections permitted for this listener.
295+ // +optional
296+ ConnectionLimit int32 `json:"connectionLimit,omitempty"`
297+
298+ // defaultPoolID is the ID of the default pool for this listener.
299+ // +kubebuilder:validation:MaxLength=1024
300+ // +optional
301+ DefaultPoolID string `json:"defaultPoolID,omitempty"`
302+
303+ // provisioningStatus is the provisioning status of the listener.
91304 // +kubebuilder:validation:MaxLength=1024
92305 // +optional
93- PoolID string `json:"poolID,omitempty"`
306+ ProvisioningStatus string `json:"provisioningStatus,omitempty"`
307+
308+ // operatingStatus is the operating status of the listener.
309+ // +kubebuilder:validation:MaxLength=1024
310+ // +optional
311+ OperatingStatus string `json:"operatingStatus,omitempty"`
312+
313+ // allowedCIDRs is the list of CIDRs permitted to connect to this listener.
314+ // +listType=atomic
315+ // +optional
316+ // +kubebuilder:validation:MaxItems:=256
317+ // +kubebuilder:validation:items:MaxLength=64
318+ AllowedCIDRs []string `json:"allowedCIDRs,omitempty"`
94319
95- // TODO(scaffolding): Add more types.
96- // To see what is supported, you can take inspiration from the Listener structure from
97- // github.com/gophercloud/gophercloud/v2/openstack/loadbalancer/v2/listeners
320+ // timeoutClientData is the frontend client inactivity timeout in milliseconds.
321+ // +optional
322+ TimeoutClientData int32 `json:"timeoutClientData,omitempty"`
323+
324+ // timeoutMemberConnect is the backend member connection timeout in milliseconds.
325+ // +optional
326+ TimeoutMemberConnect int32 `json:"timeoutMemberConnect,omitempty"`
327+
328+ // timeoutMemberData is the backend member inactivity timeout in milliseconds.
329+ // +optional
330+ TimeoutMemberData int32 `json:"timeoutMemberData,omitempty"`
331+
332+ // timeoutTCPInspect is the time to wait for additional TCP packets in milliseconds.
333+ // +optional
334+ TimeoutTCPInspect int32 `json:"timeoutTCPInspect,omitempty"`
335+
336+ // insertHeaders is a dictionary of headers inserted into the request.
337+ // +optional
338+ InsertHeaders map [string ]string `json:"insertHeaders,omitempty"`
339+
340+ // tags is the list of tags on the resource.
341+ // +listType=atomic
342+ // +optional
343+ // +kubebuilder:validation:MaxItems:=64
344+ // +kubebuilder:validation:items:MaxLength=255
345+ Tags []string `json:"tags,omitempty"`
98346}
0 commit comments