Improve CEL validation on Ingress CRD resources
This commit is contained in:
Michel Loiseleur
GitHub
parent
740b4cfd25
commit
c166a41c99
21 changed files with 282 additions and 0 deletions
|
|
@ -190,6 +190,7 @@ type Cookie struct {
|
|||
HTTPOnly bool `json:"httpOnly,omitempty" toml:"httpOnly,omitempty" yaml:"httpOnly,omitempty" export:"true"`
|
||||
// SameSite defines the same site policy.
|
||||
// More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
|
||||
// +kubebuilder:validation:Enum=none;lax;strict
|
||||
SameSite string `json:"sameSite,omitempty" toml:"sameSite,omitempty" yaml:"sameSite,omitempty" export:"true"`
|
||||
// MaxAge defines the number of seconds until the cookie expires.
|
||||
// When set to a negative number, the cookie expires immediately.
|
||||
|
|
|
|||
|
|
@ -80,6 +80,7 @@ type ContentType struct {
|
|||
type AddPrefix struct {
|
||||
// Prefix is the string to add before the current path in the requested URL.
|
||||
// It should include a leading slash (/).
|
||||
// +kubebuilder:validation:XValidation:message="must start with a '/'",rule="self.startsWith('/')"
|
||||
Prefix string `json:"prefix,omitempty" toml:"prefix,omitempty" yaml:"prefix,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
|
|
@ -179,6 +180,7 @@ type Compress struct {
|
|||
IncludedContentTypes []string `json:"includedContentTypes,omitempty" toml:"includedContentTypes,omitempty" yaml:"includedContentTypes,omitempty" export:"true"`
|
||||
// MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
|
||||
// Default: 1024.
|
||||
// +kubebuilder:validation:Minimum=0
|
||||
MinResponseBodyBytes int `json:"minResponseBodyBytes,omitempty" toml:"minResponseBodyBytes,omitempty" yaml:"minResponseBodyBytes,omitempty" export:"true"`
|
||||
// Encodings defines the list of supported compression algorithms.
|
||||
Encodings []string `json:"encodings,omitempty" toml:"encodings,omitempty" yaml:"encodings,omitempty" export:"true"`
|
||||
|
|
@ -324,6 +326,7 @@ type Headers struct {
|
|||
SSLProxyHeaders map[string]string `json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty"`
|
||||
// STSSeconds defines the max-age of the Strict-Transport-Security header.
|
||||
// If set to 0, the header is not set.
|
||||
// +kubebuilder:validation:Minimum=0
|
||||
STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"`
|
||||
// STSIncludeSubdomains defines whether the includeSubDomains directive is appended to the Strict-Transport-Security header.
|
||||
STSIncludeSubdomains bool `json:"stsIncludeSubdomains,omitempty" toml:"stsIncludeSubdomains,omitempty" yaml:"stsIncludeSubdomains,omitempty" export:"true"`
|
||||
|
|
@ -424,6 +427,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
|
|||
// More info: https://doc.traefik.io/traefik/v3.3/middlewares/http/ipallowlist/#ipstrategy
|
||||
type IPStrategy struct {
|
||||
// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
|
||||
// +kubebuilder:validation:Minimum=0
|
||||
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
|
||||
// ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
|
||||
ExcludedIPs []string `json:"excludedIPs,omitempty" toml:"excludedIPs,omitempty" yaml:"excludedIPs,omitempty"`
|
||||
|
|
@ -505,6 +509,7 @@ type IPAllowList struct {
|
|||
type InFlightReq struct {
|
||||
// Amount defines the maximum amount of allowed simultaneous in-flight request.
|
||||
// The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
|
||||
// +kubebuilder:validation:Minimum=0
|
||||
Amount int64 `json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true"`
|
||||
// SourceCriterion defines what criterion is used to group requests as originating from a common source.
|
||||
// If several strategies are defined at the same time, an error will be raised.
|
||||
|
|
|
|||
|
|
@ -128,6 +128,8 @@ type TCPServer struct {
|
|||
// More info: https://doc.traefik.io/traefik/v3.3/routing/services/#proxy-protocol
|
||||
type ProxyProtocol struct {
|
||||
// Version defines the PROXY Protocol version to use.
|
||||
// +kubebuilder:validation:Minimum=1
|
||||
// +kubebuilder:validation:Maximum=2
|
||||
Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ type TCPMiddleware struct {
|
|||
type TCPInFlightConn struct {
|
||||
// Amount defines the maximum amount of allowed simultaneous connections.
|
||||
// The middleware closes the connection if there are already amount connections opened.
|
||||
// +kubebuilder:validation:Minimum=0
|
||||
Amount int64 `json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue