ingress

package
v0.22.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2026 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Overview

Package ingress implements the Kubernetes Ingress Controller for Cloudflare Tunnels. It watches Ingress resources with the cloudflare-tunnel IngressClass and configures the tunnel to route traffic to the appropriate backends.

Index

Constants

View Source 
const (
	// AnnotationProtocol specifies the backend protocol: http, https, tcp, udp, ssh, rdp, smb, wss, ws
	// Can be used on both Ingress and Service resources.
	// Priority: Ingress annotation > Service annotation > appProtocol > port name > default
	AnnotationProtocol = AnnotationPrefix + "protocol"

	// AnnotationProtocolPrefix is the prefix for port-specific protocol annotations.
	// Usage: cloudflare.com/protocol-{port} = http|https|...
	// Example: cloudflare.com/protocol-9091 = http
	AnnotationProtocolPrefix = AnnotationPrefix + "protocol-"

	// AnnotationNoTLSVerify disables TLS verification for HTTPS origins ("true" or "false")
	AnnotationNoTLSVerify = AnnotationPrefix + "no-tls-verify"

	// AnnotationHTTP2Origin enables HTTP/2 to origin ("true" or "false")
	AnnotationHTTP2Origin = AnnotationPrefix + "http2-origin"

	// AnnotationCAPool specifies the Secret name containing CA certificate for backend verification
	AnnotationCAPool = AnnotationPrefix + "ca-pool"
)

Protocol annotations

View Source 
const (
	// AnnotationProxyAddress specifies the proxy address for bastion mode
	AnnotationProxyAddress = AnnotationPrefix + "proxy-address"

	// AnnotationProxyPort specifies the proxy port for bastion mode
	AnnotationProxyPort = AnnotationPrefix + "proxy-port"

	// AnnotationProxyType specifies the proxy type: "" (none) or "socks"
	AnnotationProxyType = AnnotationPrefix + "proxy-type"
)

Proxy annotations (for bastion/SOCKS mode)

View Source 
const (
	// AnnotationConnectTimeout specifies connection timeout (e.g., "30s")
	AnnotationConnectTimeout = AnnotationPrefix + "connect-timeout"

	// AnnotationTLSTimeout specifies TLS handshake timeout (e.g., "10s")
	AnnotationTLSTimeout = AnnotationPrefix + "tls-timeout"

	// AnnotationKeepAliveTimeout specifies keep-alive timeout (e.g., "90s")
	AnnotationKeepAliveTimeout = AnnotationPrefix + "keep-alive-timeout"

	// AnnotationKeepAliveConnections specifies max idle connections
	AnnotationKeepAliveConnections = AnnotationPrefix + "keep-alive-connections"
)

Connection settings

View Source 
const (
	// AnnotationOriginServerName overrides the hostname used for TLS verification
	AnnotationOriginServerName = AnnotationPrefix + "origin-server-name"

	// AnnotationHTTPHostHeader overrides the Host header sent to origin
	AnnotationHTTPHostHeader = AnnotationPrefix + "http-host-header"
)

Origin header settings

View Source 
const (
	// AnnotationDisableDNS disables DNS record creation for this Ingress ("true" to disable)
	AnnotationDisableDNS = AnnotationPrefix + "disable-dns"

	// AnnotationDNSProxied controls whether DNS is proxied through Cloudflare ("true" or "false")
	AnnotationDNSProxied = AnnotationPrefix + "dns-proxied"
)

DNS annotations

View Source 
const (
	// AnnotationDisableChunkedEncoding disables chunked transfer encoding
	AnnotationDisableChunkedEncoding = AnnotationPrefix + "disable-chunked-encoding"

	// AnnotationBastionMode enables bastion mode
	AnnotationBastionMode = AnnotationPrefix + "bastion-mode"
)

Advanced settings

View Source 
const (
	// ControllerName is the name registered with IngressClass
	ControllerName = "cloudflare-operator.io/ingress-controller"

	// FinalizerName is the finalizer added to managed Ingresses
	FinalizerName = "ingress.cloudflare-operator.io/finalizer"

	// ManagedByAnnotation marks resources managed by this controller
	ManagedByAnnotation = "cloudflare.com/managed-by"

	// ManagedByValue is the value for ManagedByAnnotation
	ManagedByValue = "cloudflare-operator-ingress"

	// IngressClassAnnotation is the legacy annotation for ingress class
	IngressClassAnnotation = "kubernetes.io/ingress.class"
)
View Source 
const AnnotationPrefix = "cloudflare.com/"

Annotation prefix for Cloudflare-specific annotations

Variables

This section is empty.

Functions

This section is empty.

Types

type AnnotationParser 

type AnnotationParser struct {
	// contains filtered or unexported fields
}

AnnotationParser helps parse annotation values

func NewAnnotationParser 

func NewAnnotationParser(annotations map[string]string) *AnnotationParser

NewAnnotationParser creates a new annotation parser

func (*AnnotationParser) GetBool 

func (p *AnnotationParser) GetBool(key string) (bool, bool)

GetBool returns the boolean value of an annotation and whether it was found nolint:revive // (value, ok) pattern is standard Go idiom

func (*AnnotationParser) GetBoolPtr 

func (p *AnnotationParser) GetBoolPtr(key string) *bool

GetBoolPtr returns a pointer to the boolean value of an annotation

func (*AnnotationParser) GetDuration 

func (p *AnnotationParser) GetDuration(key string) (time.Duration, bool)

GetDuration returns the duration value of an annotation

func (*AnnotationParser) GetInt 

func (p *AnnotationParser) GetInt(key string) (int, bool)

GetInt returns the integer value of an annotation

func (*AnnotationParser) GetString 

func (p *AnnotationParser) GetString(key string) (string, bool)

GetString returns the string value of an annotation

func (*AnnotationParser) GetUint16 

func (p *AnnotationParser) GetUint16(key string) (uint16, bool)

GetUint16 returns the uint16 value of an annotation

type ClusterTunnelWrapper 

type ClusterTunnelWrapper = tunnelpkg.ClusterTunnelWrapper

ClusterTunnelWrapper is an alias to the shared tunnel.ClusterTunnelWrapper for backward compatibility

type Reconciler 

type Reconciler struct {
	client.Client
	Scheme   *runtime.Scheme
	Recorder record.EventRecorder

	// OperatorNamespace is the namespace where the operator runs (for cluster-scoped resources)
	OperatorNamespace string
	// contains filtered or unexported fields
}

Reconciler reconciles standard Kubernetes Ingress resources

func (*Reconciler) Reconcile 

func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile handles Ingress reconciliation nolint:revive // Cognitive complexity is acceptable for a controller's main reconciliation loop

func (*Reconciler) SetupWithManager 

func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager

type ServiceInfo added in v0.21.4 

type ServiceInfo struct {
	Name        string
	Namespace   string
	Port        string
	Annotations map[string]string
	AppProtocol *string
	PortName    string
}

ServiceInfo contains Service information for protocol detection

type TunnelInterface 

type TunnelInterface = tunnelpkg.Interface

TunnelInterface is an alias to the shared tunnel.Interface for backward compatibility

type TunnelWrapper 

type TunnelWrapper = tunnelpkg.TunnelWrapper

TunnelWrapper is an alias to the shared tunnel.TunnelWrapper for backward compatibility

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.