├── .env.example ├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── dependabot.yml └── workflows │ ├── merge-build.yml │ └── vuln-scanner.yml ├── .gitignore ├── .vscode └── launch.json ├── CHANGELOG ├── CHANGELOG-1.2.md ├── CHANGELOG-1.3.md ├── CHANGELOG-1.4.md ├── CHANGELOG-1.5.md ├── CHANGELOG-1.6.md ├── CHANGELOG-1.7.md ├── CHANGELOG-1.8.md └── CHANGELOG-1.9.md ├── CMakeLists.txt ├── Dockerfile ├── LICENSE ├── Makefile ├── PULL_REQUEST_TEMPLATE.md ├── README.md ├── SECURITY.md ├── cmd └── appgw-ingress │ ├── main.go │ ├── main_test.go │ └── utils.go ├── crds ├── AzureApplicationGatewayBackendPool.yaml ├── AzureApplicationGatewayBackendPool_v1beta1.yaml ├── AzureApplicationGatewayInstanceUpdateStatus.yaml ├── AzureApplicationGatewayInstanceUpdateStatus_v1beta1.yaml ├── AzureApplicationGatewayRewrite.yaml ├── AzureIngressProhibitedTarget-v1-CRD-v1.yaml ├── AzureIngressProhibitedTarget-v1-CRD-v1beta1.yaml ├── LoadDistributionPolicy.yaml ├── MultiClusterIngress.yaml ├── MultiClusterService.yaml └── examples │ ├── AzureApplicationGatewayBackendPool.yaml │ ├── AzureApplicationGatewayInstanceUpdateStatus.yaml │ ├── AzureApplicationGatewayRewrite.yaml │ ├── AzureIngressProhibitedTarget.yaml │ ├── LoadDistributionPolicy.yaml │ ├── LoadDistributionPolicy2.yaml │ ├── MultiClusterIngress.yaml │ └── MultiClusterService.yaml ├── deploy ├── azuredeploy.json └── azuredeploywindowscluster.json ├── docs ├── .index ├── annotations.md ├── css │ └── extra.css ├── developers │ ├── build.md │ ├── contribute.md │ ├── design.md │ ├── developer-guideline.md │ ├── nightly.md │ └── test.md ├── examples │ ├── aspnetapp.yaml │ ├── aspnetappwin.yaml │ ├── guestbook │ │ ├── ing-guestbook-other.yaml │ │ ├── ing-guestbook-tls-sni.yaml │ │ ├── ing-guestbook-tls.yaml │ │ └── ing-guestbook.yaml │ ├── sample-app │ │ ├── README.md │ │ ├── deployment.yaml │ │ ├── ingress-http.yaml │ │ ├── ingress-https.yaml │ │ └── service.yaml │ ├── sample-helm-config.yaml │ └── sample-https-backend.yaml ├── faq.md ├── features │ ├── agic-reconcile.md │ ├── appgw-ssl-certificate.md │ ├── cookie-affinity.md │ ├── custom-ingress-class.md │ ├── multiple-namespaces.md │ ├── private-ip.md │ ├── probes.md │ └── rewrite-rule-set-custom-resource.md ├── helm-values-documenation.md ├── how-tos │ ├── continuous-deployment-pipeline.json │ ├── continuous-deployment.md │ ├── deploy-AGIC-with-Workload-Identity-using-helm.md │ ├── dns.md │ ├── helm-upgrade.md │ ├── lets-encrypt.md │ ├── minimize-downtime-during-deployments.md │ ├── networking.md │ ├── prevent-agic-from-overwriting.md │ ├── scale-applications-using-appgw-metrics.md │ └── websockets.md ├── images │ ├── architecture.png │ ├── buildid.png │ ├── component-diagram.png │ ├── deployment-output.png │ ├── dev-release.png │ ├── pipeline-app.png │ ├── pipeline-import.png │ ├── pipeline-resource.png │ ├── pipeline-service-connection.png │ ├── pipeline-set-connection.png │ ├── pipeline-settings.png │ ├── pipeline-success.png │ ├── pipeline-task.png │ ├── pipeline-variable.png │ ├── tsg--apply-config.png │ ├── tsg--backendpools.png │ ├── tsg--curl.png │ ├── tsg--get-ingress.png │ ├── tsg--get-pods.png │ ├── tsg--get-services.png │ ├── tsg--listeners.png │ ├── tsg--rule.png │ ├── waf-policy-1.png │ └── waf-policy.png ├── index.md ├── ingress-v1.md ├── logging-levels.md ├── portal-launch-icon.png ├── setup │ └── install.md ├── troubleshootings │ ├── README.md │ ├── troubleshooting-agic-addon-identity-not-found.md │ ├── troubleshooting-agic-fails-with-aad-pod-identity-breakingchange.md │ ├── troubleshooting-agic-pod-stuck-in-not-ready-state.md │ └── troubleshooting-installing-a-simple-application.md └── tutorials │ ├── tutorial.e2e-ssl.md │ └── tutorial.general.md ├── functional_tests ├── .gitignore ├── cookie_name.json ├── duplicate_ports.json ├── empty_cluster_with_private_ip.json ├── functional_test.go ├── health_probes_same_labels_different_namespaces.json ├── helpers.go ├── one_ingress_https_backend.json ├── one_ingress_https_backend_without_backend_protocol.json ├── one_ingress_slash_nothing.json ├── one_ingress_slash_slashnothing.json ├── one_ingress_with_multiple_path_rules.json ├── private-ip-only-gateway.json ├── rewrite_rule_sets_one_ingress_slash_slashnothing.json ├── rewrite_rule_sets_one_ingress_slashnothing.json ├── rewrite_rule_sets_path-based_rules_without_default_backend.json ├── rewrite_rule_sets_two_ingress.json ├── rule_priority_annotation.json ├── run.sh ├── three_ingresses.json ├── two_ingresses_same_domain_tls_notls.json ├── two_ingresses_same_hostname_value_different_locations.json ├── two_ingresses_slash_slashsomething.json ├── two_ingresses_with_and_without_extended_hostname.json └── waf_annotation.json ├── go.mod ├── go.sum ├── helm └── ingress-azure │ ├── .helmignore │ ├── Chart-template.yaml │ ├── Chart.yaml │ ├── crds │ ├── azureapplicationgatewayrewrite.yaml │ └── azureingressprohibitedtarget.yaml │ ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── aadpodidbinding.yaml │ ├── aadpodidentity.yaml │ ├── cleanup-job.yaml │ ├── clusterrole.yaml │ ├── clusterrolebinding.yaml │ ├── configmap.yaml │ ├── crds.yaml │ ├── deployment.yaml │ ├── ingressclass.yaml │ ├── secrets.yaml │ └── serviceaccount.yaml │ ├── tests │ ├── chart_test.go │ ├── fixtures │ │ ├── sample-config-addon.json │ │ ├── sample-config-empty.json │ │ ├── sample-config-existing-secret.json │ │ ├── sample-config-prohibited-target.json │ │ ├── sample-config-workload-identity.json │ │ └── sample-config.json │ ├── snapshots.go │ └── snapshots │ │ ├── sample-config-addon │ │ └── ingress-azure │ │ │ └── templates │ │ │ ├── aadpodidbinding.yaml │ │ │ ├── aadpodidentity.yaml │ │ │ ├── cleanup-job.yaml │ │ │ ├── configmap.yaml │ │ │ ├── deployment.yaml │ │ │ ├── ingressclass.yaml │ │ │ └── serviceaccount.yaml │ │ ├── sample-config-empty │ │ └── ingress-azure │ │ │ └── templates │ │ │ ├── aadpodidbinding.yaml │ │ │ ├── aadpodidentity.yaml │ │ │ ├── cleanup-job.yaml │ │ │ ├── configmap.yaml │ │ │ ├── deployment.yaml │ │ │ ├── ingressclass.yaml │ │ │ └── serviceaccount.yaml │ │ ├── sample-config-existing-secret │ │ └── ingress-azure │ │ │ └── templates │ │ │ ├── cleanup-job.yaml │ │ │ ├── configmap.yaml │ │ │ ├── deployment.yaml │ │ │ ├── ingressclass.yaml │ │ │ └── serviceaccount.yaml │ │ ├── sample-config-prohibited-target │ │ └── ingress-azure │ │ │ └── templates │ │ │ ├── aadpodidbinding.yaml │ │ │ ├── aadpodidentity.yaml │ │ │ ├── cleanup-job.yaml │ │ │ ├── configmap.yaml │ │ │ ├── crds.yaml │ │ │ ├── deployment.yaml │ │ │ ├── ingressclass.yaml │ │ │ └── serviceaccount.yaml │ │ ├── sample-config-workload-identity │ │ └── ingress-azure │ │ │ └── templates │ │ │ ├── cleanup-job.yaml │ │ │ ├── configmap.yaml │ │ │ ├── deployment.yaml │ │ │ ├── ingressclass.yaml │ │ │ └── serviceaccount.yaml │ │ └── sample-config │ │ └── ingress-azure │ │ └── templates │ │ ├── aadpodidbinding.yaml │ │ ├── aadpodidentity.yaml │ │ ├── cleanup-job.yaml │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── ingressclass.yaml │ │ └── serviceaccount.yaml │ ├── values-template.yaml │ └── values.yaml ├── mkdocs.yml ├── pkg ├── annotations │ ├── ingress_annotations.go │ └── ingress_annotations_test.go ├── apis │ ├── azureapplicationgatewaybackendpool │ │ └── v1beta1 │ │ │ ├── doc.go │ │ │ ├── register.go │ │ │ ├── types.go │ │ │ └── zz_generated.deepcopy.go │ ├── azureapplicationgatewayinstanceupdatestatus │ │ └── v1beta1 │ │ │ ├── doc.go │ │ │ ├── register.go │ │ │ ├── types.go │ │ │ └── zz_generated.deepcopy.go │ ├── azureapplicationgatewayrewrite │ │ └── v1beta1 │ │ │ ├── doc.go │ │ │ ├── register.go │ │ │ ├── types.go │ │ │ └── zz_generated.deepcopy.go │ ├── azureingressprohibitedtarget │ │ └── v1 │ │ │ ├── doc.go │ │ │ ├── register.go │ │ │ ├── types.go │ │ │ └── zz_generated.deepcopy.go │ ├── loaddistributionpolicy │ │ └── v1beta1 │ │ │ ├── doc.go │ │ │ ├── register.go │ │ │ ├── types.go │ │ │ └── zz_generated.deepcopy.go │ ├── multiclusteringress │ │ └── v1alpha1 │ │ │ ├── doc.go │ │ │ ├── register.go │ │ │ ├── types.go │ │ │ └── zz_generated.deepcopy.go │ └── multiclusterservice │ │ └── v1alpha1 │ │ ├── doc.go │ │ ├── register.go │ │ ├── types.go │ │ └── zz_generated.deepcopy.go ├── appgw │ ├── appgw_suite_test.go │ ├── appgw_test.go │ ├── backendaddresspools.go │ ├── backendaddresspools_test.go │ ├── backendhttpsettings.go │ ├── backendhttpsettings_test.go │ ├── certificates.go │ ├── certificates_test.go │ ├── cleanup.go │ ├── cleanup_test.go │ ├── configbuilder.go │ ├── configbuilder_debug.go │ ├── configbuilder_test.go │ ├── frontend_ipconfigurations.go │ ├── frontend_listeners.go │ ├── frontend_listeners_istio.go │ ├── frontend_listeners_test.go │ ├── health_probes.go │ ├── health_probes_test.go │ ├── helper.go │ ├── http_listeners.go │ ├── identifier.go │ ├── identifier_test.go │ ├── ingress_rules.go │ ├── ingress_rules_test.go │ ├── internaltypes.go │ ├── internaltypes_test.go │ ├── istio_config.go │ ├── istio_listeners.go │ ├── istio_pools.go │ ├── istio_routing_rules.go │ ├── istio_settings.go │ ├── istio_types.go │ ├── public_and_private_ip_test.go │ ├── redirects.go │ ├── redirects_test.go │ ├── requestroutingrules.go │ ├── requestroutingrules_test.go │ ├── rewrites.go │ ├── rewrites_test.go │ ├── test_fixtures.go │ ├── types.go │ ├── types_test.go │ ├── validators.go │ └── validators_test.go ├── azure │ ├── auth.go │ ├── auth_test.go │ ├── azure.go │ ├── azure_suite_test.go │ ├── azure_test.go │ ├── client.go │ ├── client_test.go │ ├── cloudproviderconfig.go │ ├── consts.go │ ├── defaultazurecredential │ │ ├── authorizer.go │ │ └── authorizer_test.go │ ├── fake.go │ └── tags │ │ └── consts.go ├── brownfield │ ├── brownfield_suite_test.go │ ├── certificates.go │ ├── certificates_test.go │ ├── health_probes.go │ ├── health_probes_test.go │ ├── http_settings.go │ ├── http_settings_test.go │ ├── ingress.go │ ├── ingress_test.go │ ├── listeners.go │ ├── listeners_test.go │ ├── pathmaps.go │ ├── pathmaps_test.go │ ├── pools.go │ ├── pools_test.go │ ├── redirects.go │ ├── redirects_test.go │ ├── routing_rules.go │ ├── routing_rules_test.go │ ├── targets.go │ ├── targets_test.go │ ├── types.go │ └── types_test.go ├── cni │ ├── cleanup.go │ ├── cleanup_test.go │ ├── cni.go │ ├── cni_suite_test.go │ ├── kubenet.go │ ├── kubenet_test.go │ ├── overlay.go │ └── overlay_test.go ├── controller │ ├── controller.go │ ├── controller_suite_test.go │ ├── controller_test.go │ ├── helpers.go │ ├── helpers_test.go │ ├── mutate_aks.go │ ├── mutate_aks_test.go │ ├── mutate_app_gateway.go │ ├── prune.go │ ├── prune_test.go │ └── should_process.go ├── controllererrors │ ├── errorcodes.go │ └── types.go ├── crd_client │ ├── agic_crd_client │ │ ├── clientset │ │ │ └── versioned │ │ │ │ ├── clientset.go │ │ │ │ ├── doc.go │ │ │ │ ├── fake │ │ │ │ ├── clientset_generated.go │ │ │ │ ├── doc.go │ │ │ │ └── register.go │ │ │ │ ├── scheme │ │ │ │ ├── doc.go │ │ │ │ └── register.go │ │ │ │ └── typed │ │ │ │ ├── azureapplicationgatewaybackendpool │ │ │ │ └── v1beta1 │ │ │ │ │ ├── azureapplicationgatewaybackendpool.go │ │ │ │ │ ├── azureapplicationgatewaybackendpool_client.go │ │ │ │ │ ├── doc.go │ │ │ │ │ ├── fake │ │ │ │ │ ├── doc.go │ │ │ │ │ ├── fake_azureapplicationgatewaybackendpool.go │ │ │ │ │ └── fake_azureapplicationgatewaybackendpool_client.go │ │ │ │ │ └── generated_expansion.go │ │ │ │ ├── azureapplicationgatewayinstanceupdatestatus │ │ │ │ └── v1beta1 │ │ │ │ │ ├── azureapplicationgatewayinstanceupdatestatus.go │ │ │ │ │ ├── azureapplicationgatewayinstanceupdatestatus_client.go │ │ │ │ │ ├── doc.go │ │ │ │ │ ├── fake │ │ │ │ │ ├── doc.go │ │ │ │ │ ├── fake_azureapplicationgatewayinstanceupdatestatus.go │ │ │ │ │ └── fake_azureapplicationgatewayinstanceupdatestatus_client.go │ │ │ │ │ └── generated_expansion.go │ │ │ │ ├── azureapplicationgatewayrewrite │ │ │ │ └── v1beta1 │ │ │ │ │ ├── azureapplicationgatewayrewrite.go │ │ │ │ │ ├── azureapplicationgatewayrewrite_client.go │ │ │ │ │ ├── doc.go │ │ │ │ │ ├── fake │ │ │ │ │ ├── doc.go │ │ │ │ │ ├── fake_azureapplicationgatewayrewrite.go │ │ │ │ │ └── fake_azureapplicationgatewayrewrite_client.go │ │ │ │ │ └── generated_expansion.go │ │ │ │ ├── azureingressprohibitedtarget │ │ │ │ └── v1 │ │ │ │ │ ├── azureingressprohibitedtarget.go │ │ │ │ │ ├── azureingressprohibitedtarget_client.go │ │ │ │ │ ├── doc.go │ │ │ │ │ ├── fake │ │ │ │ │ ├── doc.go │ │ │ │ │ ├── fake_azureingressprohibitedtarget.go │ │ │ │ │ └── fake_azureingressprohibitedtarget_client.go │ │ │ │ │ └── generated_expansion.go │ │ │ │ └── loaddistributionpolicy │ │ │ │ └── v1beta1 │ │ │ │ ├── doc.go │ │ │ │ ├── fake │ │ │ │ ├── doc.go │ │ │ │ ├── fake_loaddistributionpolicy.go │ │ │ │ └── fake_loaddistributionpolicy_client.go │ │ │ │ ├── generated_expansion.go │ │ │ │ ├── loaddistributionpolicy.go │ │ │ │ └── loaddistributionpolicy_client.go │ │ ├── informers │ │ │ └── externalversions │ │ │ │ ├── azureapplicationgatewaybackendpool │ │ │ │ ├── interface.go │ │ │ │ └── v1beta1 │ │ │ │ │ ├── azureapplicationgatewaybackendpool.go │ │ │ │ │ └── interface.go │ │ │ │ ├── azureapplicationgatewayinstanceupdatestatus │ │ │ │ ├── interface.go │ │ │ │ └── v1beta1 │ │ │ │ │ ├── azureapplicationgatewayinstanceupdatestatus.go │ │ │ │ │ └── interface.go │ │ │ │ ├── azureapplicationgatewayrewrite │ │ │ │ ├── interface.go │ │ │ │ └── v1beta1 │ │ │ │ │ ├── azureapplicationgatewayrewrite.go │ │ │ │ │ └── interface.go │ │ │ │ ├── azureingressprohibitedtarget │ │ │ │ ├── interface.go │ │ │ │ └── v1 │ │ │ │ │ ├── azureingressprohibitedtarget.go │ │ │ │ │ └── interface.go │ │ │ │ ├── factory.go │ │ │ │ ├── generic.go │ │ │ │ ├── internalinterfaces │ │ │ │ └── factory_interfaces.go │ │ │ │ └── loaddistributionpolicy │ │ │ │ ├── interface.go │ │ │ │ └── v1beta1 │ │ │ │ ├── interface.go │ │ │ │ └── loaddistributionpolicy.go │ │ └── listers │ │ │ ├── azureapplicationgatewaybackendpool │ │ │ └── v1beta1 │ │ │ │ ├── azureapplicationgatewaybackendpool.go │ │ │ │ └── expansion_generated.go │ │ │ ├── azureapplicationgatewayinstanceupdatestatus │ │ │ └── v1beta1 │ │ │ │ ├── azureapplicationgatewayinstanceupdatestatus.go │ │ │ │ └── expansion_generated.go │ │ │ ├── azureapplicationgatewayrewrite │ │ │ └── v1beta1 │ │ │ │ ├── azureapplicationgatewayrewrite.go │ │ │ │ └── expansion_generated.go │ │ │ ├── azureingressprohibitedtarget │ │ │ └── v1 │ │ │ │ ├── azureingressprohibitedtarget.go │ │ │ │ └── expansion_generated.go │ │ │ └── loaddistributionpolicy │ │ │ └── v1beta1 │ │ │ ├── expansion_generated.go │ │ │ └── loaddistributionpolicy.go │ ├── azure_multicluster_crd_client │ │ ├── clientset │ │ │ └── versioned │ │ │ │ ├── clientset.go │ │ │ │ ├── doc.go │ │ │ │ ├── fake │ │ │ │ ├── clientset_generated.go │ │ │ │ ├── doc.go │ │ │ │ └── register.go │ │ │ │ ├── scheme │ │ │ │ ├── doc.go │ │ │ │ └── register.go │ │ │ │ └── typed │ │ │ │ ├── multiclusteringress │ │ │ │ └── v1alpha1 │ │ │ │ │ ├── doc.go │ │ │ │ │ ├── fake │ │ │ │ │ ├── doc.go │ │ │ │ │ ├── fake_multiclusteringress.go │ │ │ │ │ └── fake_multiclusteringress_client.go │ │ │ │ │ ├── generated_expansion.go │ │ │ │ │ ├── multiclusteringress.go │ │ │ │ │ └── multiclusteringress_client.go │ │ │ │ └── multiclusterservice │ │ │ │ └── v1alpha1 │ │ │ │ ├── doc.go │ │ │ │ ├── fake │ │ │ │ ├── doc.go │ │ │ │ ├── fake_multiclusterservice.go │ │ │ │ └── fake_multiclusterservice_client.go │ │ │ │ ├── generated_expansion.go │ │ │ │ ├── multiclusterservice.go │ │ │ │ └── multiclusterservice_client.go │ │ ├── informers │ │ │ └── externalversions │ │ │ │ ├── factory.go │ │ │ │ ├── generic.go │ │ │ │ ├── internalinterfaces │ │ │ │ └── factory_interfaces.go │ │ │ │ ├── multiclusteringress │ │ │ │ ├── interface.go │ │ │ │ └── v1alpha1 │ │ │ │ │ ├── interface.go │ │ │ │ │ └── multiclusteringress.go │ │ │ │ └── multiclusterservice │ │ │ │ ├── interface.go │ │ │ │ └── v1alpha1 │ │ │ │ ├── interface.go │ │ │ │ └── multiclusterservice.go │ │ └── listers │ │ │ ├── multiclusteringress │ │ │ └── v1alpha1 │ │ │ │ ├── expansion_generated.go │ │ │ │ └── multiclusteringress.go │ │ │ └── multiclusterservice │ │ │ └── v1alpha1 │ │ │ ├── expansion_generated.go │ │ │ └── multiclusterservice.go │ └── istio_crd_client │ │ ├── clientset │ │ └── versioned │ │ │ ├── clientset.go │ │ │ ├── doc.go │ │ │ ├── fake │ │ │ ├── clientset_generated.go │ │ │ ├── doc.go │ │ │ └── register.go │ │ │ ├── scheme │ │ │ ├── doc.go │ │ │ └── register.go │ │ │ └── typed │ │ │ └── istio │ │ │ └── v1alpha3 │ │ │ ├── destinationrule.go │ │ │ ├── doc.go │ │ │ ├── fake │ │ │ ├── doc.go │ │ │ ├── fake_destinationrule.go │ │ │ ├── fake_gateway.go │ │ │ ├── fake_istio_client.go │ │ │ └── fake_virtualservice.go │ │ │ ├── gateway.go │ │ │ ├── generated_expansion.go │ │ │ ├── istio_client.go │ │ │ └── virtualservice.go │ │ ├── informers │ │ └── externalversions │ │ │ ├── factory.go │ │ │ ├── generic.go │ │ │ ├── internalinterfaces │ │ │ └── factory_interfaces.go │ │ │ └── istio │ │ │ ├── interface.go │ │ │ └── v1alpha3 │ │ │ ├── destinationrule.go │ │ │ ├── gateway.go │ │ │ ├── interface.go │ │ │ └── virtualservice.go │ │ └── listers │ │ └── istio │ │ └── v1alpha3 │ │ ├── destinationrule.go │ │ ├── expansion_generated.go │ │ ├── gateway.go │ │ └── virtualservice.go ├── environment │ ├── environment.go │ ├── environment_test.go │ └── fake.go ├── events │ ├── events.go │ └── types.go ├── health │ └── health.go ├── httpserver │ └── httpserver.go ├── k8s │ └── scheme.go ├── k8scontext │ ├── context.go │ ├── convert │ │ ├── conversion_ingress.go │ │ ├── conversion_service.go │ │ ├── conversion_test.go │ │ ├── conversions_suite_test.go │ │ ├── testdata │ │ │ ├── ingress-v1.yaml │ │ │ └── ingress-v1beta1.yaml │ │ └── zz_generated.conversion.go │ ├── handlers.go │ ├── handlers_test.go │ ├── ingress_handlers.go │ ├── ingress_handlers_test.go │ ├── istio_context.go │ ├── k8scontext_suite_test.go │ ├── k8scontext_test.go │ ├── secrets_handlers.go │ ├── secrets_handlers_test.go │ ├── secretstore.go │ ├── secretstore_test.go │ ├── supported_apiversion.go │ └── types.go ├── metricstore │ ├── fake.go │ └── metricstore.go ├── sorter │ ├── backends.go │ ├── certificates.go │ ├── frontend_ports.go │ ├── health_probes.go │ ├── http_settings.go │ ├── ingress.go │ ├── listeners.go │ ├── path_maps.go │ ├── pools.go │ ├── redirects.go │ └── routing_rules.go ├── tests │ ├── fixtures.go │ ├── fixtures │ │ ├── app_gateway.go │ │ ├── app_gateway_test.go │ │ ├── certificates.go │ │ ├── certificates_test.go │ │ ├── fixtures_suite_test.go │ │ ├── frontend_ipconfiguration.go │ │ ├── frontend_ipconfiguration_test.go │ │ ├── http_settings.go │ │ ├── http_settings_test.go │ │ ├── ingress.go │ │ ├── ingress_test.go │ │ ├── ips.go │ │ ├── listeners.go │ │ ├── listeners_test.go │ │ ├── paths.go │ │ ├── paths_test.go │ │ ├── pools.go │ │ ├── pools_test.go │ │ ├── ports.go │ │ ├── ports_test.go │ │ ├── probes.go │ │ ├── probes_test.go │ │ ├── routing_rules.go │ │ ├── routing_rules_test.go │ │ ├── ssl_profile.go │ │ ├── ssl_profile_test.go │ │ ├── targets.go │ │ └── targets_test.go │ ├── fixtures_test.go │ ├── ingress-complex.yaml │ ├── ingress-namespace-1.yaml │ ├── ingress-namespace-2.yaml │ ├── ingress.yaml │ └── mocks │ │ ├── clock.go │ │ └── logger.go ├── utils │ ├── retry.go │ ├── retry_test.go │ ├── threadsafemultimap.go │ ├── threadsafemultimap_test.go │ ├── utils.go │ └── utils_test.go ├── version │ └── version.go └── worker │ ├── fake.go │ ├── types.go │ ├── worker.go │ ├── worker_suite_test.go │ └── worker_test.go ├── proposals ├── config_ownership_crd.md └── multiple-gateways-single-cluster.md ├── scripts ├── build.sh ├── collect-agic-logs.sh ├── deploy.sh ├── e2e │ ├── README.md │ ├── cmd │ │ └── runner │ │ │ ├── environment.go │ │ │ ├── extensions-v1beta-ingress_class_test.go │ │ │ ├── extensions-v1beta1-lfu_one_namespace_one_ingress_test.go │ │ │ ├── extensions-v1beta1-mfu_one_namespace_many_ingresses_test.go │ │ │ ├── extensions-v1beta1-mfu_one_namespace_one_ingress_test.go │ │ │ ├── helper.go │ │ │ ├── networking-v1-ingress_class_test.go │ │ │ ├── networking-v1-lfu_one_namespace_one_ingress_test.go │ │ │ ├── networking-v1-mfu_one_namespace_many_ingresses_test.go │ │ │ ├── networking-v1-mfu_one_namespace_one_ingress_test.go │ │ │ ├── runner_test.go │ │ │ └── testdata │ │ │ ├── extensions-v1beta1 │ │ │ ├── ingress-class │ │ │ │ └── app.yaml │ │ │ ├── one-namespace-many-ingresses │ │ │ │ ├── fifty-ingresses-with-services │ │ │ │ │ ├── README.md │ │ │ │ │ ├── app │ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ │ └── templates │ │ │ │ │ │ │ └── app.yaml │ │ │ │ │ ├── generate.sh │ │ │ │ │ └── generated.yaml │ │ │ │ ├── hostname-with-wildcard │ │ │ │ │ └── app.yaml │ │ │ │ └── three-ingresses-slash-sth │ │ │ │ │ ├── app.yaml │ │ │ │ │ └── deploy.sh │ │ │ ├── one-namespace-one-ingress │ │ │ │ ├── container-readiness-probe │ │ │ │ │ ├── app.yaml │ │ │ │ │ └── deploy.sh │ │ │ │ ├── empty-secret │ │ │ │ │ ├── app.yaml │ │ │ │ │ ├── empty-secret.yaml │ │ │ │ │ └── populated-secret.yaml │ │ │ │ ├── health-probe-configurations │ │ │ │ │ ├── app.yaml │ │ │ │ │ ├── probe-path-bad.yaml │ │ │ │ │ ├── probe-path-good.yaml │ │ │ │ │ ├── probe-port-bad.yaml │ │ │ │ │ ├── probe-port-good.yaml │ │ │ │ │ ├── probe-status-bad.yaml │ │ │ │ │ └── probe-status-good.yaml │ │ │ │ ├── invalid-configuration │ │ │ │ │ └── app.yaml │ │ │ │ ├── override-frontend-port │ │ │ │ │ └── app.yaml │ │ │ │ ├── ssl-e2e-redirect │ │ │ │ │ ├── README.md │ │ │ │ │ ├── app.yaml │ │ │ │ │ ├── probe-hostname-bad.yaml │ │ │ │ │ ├── probe-hostname-good.yaml │ │ │ │ │ └── test.crt │ │ │ │ └── three-namespaces │ │ │ │ │ ├── app.yaml │ │ │ │ │ └── deploy.sh │ │ │ └── prohibited-target │ │ │ │ └── test-prohibit-backend.yaml │ │ │ └── networking-v1 │ │ │ ├── ingress-class │ │ │ └── app.yaml │ │ │ ├── one-namespace-many-ingresses │ │ │ ├── fifty-ingresses-with-services │ │ │ │ ├── README.md │ │ │ │ ├── app │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ └── templates │ │ │ │ │ │ └── app.yaml │ │ │ │ ├── generate.sh │ │ │ │ └── generated.yaml │ │ │ ├── hostname-with-wildcard-priority │ │ │ │ └── app.yaml │ │ │ ├── hostname-with-wildcard │ │ │ │ └── app.yaml │ │ │ ├── same-port-public-private │ │ │ │ └── app.yaml │ │ │ └── three-ingresses-slash-sth │ │ │ │ ├── app.yaml │ │ │ │ └── deploy.sh │ │ │ └── one-namespace-one-ingress │ │ │ ├── container-readiness-probe │ │ │ ├── app.yaml │ │ │ └── deploy.sh │ │ │ ├── empty-secret │ │ │ ├── app.yaml │ │ │ ├── empty-secret.yaml │ │ │ └── populated-secret.yaml │ │ │ ├── health-probe-configurations │ │ │ ├── app.yaml │ │ │ ├── probe-path-bad.yaml │ │ │ ├── probe-path-good.yaml │ │ │ ├── probe-port-bad.yaml │ │ │ ├── probe-port-good.yaml │ │ │ ├── probe-status-bad.yaml │ │ │ └── probe-status-good.yaml │ │ │ ├── ingress-class-resource │ │ │ ├── app.yaml │ │ │ └── other-ingress-class.yaml │ │ │ ├── invalid-configuration │ │ │ └── app.yaml │ │ │ ├── override-frontend-port │ │ │ └── app.yaml │ │ │ ├── path-type │ │ │ └── app.yaml │ │ │ ├── prohibited-target │ │ │ └── app.yaml │ │ │ ├── rewrite-rule-set-custom-resource │ │ │ └── app.yaml │ │ │ ├── rewrite-rule │ │ │ └── app.yaml │ │ │ ├── ssl-e2e-redirect │ │ │ ├── README.md │ │ │ ├── app.yaml │ │ │ ├── probe-hostname-bad.yaml │ │ │ ├── probe-hostname-good.yaml │ │ │ └── test.crt │ │ │ ├── ssl-profile │ │ │ └── app.yaml │ │ │ └── three-namespaces │ │ │ ├── app.yaml │ │ │ └── deploy.sh │ ├── go.mod │ ├── go.sum │ ├── helm-config-with-prohibited-rules.yaml │ ├── helper.sh │ └── run-e2e.sh ├── find_duplicate_error_codes.sh ├── gen-clients.sh ├── install-without-tiller.sh ├── release-helm.sh ├── release-image.sh ├── replicate-chart.sh ├── start.sh └── vendor.sh └── tests └── data ├── k8s.cert.key └── k8s.x509.cert /.env.example: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Use "az ad sp create-for-rbac --sdk-auth > $HOME/.azure/azureAuth.json" command to create these credentials. 4 | # See https://docs.microsoft.com/en-us/dotnet/api/overview/azure/containerinstance?view=azure-dotnet#authentication 5 | export AZURE_AUTH_LOCATION="$HOME/.azure/azureAuth.json" 6 | 7 | # The subscription UUID. You can get this from https://portal.azure.com/ 8 | export APPGW_SUBSCRIPTION_ID="12345678-abcd-abcd-abcd-111222333444" 9 | 10 | # The resource group. You can get this from https://portal.azure.com/ 11 | export APPGW_RESOURCE_GROUP="abc" 12 | 13 | # The name of your Application Gateway 14 | export APPGW_NAME="appgw-name" 15 | 16 | # The FQDN or IP address of the AKS server 17 | export AKS_API_SERVER="a.b.c.d" 18 | 19 | # You can get your AKS credentials with: 20 | # az aks get-credentials --name MyManagedCluster --resource-group MyResourceGroup 21 | export KUBE_CONFIG_FILE="$HOME/.kube/config" 22 | 23 | export KUBERNETES_WATCHNAMESPACE="default" 24 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Set the default behavior, in case people don't have core.autocrlf set. 2 | * text=auto 3 | 4 | # Use text conventions for commonly used text extensions. 5 | *.csv text 6 | *.ini text 7 | *.json text 8 | *.txt text 9 | 10 | # Denote all files that are truly binary and should not be modified. 11 | *.dll binary 12 | *.exe binary 13 | *.gz binary 14 | *.ico binary 15 | *.jpg binary 16 | *.lib binary 17 | *.pdb binary 18 | *.pdf binary 19 | *.png binary 20 | *.wim binary 21 | *.zip binary 22 | *.so binary 23 | *.a binary 24 | *.tgz binary 25 | *.gz binary 26 | *.tar binary 27 | 28 | # Docker 29 | *.Dockerfile text eol=lf 30 | 31 | # Build files 32 | Makefile text eol=lf 33 | *.sh text eol=lf 34 | CMakeLists.txt text eol=lf 35 | 36 | # Helm charts 37 | *.tpl text eol=lf 38 | .helmignore text eol=lf 39 | 40 | # Code 41 | *.c text eol=lf 42 | *.h text eol=lf 43 | *.cc text eol=lf 44 | *.hpp text eol=lf 45 | *.py text eol=lf 46 | *.go text eol=lf 47 | 48 | # Patch files. 49 | *.patch text eol=lf 50 | 51 | # License 52 | LICENSE text eol=lf 53 | 54 | # Glide 55 | glide.lock text eol=lf 56 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | 5 | --- 6 | 7 | **Describe the bug** 8 | A clear and concise description of what the bug is. 9 | 10 | **To Reproduce** 11 | Steps to reproduce the behavior: 12 | 13 | **Ingress Controller details** 14 | * Output of `kubectl describe pod . The pod name can be obtained by running `helm list`. 15 | * Output of `kubectl logs . 16 | * Any Azure support tickets associated with this issue. 17 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | 5 | --- 6 | 7 | **Is your feature request related to a problem? Please describe.** 8 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 9 | 10 | **Describe the solution you'd like** 11 | A clear and concise description of what you want to happen. 12 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "docker" 4 | directory: "/" 5 | schedule: 6 | interval: "daily" 7 | - package-ecosystem: "gomod" 8 | directory: "/" 9 | schedule: 10 | interval: "daily" -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | ### code ### 3 | # visual studio code - https://code.visualstudio.com/ 4 | .settings/ 5 | .vscode/ 6 | tsconfig.json 7 | jsconfig.json 8 | 9 | ### Go ### 10 | # Binaries for programs and plugins 11 | *.exe 12 | *.exe~ 13 | *.dll 14 | *.so 15 | *.dylib 16 | 17 | # Test binary, build with `go test -c` 18 | *.test 19 | 20 | # Output of the go coverage tool, specifically when used with LiteIDE 21 | *.out 22 | 23 | # Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736 24 | .glide/ 25 | 26 | ### Vim ### 27 | # Swap 28 | [._]*.s[a-v][a-z] 29 | [._]*.sw[a-p] 30 | [._]s[a-rt-v][a-z] 31 | [._]ss[a-gi-z] 32 | [._]sw[a-p] 33 | 34 | # Other editors 35 | .idea/ 36 | *~ 37 | *#* 38 | 39 | ######### Project Specific ######## 40 | # ignore binary directory 41 | /bin/ 42 | 43 | # Build directory 44 | build/ 45 | 46 | # Development directory 47 | .dev/ 48 | 49 | # Development Environment Variables 50 | .env 51 | coverage.txt 52 | 53 | # Mkdocs 54 | site/ 55 | 56 | # e2e 57 | testoutput.txt 58 | report.xml -------------------------------------------------------------------------------- /.vscode/launch.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "0.2.0", 3 | "configurations": [ 4 | { 5 | "name": "Run Unit Test in File", 6 | "type": "go", 7 | "mode": "test", 8 | "program": "${fileDirname}", 9 | "buildFlags": "-tags 'unittest'", 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /CHANGELOG/CHANGELOG-1.9.md: -------------------------------------------------------------------------------- 1 | - [How to try](#how-to-try) 2 | - [v1.9.0](#v170-rc1) 3 | - [Features](#features) 4 | - [Fixes](#fixes) 5 | 6 | # v1.9.0 7 | 8 | ## Features 9 | * [#1703](https://github.com/Azure/application-gateway-kubernetes-ingress/pull/1703) Application Gateway subnet delegation support 10 | 11 | ## How to try: 12 | ```bash 13 | # Add helm repo / update AGIC repo 14 | helm repo add application-gateway-kubernetes-ingress https://appgwingress.blob.core.windows.net/ingress-azure-helm-package/ 15 | helm repo update 16 | 17 | # Install 18 | helm install \ 19 | \ 20 | -f helm-config.yaml \ 21 | application-gateway-kubernetes-ingress/ingress-azure \ 22 | --version 1.9.0 23 | 24 | # or 25 | 26 | # Upgrade 27 | # https://github.com/Azure/application-gateway-kubernetes-ingress/blob/master/docs/how-tos/helm-upgrade.md 28 | # --reuse-values when upgrading, reuse the last release's values and merge in any overrides from the command line via --set and -f. If '--reset-values' is specified, this is ignored 29 | 30 | # Install CRDs separately as helm upgrade doesn't install CRDs. 31 | kubectl apply -f https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/master/helm/ingress-azure/crds/azureapplicationgatewayrewrite.yaml 32 | 33 | helm upgrade \ 34 | \ 35 | application-gateway-kubernetes-ingress/ingress-azure \ 36 | --reuse-values 37 | --version 1.9.0 38 | ``` 39 | 40 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | ARG BUILDPLATFORM=linux/amd64 2 | ARG BUILD_BASE_IMAGE 3 | ARG BINARY_BASE_IMAGE 4 | 5 | FROM --platform=$BUILDPLATFORM $BUILD_BASE_IMAGE AS build 6 | WORKDIR /azure 7 | 8 | COPY go.mod go.sum /azure/ 9 | RUN go mod download 10 | 11 | RUN apt-get update 12 | RUN apt-get install -y ca-certificates openssl 13 | 14 | ARG TARGETOS 15 | ARG TARGETARCH 16 | ARG BUILD_TAG 17 | ARG BUILD_DATE 18 | ARG GIT_HASH 19 | 20 | COPY cmd cmd 21 | COPY pkg pkg 22 | COPY Makefile Makefile 23 | 24 | RUN make build \ 25 | GOOS=${TARGETOS} \ 26 | GOARCH=${TARGETARCH} \ 27 | BUILD_TAG=${BUILD_TAG} \ 28 | BUILD_DATE=${BUILD_DATE} \ 29 | GIT_HASH=${GIT_HASH} 30 | RUN chmod +x ./bin/appgw-ingress 31 | 32 | #RUN ldd ./bin/appgw-ingress 2>&1 | grep 'not a dynamic executable' 33 | 34 | FROM $BINARY_BASE_IMAGE AS final 35 | COPY --from=build /azure/bin/appgw-ingress /appgw-ingress 36 | CMD ["/appgw-ingress"] 37 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) Microsoft Corporation. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE 22 | -------------------------------------------------------------------------------- /PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ## Checklist 4 | - [ ] The title of the PR is clear and informative 5 | - [ ] If applicable, the changes made in the PR have proper test coverage 6 | - [ ] Issues addressed by the PR are mentioned in the description followed by `Fixes`. 7 | 8 | ## Description 9 | 10 | 11 | 12 | ## Fixes 13 | 14 | 15 | -------------------------------------------------------------------------------- /crds/AzureIngressProhibitedTarget-v1-CRD-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: azureingressprohibitedtargets.appgw.ingress.k8s.io 5 | annotations: 6 | "api-approved.kubernetes.io": "https://github.com/Azure/application-gateway-kubernetes-ingress/pull/1272" 7 | spec: 8 | group: appgw.ingress.k8s.io 9 | names: 10 | kind: AzureIngressProhibitedTarget 11 | plural: azureingressprohibitedtargets 12 | scope: Namespaced 13 | versions: 14 | - name: v1 15 | served: true 16 | storage: true 17 | schema: 18 | openAPIV3Schema: 19 | type: object 20 | properties: 21 | spec: 22 | type: object 23 | properties: 24 | hostname: 25 | description: "(optional) Hostname of the prohibited target" 26 | type: string 27 | paths: 28 | description: "(optional) A list of URL paths, for which the Ingress Controller is prohibited from mutating Application Gateway configuration; Must begin with a / and end with /*" 29 | type: array 30 | items: 31 | type: string 32 | pattern: '^\/(?:.+\/)?\*$' -------------------------------------------------------------------------------- /crds/AzureIngressProhibitedTarget-v1-CRD-v1beta1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: azureingressprohibitedtargets.appgw.ingress.k8s.io 5 | spec: 6 | group: appgw.ingress.k8s.io 7 | version: v1 8 | names: 9 | kind: AzureIngressProhibitedTarget 10 | plural: azureingressprohibitedtargets 11 | scope: Namespaced 12 | validation: 13 | openAPIV3Schema: 14 | properties: 15 | spec: 16 | properties: 17 | hostname: 18 | description: "(optional) Hostname of the prohibited target" 19 | type: string 20 | paths: 21 | description: "(optional) A list of URL paths, for which the Ingress Controller is prohibited from mutating Application Gateway configuration; Must begin with a / and end with /*" 22 | type: array 23 | items: 24 | type: string 25 | pattern: '^\/(?:.+\/)?\*$' 26 | -------------------------------------------------------------------------------- /crds/examples/AzureApplicationGatewayBackendPool.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: appgw.ingress.azure.io/v1beta1 2 | kind: AzureApplicationGatewayBackendPool 3 | metadata: 4 | name: subscription-resourcegroup-gatewayname 5 | spec: 6 | backendAddressPools: 7 | - name: "backendPoolName1" 8 | backendAddresses: 9 | - ipAddress: 10.0.1.12 10 | - ipAddress: 10.0.1.11 11 | - name: "backendPoolName2" 12 | backendAddresses: 13 | - ipAddress: 10.1.1.12 -------------------------------------------------------------------------------- /crds/examples/AzureApplicationGatewayInstanceUpdateStatus.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: appgw.ingress.azure.io/v1beta1 2 | kind: AzureApplicationGatewayInstanceUpdateStatus 3 | metadata: 4 | name: subscription-resourcegroup-gatewayname-instanceid 5 | spec: 6 | instanceID: "1" 7 | instanceCount: 10 8 | desiredBackendPoolResourceVersion: "17358752" 9 | currentAppliedBackendPoolResourceVersion: "1700000" 10 | lastCheckInTime: "Wed, Jun 24, 2020 1:45:43 PM" 11 | errorCode: "EXAMPLE_ERROR_MESSAGE" -------------------------------------------------------------------------------- /crds/examples/AzureApplicationGatewayRewrite.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: appgw.ingress.azure.io/v1beta1 2 | kind: AzureApplicationGatewayRewrite 3 | metadata: 4 | name: test-crd 5 | spec: 6 | rewriteRules: 7 | - name: test-rewrite-rule 8 | 9 | ruleSequence: 100 10 | 11 | conditions: 12 | - ignoreCase: false 13 | negate: false 14 | variable: http_req_Connection 15 | pattern: keep-alive 16 | 17 | - ignoreCase: true 18 | negate: true 19 | variable: http_req_Connection2 20 | pattern: keep-alive2 21 | 22 | 23 | actions: 24 | requestHeaderConfigurations: 25 | - actionType: set 26 | headerName: custom-header1 27 | headerValue: value1 28 | - actionType: set 29 | headerName: custom-header2 30 | headerValue: value2 31 | 32 | responseHeaderConfigurations: 33 | - actionType: set 34 | headerName: custom-header3 35 | headerValue: value3 36 | - actionType: set 37 | headerName: custom-header4 38 | headerValue: value4 39 | 40 | urlConfiguration: 41 | modifiedPath: "/api/" 42 | modifiedQueryString: "query=test-value" 43 | reroute: false -------------------------------------------------------------------------------- /crds/examples/AzureIngressProhibitedTarget.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "appgw.ingress.k8s.io/v1" 2 | kind: AzureIngressProhibitedTarget 3 | metadata: 4 | name: ingress-prohibited-location 5 | spec: 6 | hostname: "ftp.contoso.com" 7 | paths: 8 | - "/fox/*" 9 | - "/box/*" 10 | -------------------------------------------------------------------------------- /crds/examples/LoadDistributionPolicy.yaml: -------------------------------------------------------------------------------- 1 | # This shows a setup for HA 2 | --- 3 | apiVersion: appgw.ingress.azure.io/v1beta1 4 | kind: LoadDistributionPolicy 5 | metadata: 6 | name: load-distribution-policy-with-high-availability 7 | spec: 8 | targets: 9 | - backend: 10 | service: 11 | name: service-1 12 | port: 13 | number: 80 14 | role: active 15 | weight: 8 16 | - backend: 17 | service: 18 | name: service-2 19 | port: 20 | number: 80 21 | role: active 22 | weight: 2 23 | -------------------------------------------------------------------------------- /crds/examples/LoadDistributionPolicy2.yaml: -------------------------------------------------------------------------------- 1 | # This shows a setup for Blue/Green deployment 2 | --- 3 | apiVersion: appgw.ingress.azure.io/v1beta1 4 | kind: LoadDistributionPolicy 5 | metadata: 6 | name: load-distribution-policy-blue-green 7 | spec: 8 | targets: 9 | - backend: 10 | service: 11 | name: old-service 12 | port: 13 | number: 80 14 | role: active 15 | weight: 8 16 | - backend: 17 | service: 18 | name: new-service 19 | port: 20 | number: 80 21 | role: passive 22 | weight: 2 23 | -------------------------------------------------------------------------------- /crds/examples/MultiClusterIngress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.aks.io/v1alpha1 2 | kind: MultiClusterIngress 3 | metadata: 4 | name: multi-cluster-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | spec: 8 | template: 9 | rules: 10 | - http: 11 | paths: 12 | - path: / 13 | backend: 14 | service: 15 | name: nginx 16 | port: 17 | number: 80 18 | pathType: Exact 19 | -------------------------------------------------------------------------------- /crds/examples/MultiClusterService.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.aks.io/v1alpha1 2 | kind: MultiClusterService # defined by MCS POC 3 | metadata: 4 | name: service-2 # multiClusterService should match the service name / namespace in Child clusters. 5 | namespace: default 6 | spec: 7 | clusterSet: cluster-set-1 8 | ports: 9 | - name: http 10 | port: 80 11 | protocol: TCP 12 | -------------------------------------------------------------------------------- /docs/.index: -------------------------------------------------------------------------------- 1 | collapse: true 2 | arrange: 3 | - index.md 4 | - annotations.md 5 | - helm-values-documenation.md 6 | - ingress-v1.md 7 | - setup 8 | - tutorials 9 | - features 10 | - how-tos 11 | - faq.md 12 | - troubleshootings 13 | theme: readthedocs 14 | -------------------------------------------------------------------------------- /docs/css/extra.css: -------------------------------------------------------------------------------- 1 | div.col-md-9 h1:first-of-type { 2 | text-align: center; 3 | font-size: 60px; 4 | font-weight: 300; 5 | } 6 | 7 | div.col-md-9>p:first-of-type { 8 | text-align: center; 9 | } 10 | 11 | div.col-md-9 p.admonition-title:first-of-type { 12 | text-align: left; 13 | } 14 | 15 | div.col-md-9 h1:first-of-type .headerlink { 16 | display: none; 17 | } 18 | 19 | code.no-highlight { 20 | color: black; 21 | } 22 | 23 | /* Definition List styles */ 24 | 25 | dd { 26 | padding-left: 20px; 27 | } 28 | 29 | li.toctree-l2:first-child { 30 | display: none; 31 | } 32 | 33 | li.toctree-l3:first-child { 34 | display: none; 35 | } 36 | -------------------------------------------------------------------------------- /docs/developers/contribute.md: -------------------------------------------------------------------------------- 1 | # Contribution Guidelines 2 | 3 | This is a Golang project. You can find the build instructions of the project in the [Developer Guide](build.md). 4 | 5 | This project welcomes contributions and suggestions. Most contributions require you to agree to a 6 | Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us 7 | the rights to use your contribution. For details, visit [https://cla.microsoft.com](https://cla.microsoft.com). 8 | 9 | When you submit a pull request, a CLA-bot will automatically determine whether you need to provide 10 | a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions 11 | provided by the bot. You will only need to do this once across all repos using our CLA. 12 | 13 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 14 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 15 | -------------------------------------------------------------------------------- /docs/developers/developer-guideline.md: -------------------------------------------------------------------------------- 1 | # Application Gateway Ingress Controller Development Guide 2 | 3 | Welcome to the Application Gateway Ingress Controller development guide! 4 | 5 | ## Table of contents 6 | 7 | - [Understanding the architecture](design.md) 8 | - [Building and running the controller](build.md) 9 | - [Installing the latest nightly build](nightly.md) 10 | - [Running tests](test.md) 11 | - [Contribution Guidelines](contribute.md) 12 | -------------------------------------------------------------------------------- /docs/developers/nightly.md: -------------------------------------------------------------------------------- 1 | # Install the latest nightly build 2 | 3 | To install the latest nightly release, 4 | 5 | 1. Add the nightly helm repository 6 | 7 | ```bash 8 | helm repo add agic-nightly https://appgwingress.blob.core.windows.net/ingress-azure-helm-package-staging/ 9 | helm repo update 10 | ``` 11 | 12 | 1. Check the available version 13 | 14 | **Latest version**: ![nightly release (latest by date)](https://img.shields.io/badge/dynamic/yaml?url=https://appgwingress.blob.core.windows.net/ingress-azure-helm-package-staging/index.yaml&label=nightly&query=entries[%22ingress-azure%22][0].appVersion&color=green) 15 | 16 | or 17 | 18 | You can look up the version in the repo using helm. 19 | 20 | ```bash 21 | helm search repo agic-nightly 22 | ``` 23 | 24 | 1. Install using the same helm command by using the staging repository. 25 | 26 | ```bash 27 | helm install ingress-azure \ 28 | -f helm-config.yaml \ 29 | agic-nightly/ingress-azure \ 30 | --version 31 | ``` 32 | -------------------------------------------------------------------------------- /docs/examples/aspnetapp.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: aspnetapp 5 | labels: 6 | app: aspnetapp 7 | spec: 8 | containers: 9 | - image: "mcr.microsoft.com/dotnet/samples:aspnetapp" 10 | name: aspnetapp-image 11 | ports: 12 | - containerPort: 8080 13 | protocol: TCP 14 | 15 | --- 16 | 17 | apiVersion: v1 18 | kind: Service 19 | metadata: 20 | name: aspnetapp 21 | spec: 22 | selector: 23 | app: aspnetapp 24 | ports: 25 | - protocol: TCP 26 | port: 80 27 | targetPort: 8080 28 | 29 | --- 30 | 31 | apiVersion: networking.k8s.io/v1 32 | kind: Ingress 33 | metadata: 34 | name: aspnetapp 35 | # annotations: 36 | # kubernetes.io/ingress.class: azure/application-gateway 37 | spec: 38 | ingressClassName: azure-application-gateway 39 | rules: 40 | - http: 41 | paths: 42 | - path: / 43 | backend: 44 | service: 45 | name: aspnetapp 46 | port: 47 | number: 80 48 | pathType: Exact 49 | -------------------------------------------------------------------------------- /docs/examples/aspnetappwin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: aspnetapp 5 | labels: 6 | app: aspnetapp 7 | spec: 8 | nodeSelector: 9 | "beta.kubernetes.io/os": windows 10 | containers: 11 | - image: "mcr.microsoft.com/dotnet/framework/samples:aspnetapp" 12 | name: aspnetapp-image 13 | ports: 14 | - containerPort: 80 15 | protocol: TCP 16 | 17 | --- 18 | 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: aspnetapp 23 | spec: 24 | selector: 25 | app: aspnetapp 26 | ports: 27 | - protocol: TCP 28 | port: 80 29 | targetPort: 80 30 | 31 | --- 32 | 33 | apiVersion: networking.k8s.io/v1 34 | kind: Ingress 35 | metadata: 36 | name: aspnetapp 37 | annotations: 38 | kubernetes.io/ingress.class: azure/application-gateway 39 | spec: 40 | rules: 41 | - http: 42 | paths: 43 | - path: / 44 | backend: 45 | service: 46 | name: aspnetapp 47 | port: 48 | number: 80 49 | pathType: Exact -------------------------------------------------------------------------------- /docs/examples/guestbook/ing-guestbook-other.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: guestbook 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/backend-path-prefix: / 8 | spec: 9 | rules: 10 | - http: 11 | paths: 12 | - path: 13 | backend: 14 | service 15 | name: 16 | port: 17 | number: 80 18 | pathType: Prefix 19 | - backend: 20 | service: 21 | name: frontend 22 | port: 23 | number: 80 24 | -------------------------------------------------------------------------------- /docs/examples/guestbook/ing-guestbook-tls-sni.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: guestbook 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | spec: 8 | tls: 9 | - hosts: 10 | - 11 | secretName: 12 | rules: 13 | - host: 14 | http: 15 | paths: 16 | - backend: 17 | service: 18 | name: frontend 19 | port: 20 | number: 80 -------------------------------------------------------------------------------- /docs/examples/guestbook/ing-guestbook-tls.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: guestbook 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | spec: 8 | tls: 9 | - secretName: 10 | rules: 11 | - http: 12 | paths: 13 | - backend: 14 | service: 15 | name: frontend 16 | port: 17 | number: 80 -------------------------------------------------------------------------------- /docs/examples/guestbook/ing-guestbook.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: guestbook 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | spec: 8 | rules: 9 | - http: 10 | paths: 11 | - backend: 12 | service: 13 | name: frontend 14 | port: 15 | number: 80 -------------------------------------------------------------------------------- /docs/examples/sample-app/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-app 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: sample-app 9 | template: 10 | metadata: 11 | labels: 12 | app: sample-app 13 | spec: 14 | containers: 15 | - name: sample-app 16 | image: mcr.microsoft.com/dotnet/samples:aspnetapp 17 | resources: 18 | limits: 19 | memory: "128Mi" 20 | cpu: "500m" 21 | ports: 22 | - containerPort: 80 23 | replicas: 3 24 | -------------------------------------------------------------------------------- /docs/examples/sample-app/ingress-http.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: sample-app 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | spec: 8 | rules: 9 | - http: 10 | paths: 11 | - path: / 12 | backend: 13 | service: 14 | name: sample-app 15 | port: 16 | number: 80 17 | pathType: Exact 18 | -------------------------------------------------------------------------------- /docs/examples/sample-app/ingress-https.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: sample-app 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | spec: 8 | tls: 9 | - secretName: "sample-app-tls" 10 | rules: 11 | - http: 12 | paths: 13 | - path: / 14 | backend: 15 | service: 16 | name: sample-app 17 | port: 18 | number: 80 19 | pathType: Exact 20 | 21 | -------------------------------------------------------------------------------- /docs/examples/sample-app/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-app 5 | spec: 6 | selector: 7 | app: sample-app 8 | ports: 9 | - port: 80 10 | targetPort: 80 -------------------------------------------------------------------------------- /docs/features/cookie-affinity.md: -------------------------------------------------------------------------------- 1 | ## Enable Cookie based Affinity 2 | 3 | > **_NOTE:_** [Application Gateway for Containers](https://aka.ms/agc) has been released, which introduces numerous performance, resilience, and feature changes. Please consider leveraging Application Gateway for Containers for your next deployment. Details on cookie based affinity for Application Gateway for Containers [may be found here](https://learn.microsoft.com/azure/application-gateway/for-containers/session-affinity?tabs=session-affinity-gateway-api). 4 | 5 | As outlined in the [Azure Application Gateway Documentation](https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-components#http-settings), Application Gateway supports cookie based affinity enabling which it can direct subsequent traffic from a user session to the same server for processing. 6 | 7 | ### Example 8 | 9 | ```yaml 10 | apiVersion: networking.k8s.io/v1 11 | kind: Ingress 12 | metadata: 13 | name: guestbook 14 | annotations: 15 | kubernetes.io/ingress.class: azure/application-gateway 16 | appgw.ingress.kubernetes.io/cookie-based-affinity: "true" 17 | spec: 18 | rules: 19 | - http: 20 | paths: 21 | - backend: 22 | service: 23 | name: frontend 24 | port: 25 | number: 80 26 | ``` 27 | -------------------------------------------------------------------------------- /docs/images/architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/architecture.png -------------------------------------------------------------------------------- /docs/images/buildid.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/buildid.png -------------------------------------------------------------------------------- /docs/images/component-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/component-diagram.png -------------------------------------------------------------------------------- /docs/images/deployment-output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/deployment-output.png -------------------------------------------------------------------------------- /docs/images/dev-release.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/dev-release.png -------------------------------------------------------------------------------- /docs/images/pipeline-app.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/pipeline-app.png -------------------------------------------------------------------------------- /docs/images/pipeline-import.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/pipeline-import.png -------------------------------------------------------------------------------- /docs/images/pipeline-resource.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/pipeline-resource.png -------------------------------------------------------------------------------- /docs/images/pipeline-service-connection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/pipeline-service-connection.png -------------------------------------------------------------------------------- /docs/images/pipeline-set-connection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/pipeline-set-connection.png -------------------------------------------------------------------------------- /docs/images/pipeline-settings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/pipeline-settings.png -------------------------------------------------------------------------------- /docs/images/pipeline-success.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/pipeline-success.png -------------------------------------------------------------------------------- /docs/images/pipeline-task.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/pipeline-task.png -------------------------------------------------------------------------------- /docs/images/pipeline-variable.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/pipeline-variable.png -------------------------------------------------------------------------------- /docs/images/tsg--apply-config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/tsg--apply-config.png -------------------------------------------------------------------------------- /docs/images/tsg--backendpools.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/tsg--backendpools.png -------------------------------------------------------------------------------- /docs/images/tsg--curl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/tsg--curl.png -------------------------------------------------------------------------------- /docs/images/tsg--get-ingress.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/tsg--get-ingress.png -------------------------------------------------------------------------------- /docs/images/tsg--get-pods.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/tsg--get-pods.png -------------------------------------------------------------------------------- /docs/images/tsg--get-services.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/tsg--get-services.png -------------------------------------------------------------------------------- /docs/images/tsg--listeners.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/tsg--listeners.png -------------------------------------------------------------------------------- /docs/images/tsg--rule.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/tsg--rule.png -------------------------------------------------------------------------------- /docs/images/waf-policy-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/waf-policy-1.png -------------------------------------------------------------------------------- /docs/images/waf-policy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/images/waf-policy.png -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | 3 | > **_NOTE:_** [Application Gateway for Containers](https://aka.ms/agc) has been released, which introduces numerous performance, resilience, and feature changes. Please consider leveraging Application Gateway for Containers for your next deployment. 4 | 5 | The Application Gateway Ingress Controller allows [Azure Application Gateway](https://azure.microsoft.com/en-us/services/application-gateway/) to be used as the ingress for an [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/) aka AKS cluster. 6 | 7 | As shown in the figure below, the ingress controller runs as a pod within the AKS cluster. It consumes [Kubernetes `Ingress` Resources](http://kubernetes.io/docs/user-guide/ingress/) and converts them to an Azure Application Gateway configuration which allows the gateway to load-balance traffic to Kubernetes pods. 8 | 9 | ![Azure Application Gateway + AKS](images/architecture.png) 10 | 11 | ## Reporting Issues 12 | 13 | The best way to report an issue is to create a Github Issue for the project. Please include the following information when creating the issue: 14 | 15 | * Subscription ID for AKS cluster. 16 | * Subscription ID for Application Gateway. 17 | * AKS cluster name/ARM Resource ID. 18 | * Application Gateway name/ARM Resource ID. 19 | * Ingress resource definition that might causing the problem. 20 | * The Helm configuration used to install the ingress controller. 21 | -------------------------------------------------------------------------------- /docs/portal-launch-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Azure/application-gateway-kubernetes-ingress/cd1bd9a975bc3163bbca01e0b5920465a3ff7e89/docs/portal-launch-icon.png -------------------------------------------------------------------------------- /docs/troubleshootings/README.md: -------------------------------------------------------------------------------- 1 | # Troubleshooting Guide 2 | 3 | > **_NOTE:_** [Application Gateway for Containers](https://aka.ms/agc) has been released, which introduces numerous performance, resilience, and feature changes. Please consider leveraging Application Gateway for Containers for your next deployment. 4 | 5 | 1. [Troubleshoot by deploying a simple application](troubleshooting-installing-a-simple-application.md) 6 | 2. [Identity not found when using User-Assigned Managed Identity](troubleshooting-agic-addon-identity-not-found.md) 7 | 3. [AAD Pod Identity breaking change](troubleshooting-agic-fails-with-aad-pod-identity-breakingchange.md) 8 | 4. [AGIC pod not ready](troubleshooting-agic-pod-stuck-in-not-ready-state.md) -------------------------------------------------------------------------------- /functional_tests/.gitignore: -------------------------------------------------------------------------------- 1 | output.json 2 | -------------------------------------------------------------------------------- /functional_tests/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -auexo pipefail 4 | 5 | go test -v -tags unittest $(go list ./... | grep 'application-gateway'); echo $? 6 | -------------------------------------------------------------------------------- /helm/ingress-azure/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /helm/ingress-azure/Chart-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "XXVERSIONXX" 3 | description: Use Azure Application Gateway as the ingress for an Azure Kubernetes Service cluster. 4 | name: ingress-azure 5 | version: XXVERSIONXX 6 | -------------------------------------------------------------------------------- /helm/ingress-azure/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.9.0" 3 | description: Use Azure Application Gateway as the ingress for an Azure Kubernetes Service cluster. 4 | name: ingress-azure 5 | version: 1.9.0 6 | -------------------------------------------------------------------------------- /helm/ingress-azure/crds/azureingressprohibitedtarget.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: azureingressprohibitedtargets.appgw.ingress.k8s.io 5 | annotations: 6 | "api-approved.kubernetes.io": "https://github.com/Azure/application-gateway-kubernetes-ingress/pull/1272" 7 | spec: 8 | group: appgw.ingress.k8s.io 9 | names: 10 | kind: AzureIngressProhibitedTarget 11 | plural: azureingressprohibitedtargets 12 | scope: Namespaced 13 | versions: 14 | - name: v1 15 | served: true 16 | storage: true 17 | schema: 18 | openAPIV3Schema: 19 | type: object 20 | properties: 21 | spec: 22 | type: object 23 | properties: 24 | hostname: 25 | description: "(optional) Hostname of the prohibited target" 26 | type: string 27 | paths: 28 | description: "(optional) A list of URL paths, for which the Ingress Controller is prohibited from mutating Application Gateway configuration; Must begin with a / and end with /*" 29 | type: array 30 | items: 31 | type: string 32 | pattern: '^\/(?:.+\/)?\*$' -------------------------------------------------------------------------------- /helm/ingress-azure/templates/aadpodidbinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.armAuth -}} 2 | {{- if eq .Values.armAuth.type "aadPodIdentity"}} 3 | 4 | # Please see https://github.com/Azure/aad-pod-identity for more inromation 5 | apiVersion: "aadpodidentity.k8s.io/v1" 6 | kind: AzureIdentityBinding 7 | metadata: 8 | name: {{ template "application-gateway-kubernetes-ingress.azureidbinding" . }} 9 | spec: 10 | azureIdentity: {{ template "application-gateway-kubernetes-ingress.azureidentity" . }} 11 | selector: {{ template "application-gateway-kubernetes-ingress.fullname" . }} 12 | 13 | {{- end}} 14 | {{- end}} -------------------------------------------------------------------------------- /helm/ingress-azure/templates/aadpodidentity.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.armAuth -}} 2 | {{- if eq .Values.armAuth.type "aadPodIdentity"}} 3 | 4 | # Please see https://github.com/Azure/aad-pod-identity for more information 5 | apiVersion: "aadpodidentity.k8s.io/v1" 6 | kind: AzureIdentity 7 | metadata: 8 | name: {{ template "application-gateway-kubernetes-ingress.azureidentity" . }} 9 | {{- if .Values.armAuth.namespaced }} 10 | annotations: 11 | aadpodidentity.k8s.io/Behavior: namespaced 12 | {{- end }} 13 | spec: 14 | type: 0 15 | resourceID: {{ required "armAuth.identityResourceID is required if using AAD-Pod-Identity" .Values.armAuth.identityResourceID }} 16 | clientID: {{ required "armAuth.identityClientID is required if using AAD-Pod-Identity" .Values.armAuth.identityClientID }} 17 | 18 | {{- end}} 19 | {{- end}} 20 | -------------------------------------------------------------------------------- /helm/ingress-azure/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.enabled -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | labels: 6 | app: {{ template "application-gateway-kubernetes-ingress.name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | name: {{ template "application-gateway-kubernetes-ingress.fullname" . }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: {{ template "application-gateway-kubernetes-ingress.fullname" . }} 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ template "application-gateway-kubernetes-ingress.serviceaccountname" . }} 18 | namespace: {{ .Release.Namespace }} 19 | {{- end -}} -------------------------------------------------------------------------------- /helm/ingress-azure/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.appgw -}} 2 | {{- if .Values.appgw.shared -}} 3 | {{- $watchNamespace := .Values.kubernetes.watchNamespace -}} 4 | {{- if not .Values.appgw.prohibitedTargets }} 5 | apiVersion: appgw.ingress.k8s.io/v1 6 | kind: AzureIngressProhibitedTarget 7 | metadata: 8 | name: prohibit-all-targets 9 | spec: 10 | paths: 11 | - /* 12 | {{- end -}} 13 | {{- range .Values.appgw.prohibitedTargets -}} 14 | apiVersion: appgw.ingress.k8s.io/v1 15 | kind: AzureIngressProhibitedTarget 16 | metadata: 17 | name: {{ .name }} 18 | {{- if $watchNamespace }} 19 | namespace: {{ $watchNamespace | splitList "," | first }} 20 | {{- end }} 21 | spec: 22 | {{- if .hostname }} 23 | hostname: {{ .hostname | quote }} 24 | {{- end }} 25 | {{- if .paths }} 26 | paths: 27 | {{- range .paths }} 28 | - {{ . }} 29 | {{- end }} 30 | {{- end }} 31 | --- 32 | {{- end }} 33 | {{- end -}} 34 | {{- end -}} 35 | -------------------------------------------------------------------------------- /helm/ingress-azure/templates/ingressclass.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.kubernetes.ingressClassResource.enabled -}} 2 | apiVersion: networking.k8s.io/v1 3 | kind: IngressClass 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: controller 7 | name: {{ .Values.kubernetes.ingressClassResource.name }} 8 | {{- if .Values.kubernetes.ingressClassResource.default }} 9 | annotations: 10 | ingressclass.kubernetes.io/is-default-class: "true" 11 | {{- end }} 12 | spec: 13 | controller: {{ .Values.kubernetes.ingressClassResource.controllerValue }} 14 | {{- end }} -------------------------------------------------------------------------------- /helm/ingress-azure/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.armAuth -}} 2 | {{- if and (eq .Values.armAuth.type "servicePrincipal") (not .Values.armAuth.existingSecret) -}} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: networking-appgw-k8s-azure-service-principal 7 | type: Opaque 8 | data: 9 | armAuth.json: "{{- required "armAuth.secretJSON is required when using servicePrincipal" .Values.armAuth.secretJSON -}}" 10 | {{- end -}} 11 | {{- end -}} 12 | -------------------------------------------------------------------------------- /helm/ingress-azure/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app: {{ template "application-gateway-kubernetes-ingress.name" . }} 6 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 7 | heritage: {{ .Release.Service }} 8 | release: {{ .Release.Name }} 9 | {{- if .Values.armAuth }} 10 | {{- if eq .Values.armAuth.type "workloadIdentity" }} 11 | azure.workload.identity/use: "true" 12 | annotations: 13 | azure.workload.identity/client-id: {{ required "armAuth.identityClientID is required if using Workload Identity" .Values.armAuth.identityClientID }} 14 | {{- end }} 15 | {{- end }} 16 | name: {{ template "application-gateway-kubernetes-ingress.serviceaccountname" . }} -------------------------------------------------------------------------------- /helm/ingress-azure/tests/fixtures/sample-config-empty.json: -------------------------------------------------------------------------------- 1 | { 2 | "verbosityLevel": 3, 3 | "appgw": { 4 | "subscriptionId": "0000-0000-0000-0000-00000000", 5 | "resourceGroup": "resgp", 6 | "name": "gateway", 7 | "usePrivateIP": false, 8 | "shared": false 9 | }, 10 | "armAuth": { 11 | "type": "aadPodIdentity", 12 | "identityResourceID": "/a/b/c", 13 | "identityClientID": "0000-0000-0000-0000-00000000" 14 | }, 15 | "rbac": { 16 | "enabled": false 17 | }, 18 | "kubernetes": { 19 | "resources": {} 20 | } 21 | } -------------------------------------------------------------------------------- /helm/ingress-azure/tests/fixtures/sample-config-existing-secret.json: -------------------------------------------------------------------------------- 1 | { 2 | "verbosityLevel": 3, 3 | "appgw": { 4 | "subscriptionId": "0000-0000-0000-0000-00000000", 5 | "resourceGroup": "resgp", 6 | "name": "gateway", 7 | "usePrivateIP": false, 8 | "shared": false 9 | }, 10 | "armAuth": { 11 | "type": "servicePrincipal", 12 | "existingSecret": "my-existing-secret" 13 | }, 14 | "rbac": { 15 | "enabled": false 16 | }, 17 | "kubernetes": { 18 | "resources": {} 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /helm/ingress-azure/tests/fixtures/sample-config-prohibited-target.json: -------------------------------------------------------------------------------- 1 | { 2 | "verbosityLevel": 3, 3 | "appgw": { 4 | "subscriptionId": "0000-0000-0000-0000-00000000", 5 | "resourceGroup": "resgp", 6 | "name": "gateway", 7 | "usePrivateIP": false, 8 | "shared": true, 9 | "prohibitedTargets": [ 10 | { 11 | "name": "prohibit-backend-ns", 12 | "paths": [ 13 | "/blacklist/*" 14 | ] 15 | } 16 | ] 17 | }, 18 | "armAuth": { 19 | "type": "aadPodIdentity", 20 | "identityResourceID": "/a/b/c", 21 | "identityClientID": "0000-0000-0000-0000-00000000" 22 | }, 23 | "rbac": { 24 | "enabled": false 25 | }, 26 | "kubernetes": { 27 | "resources": {} 28 | } 29 | } -------------------------------------------------------------------------------- /helm/ingress-azure/tests/fixtures/sample-config-workload-identity.json: -------------------------------------------------------------------------------- 1 | { 2 | "verbosityLevel": 3, 3 | "appgw": { 4 | "subscriptionId": "sub-id", 5 | "resourceGroup": "resgp", 6 | "name": "gateway", 7 | "usePrivateIP": false, 8 | "shared": false 9 | }, 10 | "armAuth": { 11 | "type": "workloadIdentity", 12 | "identityClientID": "client-id" 13 | }, 14 | "rbac": { 15 | "enabled": false 16 | }, 17 | "kubernetes": { 18 | "resources": {} 19 | } 20 | } -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-addon/ingress-azure/templates/aadpodidbinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/aadpodidbinding.yaml 3 | # Please see https://github.com/Azure/aad-pod-identity for more inromation 4 | apiVersion: "aadpodidentity.k8s.io/v1" 5 | kind: AzureIdentityBinding 6 | metadata: 7 | name: release-name-azidbinding-ingress-azure 8 | spec: 9 | azureIdentity: release-name-azid-ingress-azure 10 | selector: release-name-ingress-azure -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-addon/ingress-azure/templates/aadpodidentity.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/aadpodidentity.yaml 3 | # Please see https://github.com/Azure/aad-pod-identity for more information 4 | apiVersion: "aadpodidentity.k8s.io/v1" 5 | kind: AzureIdentity 6 | metadata: 7 | name: release-name-azid-ingress-azure 8 | spec: 9 | type: 0 10 | resourceID: /a/b/c 11 | clientID: 0000-0000-0000-0000-00000000 -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-addon/ingress-azure/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/configmap.yaml 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: release-name-cm-ingress-azure 7 | labels: 8 | app: ingress-azure 9 | chart: ingress-azure-1.6.0 10 | heritage: Helm 11 | release: release-name 12 | data: 13 | APPGW_VERBOSITY_LEVEL: "3" 14 | MULTI_CLUSTER_MODE: "false" 15 | HTTP_SERVICE_PORT: "8123" 16 | APPGW_SUBSCRIPTION_ID: "0000-0000-0000-0000-00000000" 17 | APPGW_RESOURCE_GROUP: "resgp" 18 | APPGW_NAME: "gateway" 19 | APPGW_SUBNET_NAME: "gateway-subnet" 20 | KUBERNETES_WATCHNAMESPACE: "a,b,c" 21 | AZURE_CLIENT_ID: "0000-0000-0000-0000-00000000" 22 | USE_MANAGED_IDENTITY_FOR_POD: "true" 23 | INGRESS_CLASS_RESOURCE_ENABLED: "true" 24 | INGRESS_CLASS_RESOURCE_NAME: "azure-application-gateway" 25 | INGRESS_CLASS_RESOURCE_CONTROLLER: "azure/application-gateway" 26 | ADDON_MODE: "true" -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-addon/ingress-azure/templates/ingressclass.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/ingressclass.yaml 3 | apiVersion: networking.k8s.io/v1 4 | kind: IngressClass 5 | metadata: 6 | labels: 7 | app.kubernetes.io/component: controller 8 | name: azure-application-gateway 9 | spec: 10 | controller: azure/application-gateway -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-addon/ingress-azure/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/serviceaccount.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | labels: 7 | app: ingress-azure 8 | chart: ingress-azure-1.6.0 9 | heritage: Helm 10 | release: release-name 11 | name: release-name-sa-ingress-azure -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-empty/ingress-azure/templates/aadpodidbinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/aadpodidbinding.yaml 3 | # Please see https://github.com/Azure/aad-pod-identity for more inromation 4 | apiVersion: "aadpodidentity.k8s.io/v1" 5 | kind: AzureIdentityBinding 6 | metadata: 7 | name: release-name-azidbinding-ingress-azure 8 | spec: 9 | azureIdentity: release-name-azid-ingress-azure 10 | selector: release-name-ingress-azure -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-empty/ingress-azure/templates/aadpodidentity.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/aadpodidentity.yaml 3 | # Please see https://github.com/Azure/aad-pod-identity for more information 4 | apiVersion: "aadpodidentity.k8s.io/v1" 5 | kind: AzureIdentity 6 | metadata: 7 | name: release-name-azid-ingress-azure 8 | spec: 9 | type: 0 10 | resourceID: /a/b/c 11 | clientID: 0000-0000-0000-0000-00000000 -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-empty/ingress-azure/templates/cleanup-job.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/cleanup-job.yaml 3 | apiVersion: batch/v1 4 | kind: Job 5 | metadata: 6 | name: release-name-ingress-azure-cleanup 7 | labels: 8 | app: ingress-azure-cleanup 9 | chart: ingress-azure-1.6.0 10 | heritage: Helm 11 | release: release-name 12 | annotations: 13 | "helm.sh/hook": pre-delete 14 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 15 | spec: 16 | template: 17 | spec: 18 | serviceAccountName: release-name-sa-ingress-azure 19 | restartPolicy: OnFailure 20 | containers: 21 | - name: cleanup 22 | image: mcr.microsoft.com/azure-application-gateway/kubernetes-ingress:1.6.0 23 | imagePullPolicy: Always 24 | env: 25 | - name: AGIC_POD_NAMESPACE 26 | valueFrom: 27 | fieldRef: 28 | fieldPath: metadata.namespace 29 | command: 30 | - "/appgw-ingress" 31 | - "--cleanup-oec" 32 | - "app.kubernetes.io/managed-by=ingress-appgw-helm" 33 | securityContext: 34 | capabilities: 35 | drop: 36 | - ALL -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-empty/ingress-azure/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/configmap.yaml 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: release-name-cm-ingress-azure 7 | labels: 8 | app: ingress-azure 9 | chart: ingress-azure-1.6.0 10 | heritage: Helm 11 | release: release-name 12 | data: 13 | APPGW_VERBOSITY_LEVEL: "3" 14 | MULTI_CLUSTER_MODE: "false" 15 | HTTP_SERVICE_PORT: "8123" 16 | APPGW_SUBSCRIPTION_ID: "0000-0000-0000-0000-00000000" 17 | APPGW_RESOURCE_GROUP: "resgp" 18 | APPGW_NAME: "gateway" 19 | APPGW_SUBNET_NAME: "gateway-subnet" 20 | AZURE_CLIENT_ID: "0000-0000-0000-0000-00000000" 21 | USE_MANAGED_IDENTITY_FOR_POD: "true" 22 | INGRESS_CLASS_RESOURCE_ENABLED: "true" 23 | INGRESS_CLASS_RESOURCE_NAME: "azure-application-gateway" 24 | INGRESS_CLASS_RESOURCE_CONTROLLER: "azure/application-gateway" -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-empty/ingress-azure/templates/ingressclass.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/ingressclass.yaml 3 | apiVersion: networking.k8s.io/v1 4 | kind: IngressClass 5 | metadata: 6 | labels: 7 | app.kubernetes.io/component: controller 8 | name: azure-application-gateway 9 | spec: 10 | controller: azure/application-gateway -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-empty/ingress-azure/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/serviceaccount.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | labels: 7 | app: ingress-azure 8 | chart: ingress-azure-1.6.0 9 | heritage: Helm 10 | release: release-name 11 | name: release-name-sa-ingress-azure -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-existing-secret/ingress-azure/templates/cleanup-job.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/cleanup-job.yaml 3 | apiVersion: batch/v1 4 | kind: Job 5 | metadata: 6 | name: release-name-ingress-azure-cleanup 7 | labels: 8 | app: ingress-azure-cleanup 9 | chart: ingress-azure-1.6.0 10 | heritage: Helm 11 | release: release-name 12 | annotations: 13 | "helm.sh/hook": pre-delete 14 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 15 | spec: 16 | template: 17 | spec: 18 | serviceAccountName: release-name-sa-ingress-azure 19 | restartPolicy: OnFailure 20 | containers: 21 | - name: cleanup 22 | image: mcr.microsoft.com/azure-application-gateway/kubernetes-ingress:1.6.0 23 | imagePullPolicy: Always 24 | env: 25 | - name: AGIC_POD_NAMESPACE 26 | valueFrom: 27 | fieldRef: 28 | fieldPath: metadata.namespace 29 | command: 30 | - "/appgw-ingress" 31 | - "--cleanup-oec" 32 | - "app.kubernetes.io/managed-by=ingress-appgw-helm" 33 | securityContext: 34 | capabilities: 35 | drop: 36 | - ALL -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-existing-secret/ingress-azure/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/configmap.yaml 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: release-name-cm-ingress-azure 7 | labels: 8 | app: ingress-azure 9 | chart: ingress-azure-1.6.0 10 | heritage: Helm 11 | release: release-name 12 | data: 13 | APPGW_VERBOSITY_LEVEL: "3" 14 | MULTI_CLUSTER_MODE: "false" 15 | HTTP_SERVICE_PORT: "8123" 16 | APPGW_SUBSCRIPTION_ID: "0000-0000-0000-0000-00000000" 17 | APPGW_RESOURCE_GROUP: "resgp" 18 | APPGW_NAME: "gateway" 19 | APPGW_SUBNET_NAME: "gateway-subnet" 20 | INGRESS_CLASS_RESOURCE_ENABLED: "true" 21 | INGRESS_CLASS_RESOURCE_NAME: "azure-application-gateway" 22 | INGRESS_CLASS_RESOURCE_CONTROLLER: "azure/application-gateway" -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-existing-secret/ingress-azure/templates/ingressclass.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/ingressclass.yaml 3 | apiVersion: networking.k8s.io/v1 4 | kind: IngressClass 5 | metadata: 6 | labels: 7 | app.kubernetes.io/component: controller 8 | name: azure-application-gateway 9 | spec: 10 | controller: azure/application-gateway -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-existing-secret/ingress-azure/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/serviceaccount.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | labels: 7 | app: ingress-azure 8 | chart: ingress-azure-1.6.0 9 | heritage: Helm 10 | release: release-name 11 | name: release-name-sa-ingress-azure -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-prohibited-target/ingress-azure/templates/aadpodidbinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/aadpodidbinding.yaml 3 | # Please see https://github.com/Azure/aad-pod-identity for more inromation 4 | apiVersion: "aadpodidentity.k8s.io/v1" 5 | kind: AzureIdentityBinding 6 | metadata: 7 | name: release-name-azidbinding-ingress-azure 8 | spec: 9 | azureIdentity: release-name-azid-ingress-azure 10 | selector: release-name-ingress-azure -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-prohibited-target/ingress-azure/templates/aadpodidentity.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/aadpodidentity.yaml 3 | # Please see https://github.com/Azure/aad-pod-identity for more information 4 | apiVersion: "aadpodidentity.k8s.io/v1" 5 | kind: AzureIdentity 6 | metadata: 7 | name: release-name-azid-ingress-azure 8 | spec: 9 | type: 0 10 | resourceID: /a/b/c 11 | clientID: 0000-0000-0000-0000-00000000 -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-prohibited-target/ingress-azure/templates/cleanup-job.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/cleanup-job.yaml 3 | apiVersion: batch/v1 4 | kind: Job 5 | metadata: 6 | name: release-name-ingress-azure-cleanup 7 | labels: 8 | app: ingress-azure-cleanup 9 | chart: ingress-azure-1.6.0 10 | heritage: Helm 11 | release: release-name 12 | annotations: 13 | "helm.sh/hook": pre-delete 14 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 15 | spec: 16 | template: 17 | spec: 18 | serviceAccountName: release-name-sa-ingress-azure 19 | restartPolicy: OnFailure 20 | containers: 21 | - name: cleanup 22 | image: mcr.microsoft.com/azure-application-gateway/kubernetes-ingress:1.6.0 23 | imagePullPolicy: Always 24 | env: 25 | - name: AGIC_POD_NAMESPACE 26 | valueFrom: 27 | fieldRef: 28 | fieldPath: metadata.namespace 29 | command: 30 | - "/appgw-ingress" 31 | - "--cleanup-oec" 32 | - "app.kubernetes.io/managed-by=ingress-appgw-helm" 33 | securityContext: 34 | capabilities: 35 | drop: 36 | - ALL -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-prohibited-target/ingress-azure/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/configmap.yaml 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: release-name-cm-ingress-azure 7 | labels: 8 | app: ingress-azure 9 | chart: ingress-azure-1.6.0 10 | heritage: Helm 11 | release: release-name 12 | data: 13 | APPGW_VERBOSITY_LEVEL: "3" 14 | MULTI_CLUSTER_MODE: "false" 15 | HTTP_SERVICE_PORT: "8123" 16 | APPGW_SUBSCRIPTION_ID: "0000-0000-0000-0000-00000000" 17 | APPGW_RESOURCE_GROUP: "resgp" 18 | APPGW_NAME: "gateway" 19 | APPGW_SUBNET_NAME: "gateway-subnet" 20 | APPGW_ENABLE_SHARED_APPGW: "true" 21 | AZURE_CLIENT_ID: "0000-0000-0000-0000-00000000" 22 | USE_MANAGED_IDENTITY_FOR_POD: "true" 23 | INGRESS_CLASS_RESOURCE_ENABLED: "true" 24 | INGRESS_CLASS_RESOURCE_NAME: "azure-application-gateway" 25 | INGRESS_CLASS_RESOURCE_CONTROLLER: "azure/application-gateway" -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-prohibited-target/ingress-azure/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/crds.yaml 3 | apiVersion: appgw.ingress.k8s.io/v1 4 | kind: AzureIngressProhibitedTarget 5 | metadata: 6 | name: prohibit-backend-ns 7 | spec: 8 | paths: 9 | - /blacklist/* -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-prohibited-target/ingress-azure/templates/ingressclass.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/ingressclass.yaml 3 | apiVersion: networking.k8s.io/v1 4 | kind: IngressClass 5 | metadata: 6 | labels: 7 | app.kubernetes.io/component: controller 8 | name: azure-application-gateway 9 | spec: 10 | controller: azure/application-gateway -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-prohibited-target/ingress-azure/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/serviceaccount.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | labels: 7 | app: ingress-azure 8 | chart: ingress-azure-1.6.0 9 | heritage: Helm 10 | release: release-name 11 | name: release-name-sa-ingress-azure -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-workload-identity/ingress-azure/templates/cleanup-job.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/cleanup-job.yaml 3 | apiVersion: batch/v1 4 | kind: Job 5 | metadata: 6 | name: release-name-ingress-azure-cleanup 7 | labels: 8 | app: ingress-azure-cleanup 9 | chart: ingress-azure-1.6.0 10 | heritage: Helm 11 | release: release-name 12 | annotations: 13 | "helm.sh/hook": pre-delete 14 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 15 | spec: 16 | template: 17 | spec: 18 | serviceAccountName: release-name-sa-ingress-azure 19 | restartPolicy: OnFailure 20 | containers: 21 | - name: cleanup 22 | image: mcr.microsoft.com/azure-application-gateway/kubernetes-ingress:1.6.0 23 | imagePullPolicy: Always 24 | env: 25 | - name: AGIC_POD_NAMESPACE 26 | valueFrom: 27 | fieldRef: 28 | fieldPath: metadata.namespace 29 | command: 30 | - "/appgw-ingress" 31 | - "--cleanup-oec" 32 | - "app.kubernetes.io/managed-by=ingress-appgw-helm" 33 | securityContext: 34 | capabilities: 35 | drop: 36 | - ALL -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-workload-identity/ingress-azure/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/configmap.yaml 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: release-name-cm-ingress-azure 7 | labels: 8 | app: ingress-azure 9 | chart: ingress-azure-1.6.0 10 | heritage: Helm 11 | release: release-name 12 | data: 13 | APPGW_VERBOSITY_LEVEL: "3" 14 | MULTI_CLUSTER_MODE: "false" 15 | HTTP_SERVICE_PORT: "8123" 16 | APPGW_SUBSCRIPTION_ID: "sub-id" 17 | APPGW_RESOURCE_GROUP: "resgp" 18 | APPGW_NAME: "gateway" 19 | APPGW_SUBNET_NAME: "gateway-subnet" 20 | AZURE_CLIENT_ID: "client-id" 21 | USE_MANAGED_IDENTITY_FOR_POD: "true" 22 | INGRESS_CLASS_RESOURCE_ENABLED: "true" 23 | INGRESS_CLASS_RESOURCE_NAME: "azure-application-gateway" 24 | INGRESS_CLASS_RESOURCE_CONTROLLER: "azure/application-gateway" -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-workload-identity/ingress-azure/templates/ingressclass.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/ingressclass.yaml 3 | apiVersion: networking.k8s.io/v1 4 | kind: IngressClass 5 | metadata: 6 | labels: 7 | app.kubernetes.io/component: controller 8 | name: azure-application-gateway 9 | spec: 10 | controller: azure/application-gateway -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config-workload-identity/ingress-azure/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/serviceaccount.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | labels: 7 | app: ingress-azure 8 | chart: ingress-azure-1.6.0 9 | heritage: Helm 10 | release: release-name 11 | azure.workload.identity/use: "true" 12 | annotations: 13 | azure.workload.identity/client-id: client-id 14 | name: release-name-sa-ingress-azure -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config/ingress-azure/templates/aadpodidbinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/aadpodidbinding.yaml 3 | # Please see https://github.com/Azure/aad-pod-identity for more inromation 4 | apiVersion: "aadpodidentity.k8s.io/v1" 5 | kind: AzureIdentityBinding 6 | metadata: 7 | name: release-name-azidbinding-ingress-azure 8 | spec: 9 | azureIdentity: release-name-azid-ingress-azure 10 | selector: release-name-ingress-azure -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config/ingress-azure/templates/aadpodidentity.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/aadpodidentity.yaml 3 | # Please see https://github.com/Azure/aad-pod-identity for more information 4 | apiVersion: "aadpodidentity.k8s.io/v1" 5 | kind: AzureIdentity 6 | metadata: 7 | name: release-name-azid-ingress-azure 8 | spec: 9 | type: 0 10 | resourceID: /a/b/c 11 | clientID: 0000-0000-0000-0000-00000000 -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config/ingress-azure/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/configmap.yaml 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: release-name-cm-ingress-azure 7 | labels: 8 | app: ingress-azure 9 | chart: ingress-azure-1.6.0 10 | heritage: Helm 11 | release: release-name 12 | data: 13 | APPGW_VERBOSITY_LEVEL: "3" 14 | MULTI_CLUSTER_MODE: "false" 15 | HTTP_SERVICE_PORT: "8123" 16 | APPGW_SUBSCRIPTION_ID: "0000-0000-0000-0000-00000000" 17 | APPGW_RESOURCE_GROUP: "resgp" 18 | APPGW_NAME: "gateway" 19 | APPGW_SUBNET_NAME: "gateway-subnet" 20 | KUBERNETES_WATCHNAMESPACE: "a,b,c" 21 | AZURE_CLIENT_ID: "0000-0000-0000-0000-00000000" 22 | USE_MANAGED_IDENTITY_FOR_POD: "true" 23 | INGRESS_CLASS_RESOURCE_ENABLED: "true" 24 | INGRESS_CLASS_RESOURCE_NAME: "azure-application-gateway" 25 | INGRESS_CLASS_RESOURCE_CONTROLLER: "azure/application-gateway" -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config/ingress-azure/templates/ingressclass.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/ingressclass.yaml 3 | apiVersion: networking.k8s.io/v1 4 | kind: IngressClass 5 | metadata: 6 | labels: 7 | app.kubernetes.io/component: controller 8 | name: azure-application-gateway 9 | spec: 10 | controller: azure/application-gateway -------------------------------------------------------------------------------- /helm/ingress-azure/tests/snapshots/sample-config/ingress-azure/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: ingress-azure/templates/serviceaccount.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | labels: 7 | app: ingress-azure 8 | chart: ingress-azure-1.6.0 9 | heritage: Helm 10 | release: release-name 11 | name: release-name-sa-ingress-azure -------------------------------------------------------------------------------- /mkdocs.yml: -------------------------------------------------------------------------------- 1 | site_name: Application Gateway Ingress Controller 2 | repo_name: "Azure/application-gateway-kubernetes-ingress" 3 | repo_url: "https://github.com/Azure/application-gateway-kubernetes-ingress" 4 | 5 | theme: 6 | name: readthedocs 7 | highlightjs: true 8 | hljs_languages: 9 | - yaml 10 | - rust 11 | - bash 12 | - go 13 | shortcuts: 14 | help: 191 # ? 15 | next: 78 # n 16 | previous: 80 # p 17 | search: 83 # s 18 | 19 | plugins: 20 | - search 21 | - awesome-pages: 22 | filename: .index 23 | collapse_single_pages: true 24 | - exclude: 25 | glob: 26 | - examples/guestbooks/* 27 | - examples/sample-app/* 28 | 29 | extra_css: 30 | - docs/css/extra.css 31 | 32 | markdown_extensions: 33 | - pymdownx.arithmatex 34 | - pymdownx.betterem: 35 | smart_enable: all 36 | - pymdownx.caret 37 | - pymdownx.critic 38 | - pymdownx.details 39 | - pymdownx.emoji: 40 | emoji_generator: pymdownx.emoji.to_svg 41 | - pymdownx.inlinehilite 42 | - pymdownx.magiclink 43 | - pymdownx.mark 44 | - pymdownx.smartsymbols 45 | - pymdownx.superfences 46 | - pymdownx.tasklist: 47 | custom_checkbox: true 48 | - pymdownx.tilde 49 | -------------------------------------------------------------------------------- /pkg/apis/azureapplicationgatewaybackendpool/v1beta1/doc.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +k8s:deepcopy-gen=package,register 7 | // +groupName=azureapplicationgatewaybackendpools.appgw.ingress.azure.io 8 | 9 | // Package v1beta1 is the v1beta1 version of the API. 10 | package v1beta1 11 | -------------------------------------------------------------------------------- /pkg/apis/azureapplicationgatewayinstanceupdatestatus/v1beta1/doc.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +k8s:deepcopy-gen=package,register 7 | // +groupName=azureapplicationgatewayinstanceupdatestatus.appgw.ingress.azure.io 8 | 9 | // Package v1beta1 is the v1beta1 version of the API. 10 | package v1beta1 11 | -------------------------------------------------------------------------------- /pkg/apis/azureapplicationgatewayrewrite/v1beta1/doc.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +k8s:deepcopy-gen=package,register 7 | // +groupName=azureapplicationgatewayrewrites.appgw.ingress.azure.io 8 | 9 | // Package v1beta1 is the v1beta1 version of the API. 10 | package v1beta1 11 | -------------------------------------------------------------------------------- /pkg/apis/azureingressprohibitedtarget/v1/doc.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +k8s:deepcopy-gen=package,register 7 | // +groupName=azureingressprohibitedtargets.appgw.ingress.k8s.io 8 | 9 | // Package v1 is the v1 version of the API. 10 | package v1 11 | -------------------------------------------------------------------------------- /pkg/apis/loaddistributionpolicy/v1beta1/doc.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +k8s:deepcopy-gen=package,register 7 | // +groupName=loaddistributionpolicies.appgw.ingress.azure.io 8 | 9 | // Package v1beta1 is the v1beta1 version of the API. 10 | package v1beta1 11 | -------------------------------------------------------------------------------- /pkg/apis/multiclusteringress/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +k8s:deepcopy-gen=package,register 7 | // +groupName=multiclusteringresses.networking.aks.io 8 | 9 | // Package v1alpha1 is the v1alpha1 version of the API. 10 | package v1alpha1 11 | -------------------------------------------------------------------------------- /pkg/apis/multiclusterservice/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +k8s:deepcopy-gen=package,register 7 | // +groupName=multiclusterservices.networking.aks.io 8 | 9 | // Package v1alpha1 is the v1alpha1 version of the API. 10 | package v1alpha1 11 | -------------------------------------------------------------------------------- /pkg/appgw/appgw_suite_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +build unittest 7 | 8 | package appgw 9 | 10 | import ( 11 | "flag" 12 | "testing" 13 | 14 | . "github.com/onsi/ginkgo" 15 | . "github.com/onsi/gomega" 16 | "k8s.io/klog/v2" 17 | ) 18 | 19 | func TestAppgw(t *testing.T) { 20 | klog.InitFlags(nil) 21 | _ = flag.Set("v", "3") 22 | _ = flag.Lookup("logtostderr").Value.Set("true") 23 | 24 | RegisterFailHandler(Fail) 25 | RunSpecs(t, "Appgw Suite") 26 | } 27 | -------------------------------------------------------------------------------- /pkg/appgw/configbuilder_debug.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package appgw 7 | 8 | import ( 9 | "fmt" 10 | "strings" 11 | 12 | v1 "k8s.io/api/core/v1" 13 | ) 14 | 15 | func printEndpoints(endpoints v1.Endpoints) { 16 | fmt.Printf("Endpoint [%s]\n", endpoints.Name) 17 | for _, subset := range endpoints.Subsets { 18 | ports := subset.Ports 19 | tmp := make([]string, 0, len(ports)) 20 | for _, port := range ports { 21 | tmp = append(tmp, port.Name) 22 | } 23 | portsString := strings.Join(tmp, ",") 24 | fmt.Printf(" - subset ports=[%s]\n", portsString) 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /pkg/appgw/helper.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package appgw 7 | 8 | import ( 9 | "fmt" 10 | 11 | networkingv1 "k8s.io/api/networking/v1" 12 | ) 13 | 14 | func serviceBackendPortToStr(port networkingv1.ServiceBackendPort) string { 15 | if port.Name != "" { 16 | return fmt.Sprintf(port.Name) 17 | } 18 | return fmt.Sprintf("%d", port.Number) 19 | } 20 | -------------------------------------------------------------------------------- /pkg/appgw/http_listeners.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package appgw 7 | 8 | func (c *appGwConfigBuilder) Listeners(cbCtx *ConfigBuilderContext) error { 9 | 10 | c.appGw.SslCertificates = c.getSslCertificates(cbCtx) 11 | c.appGw.HTTPListeners, c.appGw.FrontendPorts = c.getListeners(cbCtx) 12 | 13 | // App Gateway Rules can be configured to redirect HTTP traffic to HTTPS URLs. 14 | // In this step here we create the redirection configurations. These configs are attached to request routing rules 15 | // in the RequestRoutingRules step, which must be executed after Listeners. 16 | c.appGw.RedirectConfigurations = c.getRedirectConfigurations(cbCtx) 17 | 18 | return nil 19 | } 20 | -------------------------------------------------------------------------------- /pkg/appgw/identifier_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +build unittest 7 | 8 | package appgw 9 | 10 | import ( 11 | "fmt" 12 | "testing" 13 | ) 14 | 15 | func TestRedirectConfigurationID(t *testing.T) { 16 | ident := Identifier{ 17 | SubscriptionID: "subs", 18 | ResourceGroup: "rg", 19 | AppGwName: "appgwname", 20 | } 21 | actual := ident.redirectConfigurationID("cofiguration-name") 22 | expected := "/subscriptions/subs/resourceGroups/rg/providers/" + 23 | "Microsoft.Network/applicationGateways/appgwname" + 24 | "/redirectConfigurations/cofiguration-name" 25 | if actual != expected { 26 | t.Error(fmt.Sprintf("\nExpected %s\nActually %s", expected, actual)) 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /pkg/appgw/istio_types.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package appgw 7 | 8 | import "github.com/knative/pkg/apis/istio/v1alpha3" 9 | 10 | type istioMatchIdentifier struct { 11 | Namespace string 12 | VirtualService *v1alpha3.VirtualService 13 | Rule *v1alpha3.HTTPRoute 14 | Match *v1alpha3.HTTPMatchRequest 15 | Destinations []*v1alpha3.Destination 16 | Gateways []string 17 | } 18 | 19 | type istioVirtualServiceIdentifier struct { 20 | Namespace string 21 | Name string 22 | } 23 | 24 | type istioDestinationIdentifier struct { 25 | serviceIdentifier 26 | istioVirtualServiceIdentifier 27 | 28 | DestinationHost string 29 | DestinationSubset string 30 | DestinationPort uint32 31 | } 32 | -------------------------------------------------------------------------------- /pkg/azure/azure_suite_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package azure 7 | 8 | import ( 9 | "flag" 10 | "testing" 11 | 12 | . "github.com/onsi/ginkgo/v2" 13 | . "github.com/onsi/gomega" 14 | "k8s.io/klog/v2" 15 | ) 16 | 17 | func TestAzure(t *testing.T) { 18 | klog.InitFlags(nil) 19 | _ = flag.Set("v", "3") 20 | _ = flag.Lookup("logtostderr").Value.Set("true") 21 | 22 | RegisterFailHandler(Fail) 23 | RunSpecs(t, "Azure Suite") 24 | } 25 | -------------------------------------------------------------------------------- /pkg/azure/consts.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package azure 7 | 8 | import "time" 9 | 10 | const ( 11 | retryPause = 10 * time.Second 12 | retryCount = 3 13 | maxAuthRetryCount = 10 14 | extendedRetryCount = 60 15 | ) 16 | -------------------------------------------------------------------------------- /pkg/azure/defaultazurecredential/authorizer_test.go: -------------------------------------------------------------------------------- 1 | package defaultazurecredential 2 | 3 | import ( 4 | "os" 5 | "testing" 6 | ) 7 | 8 | func TestTokenScopeFromEnvironment(t *testing.T) { 9 | scope := map[string]string{ 10 | "AZUREPUBLICCLOUD": "https://management.azure.com/.default", 11 | "AZURECHINACLOUD": "https://management.chinacloudapi.cn/.default", 12 | "AZUREUSGOVERNMENTCLOUD": "https://management.usgovcloudapi.net/.default", 13 | } 14 | 15 | for env, expectedScope := range scope { 16 | os.Setenv("AZURE_ENVIRONMENT", env) 17 | scope := tokenScopeFromEnvironment() 18 | if scope != expectedScope { 19 | t.Errorf("Expected scope %s, got %s", expectedScope, scope) 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /pkg/azure/tags/consts.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package tags 7 | 8 | // An App Gateway tag: Resources tagged with this are exclusively managed by a Kubernetes Ingress. 9 | const ( 10 | ManagedByK8sIngress = "managed-by-k8s-ingress" 11 | IngressForAKSClusterID = "ingress-for-aks-cluster-id" 12 | LastUpdatedByK8sIngress = "last-updated-by-k8s-ingress" 13 | ) 14 | -------------------------------------------------------------------------------- /pkg/brownfield/brownfield_suite_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +build unittest 7 | 8 | package brownfield 9 | 10 | import ( 11 | "flag" 12 | "testing" 13 | 14 | . "github.com/onsi/ginkgo" 15 | . "github.com/onsi/gomega" 16 | "k8s.io/klog/v2" 17 | ) 18 | 19 | func TestApplicationGatewayKubernetesIngress(t *testing.T) { 20 | klog.InitFlags(nil) 21 | _ = flag.Set("v", "5") 22 | _ = flag.Lookup("logtostderr").Value.Set("true") 23 | 24 | RegisterFailHandler(Fail) 25 | RunSpecs(t, "ApplicationGatewayKubernetesIngress Suite") 26 | } 27 | -------------------------------------------------------------------------------- /pkg/brownfield/certificates.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package brownfield 7 | 8 | import ( 9 | n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" 10 | ) 11 | 12 | type certName string 13 | type certsByName map[certName]n.ApplicationGatewaySslCertificate 14 | 15 | // MergeCerts merges list of lists of certs into a single list, maintaining uniqueness. 16 | func MergeCerts(certBuckets ...[]n.ApplicationGatewaySslCertificate) []n.ApplicationGatewaySslCertificate { 17 | uniq := make(certsByName) 18 | for _, bucket := range certBuckets { 19 | for _, cert := range bucket { 20 | uniq[certName(*cert.Name)] = cert 21 | } 22 | } 23 | merged := []n.ApplicationGatewaySslCertificate{} 24 | for _, cert := range uniq { 25 | merged = append(merged, cert) 26 | } 27 | return merged 28 | } 29 | -------------------------------------------------------------------------------- /pkg/brownfield/certificates_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package brownfield 7 | 8 | import ( 9 | . "github.com/onsi/ginkgo" 10 | . "github.com/onsi/gomega" 11 | 12 | "github.com/Azure/application-gateway-kubernetes-ingress/pkg/tests/fixtures" 13 | 14 | n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" 15 | ) 16 | 17 | var _ = Describe("Test MergeCerts", func() { 18 | Context("Test MergeCerts()", func() { 19 | It("should function as expected", func() { 20 | bucket1 := []n.ApplicationGatewaySslCertificate{ 21 | fixtures.GetCertificate1(), 22 | fixtures.GetCertificate2(), 23 | } 24 | bucket2 := []n.ApplicationGatewaySslCertificate{ 25 | fixtures.GetCertificate1(), 26 | fixtures.GetCertificate3(), 27 | } 28 | actual := MergeCerts(bucket1, bucket2) 29 | Expect(actual).To(ContainElement(fixtures.GetCertificate1())) 30 | Expect(actual).To(ContainElement(fixtures.GetCertificate2())) 31 | Expect(actual).To(ContainElement(fixtures.GetCertificate3())) 32 | }) 33 | }) 34 | }) 35 | -------------------------------------------------------------------------------- /pkg/cni/cni_suite_test.go: -------------------------------------------------------------------------------- 1 | package cni_test 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func Test(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "CNI Suite") 13 | } 14 | -------------------------------------------------------------------------------- /pkg/cni/kubenet.go: -------------------------------------------------------------------------------- 1 | package cni 2 | 3 | import ( 4 | "github.com/Azure/application-gateway-kubernetes-ingress/pkg/azure" 5 | "github.com/pkg/errors" 6 | ) 7 | 8 | func (r *Reconciler) reconcileKubenetCniIfNeeded(cpConfig *azure.CloudProviderConfig, subnetID string) error { 9 | if r.reconciledKubenetCNI { 10 | return nil 11 | } 12 | 13 | if cpConfig == nil || cpConfig.RouteTableName == "" { 14 | return nil 15 | } 16 | 17 | routeTableID := azure.RouteTableID(azure.SubscriptionID(cpConfig.SubscriptionID), azure.ResourceGroup(cpConfig.RouteTableResourceGroup), azure.ResourceName(cpConfig.RouteTableName)) 18 | if err := r.armClient.ApplyRouteTable(subnetID, routeTableID); err != nil { 19 | return errors.Wrapf(err, "Unable to associate Application Gateway subnet '%s' with route table '%s' due to error (this is relevant for AKS clusters using 'Kubenet' network plugin)", 20 | subnetID, 21 | routeTableID) 22 | } 23 | 24 | r.reconciledKubenetCNI = true 25 | return nil 26 | } 27 | -------------------------------------------------------------------------------- /pkg/controller/controller_suite_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +build unittest 7 | 8 | package controller 9 | 10 | import ( 11 | "testing" 12 | 13 | . "github.com/onsi/ginkgo" 14 | . "github.com/onsi/gomega" 15 | ) 16 | 17 | func TestController(t *testing.T) { 18 | RegisterFailHandler(Fail) 19 | RunSpecs(t, "Controller Suite") 20 | } 21 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated clientset. 20 | package versioned 21 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated fake clientset. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/scheme/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package contains the scheme of the automatically generated clientset. 20 | package scheme 21 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/azureapplicationgatewaybackendpool/v1beta1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated typed clients. 20 | package v1beta1 21 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/azureapplicationgatewaybackendpool/v1beta1/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // Package fake has the automatically generated clients. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/azureapplicationgatewaybackendpool/v1beta1/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package v1beta1 20 | 21 | type AzureApplicationGatewayBackendPoolExpansion interface{} 22 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/azureapplicationgatewayinstanceupdatestatus/v1beta1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated typed clients. 20 | package v1beta1 21 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/azureapplicationgatewayinstanceupdatestatus/v1beta1/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // Package fake has the automatically generated clients. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/azureapplicationgatewayinstanceupdatestatus/v1beta1/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package v1beta1 20 | 21 | type AzureApplicationGatewayInstanceUpdateStatusExpansion interface{} 22 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/azureapplicationgatewayrewrite/v1beta1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated typed clients. 20 | package v1beta1 21 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/azureapplicationgatewayrewrite/v1beta1/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // Package fake has the automatically generated clients. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/azureapplicationgatewayrewrite/v1beta1/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package v1beta1 20 | 21 | type AzureApplicationGatewayRewriteExpansion interface{} 22 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/azureingressprohibitedtarget/v1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated typed clients. 20 | package v1 21 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/azureingressprohibitedtarget/v1/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // Package fake has the automatically generated clients. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/azureingressprohibitedtarget/v1/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package v1 20 | 21 | type AzureIngressProhibitedTargetExpansion interface{} 22 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/loaddistributionpolicy/v1beta1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated typed clients. 20 | package v1beta1 21 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/loaddistributionpolicy/v1beta1/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // Package fake has the automatically generated clients. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/clientset/versioned/typed/loaddistributionpolicy/v1beta1/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package v1beta1 20 | 21 | type LoadDistributionPolicyExpansion interface{} 22 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/listers/azureapplicationgatewaybackendpool/v1beta1/expansion_generated.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by lister-gen. DO NOT EDIT. 18 | 19 | package v1beta1 20 | 21 | // AzureApplicationGatewayBackendPoolListerExpansion allows custom methods to be added to 22 | // AzureApplicationGatewayBackendPoolLister. 23 | type AzureApplicationGatewayBackendPoolListerExpansion interface{} 24 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/listers/azureapplicationgatewayinstanceupdatestatus/v1beta1/expansion_generated.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by lister-gen. DO NOT EDIT. 18 | 19 | package v1beta1 20 | 21 | // AzureApplicationGatewayInstanceUpdateStatusListerExpansion allows custom methods to be added to 22 | // AzureApplicationGatewayInstanceUpdateStatusLister. 23 | type AzureApplicationGatewayInstanceUpdateStatusListerExpansion interface{} 24 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/listers/azureapplicationgatewayrewrite/v1beta1/expansion_generated.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by lister-gen. DO NOT EDIT. 18 | 19 | package v1beta1 20 | 21 | // AzureApplicationGatewayRewriteListerExpansion allows custom methods to be added to 22 | // AzureApplicationGatewayRewriteLister. 23 | type AzureApplicationGatewayRewriteListerExpansion interface{} 24 | 25 | // AzureApplicationGatewayRewriteNamespaceListerExpansion allows custom methods to be added to 26 | // AzureApplicationGatewayRewriteNamespaceLister. 27 | type AzureApplicationGatewayRewriteNamespaceListerExpansion interface{} 28 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/listers/azureingressprohibitedtarget/v1/expansion_generated.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by lister-gen. DO NOT EDIT. 18 | 19 | package v1 20 | 21 | // AzureIngressProhibitedTargetListerExpansion allows custom methods to be added to 22 | // AzureIngressProhibitedTargetLister. 23 | type AzureIngressProhibitedTargetListerExpansion interface{} 24 | 25 | // AzureIngressProhibitedTargetNamespaceListerExpansion allows custom methods to be added to 26 | // AzureIngressProhibitedTargetNamespaceLister. 27 | type AzureIngressProhibitedTargetNamespaceListerExpansion interface{} 28 | -------------------------------------------------------------------------------- /pkg/crd_client/agic_crd_client/listers/loaddistributionpolicy/v1beta1/expansion_generated.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by lister-gen. DO NOT EDIT. 18 | 19 | package v1beta1 20 | 21 | // LoadDistributionPolicyListerExpansion allows custom methods to be added to 22 | // LoadDistributionPolicyLister. 23 | type LoadDistributionPolicyListerExpansion interface{} 24 | 25 | // LoadDistributionPolicyNamespaceListerExpansion allows custom methods to be added to 26 | // LoadDistributionPolicyNamespaceLister. 27 | type LoadDistributionPolicyNamespaceListerExpansion interface{} 28 | -------------------------------------------------------------------------------- /pkg/crd_client/azure_multicluster_crd_client/clientset/versioned/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated clientset. 20 | package versioned 21 | -------------------------------------------------------------------------------- /pkg/crd_client/azure_multicluster_crd_client/clientset/versioned/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated fake clientset. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/crd_client/azure_multicluster_crd_client/clientset/versioned/scheme/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package contains the scheme of the automatically generated clientset. 20 | package scheme 21 | -------------------------------------------------------------------------------- /pkg/crd_client/azure_multicluster_crd_client/clientset/versioned/typed/multiclusteringress/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated typed clients. 20 | package v1alpha1 21 | -------------------------------------------------------------------------------- /pkg/crd_client/azure_multicluster_crd_client/clientset/versioned/typed/multiclusteringress/v1alpha1/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // Package fake has the automatically generated clients. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/crd_client/azure_multicluster_crd_client/clientset/versioned/typed/multiclusteringress/v1alpha1/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | type MultiClusterIngressExpansion interface{} 22 | -------------------------------------------------------------------------------- /pkg/crd_client/azure_multicluster_crd_client/clientset/versioned/typed/multiclusterservice/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated typed clients. 20 | package v1alpha1 21 | -------------------------------------------------------------------------------- /pkg/crd_client/azure_multicluster_crd_client/clientset/versioned/typed/multiclusterservice/v1alpha1/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // Package fake has the automatically generated clients. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/crd_client/azure_multicluster_crd_client/clientset/versioned/typed/multiclusterservice/v1alpha1/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | type MultiClusterServiceExpansion interface{} 22 | -------------------------------------------------------------------------------- /pkg/crd_client/azure_multicluster_crd_client/listers/multiclusteringress/v1alpha1/expansion_generated.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by lister-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | // MultiClusterIngressListerExpansion allows custom methods to be added to 22 | // MultiClusterIngressLister. 23 | type MultiClusterIngressListerExpansion interface{} 24 | 25 | // MultiClusterIngressNamespaceListerExpansion allows custom methods to be added to 26 | // MultiClusterIngressNamespaceLister. 27 | type MultiClusterIngressNamespaceListerExpansion interface{} 28 | -------------------------------------------------------------------------------- /pkg/crd_client/azure_multicluster_crd_client/listers/multiclusterservice/v1alpha1/expansion_generated.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by lister-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | // MultiClusterServiceListerExpansion allows custom methods to be added to 22 | // MultiClusterServiceLister. 23 | type MultiClusterServiceListerExpansion interface{} 24 | 25 | // MultiClusterServiceNamespaceListerExpansion allows custom methods to be added to 26 | // MultiClusterServiceNamespaceLister. 27 | type MultiClusterServiceNamespaceListerExpansion interface{} 28 | -------------------------------------------------------------------------------- /pkg/crd_client/istio_crd_client/clientset/versioned/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated clientset. 20 | package versioned 21 | -------------------------------------------------------------------------------- /pkg/crd_client/istio_crd_client/clientset/versioned/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated fake clientset. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/crd_client/istio_crd_client/clientset/versioned/scheme/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package contains the scheme of the automatically generated clientset. 20 | package scheme 21 | -------------------------------------------------------------------------------- /pkg/crd_client/istio_crd_client/clientset/versioned/typed/istio/v1alpha3/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated typed clients. 20 | package v1alpha3 21 | -------------------------------------------------------------------------------- /pkg/crd_client/istio_crd_client/clientset/versioned/typed/istio/v1alpha3/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // Package fake has the automatically generated clients. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/crd_client/istio_crd_client/clientset/versioned/typed/istio/v1alpha3/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package v1alpha3 20 | 21 | type DestinationRuleExpansion interface{} 22 | 23 | type GatewayExpansion interface{} 24 | 25 | type VirtualServiceExpansion interface{} 26 | -------------------------------------------------------------------------------- /pkg/environment/fake.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package environment 7 | 8 | // GetFakeEnv returns fake values for defined environment variables for Ingress Controller. 9 | func GetFakeEnv() EnvVariables { 10 | env := EnvVariables{ 11 | SubscriptionID: "--SubscriptionID--", 12 | ResourceGroupName: "--ResourceGroupName--", 13 | AppGwName: "--AppGwName--", 14 | AuthLocation: "--AuthLocation--", 15 | WatchNamespace: "--WatchNamespace--", 16 | UsePrivateIP: false, 17 | VerbosityLevel: "123456789", 18 | IngressClassResourceEnabled: true, 19 | IngressClassResourceName: DefaultIngressClassResourceName, 20 | IngressClassControllerName: DefaultIngressClassController, 21 | } 22 | 23 | return env 24 | } 25 | -------------------------------------------------------------------------------- /pkg/events/events.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package events 7 | 8 | // EventType is the type of event we have received from Kubernetes 9 | type EventType int 10 | 11 | const ( 12 | // Create is a type of a Kubernetes API event. 13 | Create EventType = iota + 1 14 | 15 | // Update is a type of a Kubernetes API event. 16 | Update 17 | 18 | // Delete is a type of a Kubernetes API event. 19 | Delete 20 | 21 | // PeriodicReconcile is a event for periodically reconciling Application Gateway 22 | PeriodicReconcile 23 | ) 24 | 25 | func (e EventType) String() string { 26 | switch e { 27 | case Create: 28 | return "Create" 29 | case Update: 30 | return "Update" 31 | case Delete: 32 | return "Delete" 33 | case PeriodicReconcile: 34 | return "PeriodicReconcile" 35 | default: 36 | return "Unknown" 37 | } 38 | } 39 | 40 | // Event is the combined type and actual object we received from Kubernetes 41 | type Event struct { 42 | Type EventType 43 | Value interface{} 44 | } 45 | -------------------------------------------------------------------------------- /pkg/health/health.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package health 7 | 8 | import "net/http" 9 | 10 | // Probe is a type alias for a function. 11 | type Probe func() bool 12 | 13 | // Probes is the interface for liveness and readiness probes 14 | type Probes interface { 15 | Liveness() bool 16 | Readiness() bool 17 | } 18 | 19 | func makeHandler(probe Probe) http.Handler { 20 | return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { 21 | w.WriteHeader(map[bool]int{ 22 | true: http.StatusOK, 23 | false: http.StatusServiceUnavailable, 24 | }[probe()]) 25 | }) 26 | } 27 | 28 | // ReadinessHandler returns readiness http handlers for health 29 | func ReadinessHandler(probe Probes) http.Handler { 30 | return makeHandler(probe.Readiness) 31 | } 32 | 33 | // LivenessHandler returns readiness http handlers for health 34 | func LivenessHandler(probe Probes) http.Handler { 35 | return makeHandler(probe.Liveness) 36 | } 37 | -------------------------------------------------------------------------------- /pkg/k8s/scheme.go: -------------------------------------------------------------------------------- 1 | package k8s 2 | 3 | import ( 4 | nodenetworkconfig_v1alpha "github.com/Azure/azure-container-networking/crd/nodenetworkconfig/api/v1alpha" 5 | overlayextensionconfig_v1alpha1 "github.com/Azure/azure-container-networking/crd/overlayextensionconfig/api/v1alpha1" 6 | "k8s.io/apimachinery/pkg/runtime" 7 | ) 8 | 9 | // NewScheme builds and returns k8s schemes used by ALB Controller. 10 | func NewScheme() (*runtime.Scheme, error) { 11 | s := runtime.NewScheme() 12 | sb := runtime.SchemeBuilder{ 13 | // Azure CNI CRDs 14 | overlayextensionconfig_v1alpha1.AddToScheme, 15 | nodenetworkconfig_v1alpha.AddToScheme, 16 | } 17 | 18 | if err := sb.AddToScheme(s); err != nil { 19 | return nil, err 20 | } 21 | 22 | return s, nil 23 | } 24 | -------------------------------------------------------------------------------- /pkg/k8scontext/convert/conversion_service.go: -------------------------------------------------------------------------------- 1 | package convert 2 | 3 | import ( 4 | multiclusterservice "github.com/Azure/application-gateway-kubernetes-ingress/pkg/apis/multiclusterservice/v1alpha1" 5 | v1 "k8s.io/api/core/v1" 6 | "k8s.io/apimachinery/pkg/util/intstr" 7 | ) 8 | 9 | // FromMultiClusterService converts MutliClusterService CRD into k8s.io/api/core/v1/Service 10 | func FromMultiClusterService(gs *multiclusterservice.MultiClusterService) (*v1.Service, bool) { 11 | if gs == nil { 12 | return nil, false 13 | } 14 | v1Serv := &v1.Service{} 15 | //copy over metadata 16 | v1Serv.ObjectMeta = gs.ObjectMeta 17 | v1Serv.Labels = gs.Labels 18 | v1Serv.Annotations = gs.Annotations 19 | 20 | //copy over spec 21 | v1Serv.Spec.Selector = gs.Spec.Selector.MatchLabels 22 | for _, port := range gs.Spec.Ports { 23 | servicePort := v1.ServicePort{} 24 | servicePort.Name = port.Name 25 | servicePort.Protocol = v1.Protocol(port.Protocol) 26 | servicePort.Port = int32(port.Port) 27 | servicePort.TargetPort = intstr.IntOrString{ 28 | IntVal: int32(port.TargetPort), 29 | } 30 | v1Serv.Spec.Ports = append(v1Serv.Spec.Ports, servicePort) 31 | } 32 | 33 | v1Serv.APIVersion = v1.SchemeGroupVersion.String() 34 | v1Serv.Kind = "Service" 35 | return v1Serv, true 36 | } 37 | -------------------------------------------------------------------------------- /pkg/k8scontext/convert/conversions_suite_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +build unittest 7 | 8 | package convert 9 | 10 | import ( 11 | "flag" 12 | "testing" 13 | 14 | "github.com/onsi/ginkgo" 15 | "github.com/onsi/gomega" 16 | "k8s.io/klog/v2" 17 | ) 18 | 19 | func TestConversion(t *testing.T) { 20 | klog.InitFlags(nil) 21 | _ = flag.Set("v", "5") 22 | _ = flag.Lookup("logtostderr").Value.Set("true") 23 | 24 | gomega.RegisterFailHandler(ginkgo.Fail) 25 | ginkgo.RunSpecs(t, "Convert Suite") 26 | } 27 | -------------------------------------------------------------------------------- /pkg/k8scontext/convert/testdata/ingress-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: websocket-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/ssl-redirect: "true" 8 | spec: 9 | tls: 10 | - hosts: 11 | - host1 12 | secretName: host1-tls 13 | defaultBackend: 14 | service: 15 | name: defaultBackend 16 | port: 17 | number: 80 18 | rules: 19 | - host: host1.com 20 | http: 21 | paths: 22 | - backend: 23 | service: 24 | name: websocket-service 25 | port: 26 | number: 80 27 | 28 | - host: host2.com 29 | http: 30 | paths: 31 | - path: /store/* 32 | backend: 33 | service: 34 | name: web-service 35 | port: 36 | number: 80 37 | pathType: Prefix 38 | - path: /static/* 39 | backend: 40 | service: 41 | name: static-content-service 42 | port: 43 | name: http 44 | pathType: Prefix 45 | status: 46 | loadBalancer: 47 | ingress: 48 | - ip: 1.0.0.0 -------------------------------------------------------------------------------- /pkg/k8scontext/convert/testdata/ingress-v1beta1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: websocket-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/ssl-redirect: "true" 8 | spec: 9 | tls: 10 | - hosts: 11 | - host1 12 | secretName: host1-tls 13 | backend: 14 | serviceName: defaultBackend 15 | servicePort: 80 16 | rules: 17 | - host: host1.com 18 | http: 19 | paths: 20 | - backend: 21 | serviceName: websocket-service 22 | servicePort: 80 23 | 24 | - host: host2.com 25 | http: 26 | paths: 27 | - path: /store/* 28 | backend: 29 | serviceName: web-service 30 | servicePort: 80 31 | - path: /static/* 32 | backend: 33 | serviceName: static-content-service 34 | servicePort: http 35 | status: 36 | loadBalancer: 37 | ingress: 38 | - ip: 1.0.0.0 -------------------------------------------------------------------------------- /pkg/k8scontext/k8scontext_suite_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | //go:build unittest 7 | // +build unittest 8 | 9 | package k8scontext 10 | 11 | import ( 12 | "flag" 13 | "testing" 14 | 15 | "github.com/onsi/ginkgo/v2" 16 | "github.com/onsi/gomega" 17 | "k8s.io/klog/v2" 18 | ) 19 | 20 | func TestK8scontext(t *testing.T) { 21 | klog.InitFlags(nil) 22 | _ = flag.Set("v", "5") 23 | _ = flag.Lookup("logtostderr").Value.Set("true") 24 | 25 | gomega.RegisterFailHandler(ginkgo.Fail) 26 | ginkgo.RunSpecs(t, "K8scontext Suite") 27 | } 28 | -------------------------------------------------------------------------------- /pkg/sorter/backends.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package sorter 7 | 8 | import ( 9 | "fmt" 10 | 11 | n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" 12 | ) 13 | 14 | // ByIPFQDN is a facility to sort slices of ApplicationGatewayBackendAddress by IP, FQDN 15 | type ByIPFQDN []n.ApplicationGatewayBackendAddress 16 | 17 | func (a ByIPFQDN) Len() int { return len(a) } 18 | func (a ByIPFQDN) Swap(i, j int) { a[i], a[j] = a[j], a[i] } 19 | func (a ByIPFQDN) Less(i, j int) bool { 20 | return getIPFQDNKey(a[i]) < getIPFQDNKey(a[j]) 21 | } 22 | 23 | func getIPFQDNKey(record n.ApplicationGatewayBackendAddress) string { 24 | fqdn := "" 25 | if record.Fqdn != nil { 26 | fqdn = *record.Fqdn 27 | } 28 | ip := "" 29 | if record.IPAddress != nil { 30 | ip = *record.IPAddress 31 | } 32 | return fmt.Sprintf("%s-%s", fqdn, ip) 33 | } 34 | -------------------------------------------------------------------------------- /pkg/sorter/certificates.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package sorter 7 | 8 | import ( 9 | n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" 10 | ) 11 | 12 | // ByCertificateName is a facility to sort slices of ApplicationGatewaySslCertificate by Name 13 | type ByCertificateName []n.ApplicationGatewaySslCertificate 14 | 15 | func (a ByCertificateName) Len() int { return len(a) } 16 | func (a ByCertificateName) Swap(i, j int) { a[i], a[j] = a[j], a[i] } 17 | func (a ByCertificateName) Less(i, j int) bool { 18 | return getCertificateName(a[i]) < getCertificateName(a[j]) 19 | } 20 | 21 | func getCertificateName(cert n.ApplicationGatewaySslCertificate) string { 22 | if cert.Name == nil { 23 | return "" 24 | } 25 | return *cert.Name 26 | } 27 | -------------------------------------------------------------------------------- /pkg/sorter/frontend_ports.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package sorter 7 | 8 | import ( 9 | n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" 10 | ) 11 | 12 | // ByFrontendPortName is a facility to sort slices of ApplicationGatewayFrontendPort by Name 13 | type ByFrontendPortName []n.ApplicationGatewayFrontendPort 14 | 15 | func (a ByFrontendPortName) Len() int { return len(a) } 16 | func (a ByFrontendPortName) Swap(i, j int) { a[i], a[j] = a[j], a[i] } 17 | func (a ByFrontendPortName) Less(i, j int) bool { 18 | return getFrontendPortName(a[i]) < getFrontendPortName(a[j]) 19 | } 20 | 21 | func getFrontendPortName(port n.ApplicationGatewayFrontendPort) string { 22 | if port.Name == nil { 23 | return "" 24 | } 25 | return *port.Name 26 | } 27 | -------------------------------------------------------------------------------- /pkg/sorter/health_probes.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package sorter 7 | 8 | import ( 9 | n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" 10 | ) 11 | 12 | // ByHealthProbeName is a facility to sort slices of ApplicationGatewayProbe by Name 13 | type ByHealthProbeName []n.ApplicationGatewayProbe 14 | 15 | func (a ByHealthProbeName) Len() int { return len(a) } 16 | func (a ByHealthProbeName) Swap(i, j int) { a[i], a[j] = a[j], a[i] } 17 | func (a ByHealthProbeName) Less(i, j int) bool { 18 | return getHealthProbeName(a[i]) < getHealthProbeName(a[j]) 19 | } 20 | 21 | func getHealthProbeName(probe n.ApplicationGatewayProbe) string { 22 | if probe.Name == nil { 23 | return "" 24 | } 25 | return *probe.Name 26 | } 27 | -------------------------------------------------------------------------------- /pkg/sorter/http_settings.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package sorter 7 | 8 | import ( 9 | n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" 10 | ) 11 | 12 | // BySettingsName is a facility to sort slices of ApplicationGatewayBackendHTTPSettings by Name 13 | type BySettingsName []n.ApplicationGatewayBackendHTTPSettings 14 | 15 | func (a BySettingsName) Len() int { return len(a) } 16 | func (a BySettingsName) Swap(i, j int) { a[i], a[j] = a[j], a[i] } 17 | func (a BySettingsName) Less(i, j int) bool { 18 | return getSettingsName(a[i]) < getSettingsName(a[j]) 19 | } 20 | 21 | func getSettingsName(setting n.ApplicationGatewayBackendHTTPSettings) string { 22 | if setting.Name == nil { 23 | return "" 24 | } 25 | return *setting.Name 26 | } 27 | -------------------------------------------------------------------------------- /pkg/sorter/ingress.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package sorter 7 | 8 | import ( 9 | "fmt" 10 | 11 | networking "k8s.io/api/networking/v1" 12 | ) 13 | 14 | // ByIngressName is a facility to sort slices of Kubernetes Ingress by their UID 15 | type ByIngressName []*networking.Ingress 16 | 17 | func (a ByIngressName) Len() int { return len(a) } 18 | func (a ByIngressName) Swap(i, j int) { a[i], a[j] = a[j], a[i] } 19 | func (a ByIngressName) Less(i, j int) bool { 20 | return getIngressName(a[i]) < getIngressName(a[j]) 21 | } 22 | 23 | func getIngressName(ingress *networking.Ingress) string { 24 | return fmt.Sprintf("%s/%s", ingress.Namespace, ingress.Name) 25 | } 26 | -------------------------------------------------------------------------------- /pkg/sorter/listeners.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package sorter 7 | 8 | import ( 9 | n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" 10 | ) 11 | 12 | // ByListenerName is a facility to sort slices of ApplicationGatewayHTTPListener by Name 13 | type ByListenerName []n.ApplicationGatewayHTTPListener 14 | 15 | func (a ByListenerName) Len() int { return len(a) } 16 | func (a ByListenerName) Swap(i, j int) { a[i], a[j] = a[j], a[i] } 17 | func (a ByListenerName) Less(i, j int) bool { 18 | return getListenerName(a[i]) < getListenerName(a[j]) 19 | } 20 | 21 | func getListenerName(listener n.ApplicationGatewayHTTPListener) string { 22 | if listener.Name == nil { 23 | return "" 24 | } 25 | return *listener.Name 26 | } 27 | -------------------------------------------------------------------------------- /pkg/sorter/path_maps.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package sorter 7 | 8 | import ( 9 | n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" 10 | ) 11 | 12 | // ByPathMap is facility to sort slices of ApplicationGatewayURLPathMap by Name 13 | type ByPathMap []n.ApplicationGatewayURLPathMap 14 | 15 | func (a ByPathMap) Len() int { return len(a) } 16 | func (a ByPathMap) Swap(i, j int) { a[i], a[j] = a[j], a[i] } 17 | func (a ByPathMap) Less(i, j int) bool { 18 | return getPathMapName(a[i]) < getPathMapName(a[j]) 19 | } 20 | 21 | func getPathMapName(pathmap n.ApplicationGatewayURLPathMap) string { 22 | if pathmap.Name == nil { 23 | return "" 24 | } 25 | return *pathmap.Name 26 | } 27 | -------------------------------------------------------------------------------- /pkg/sorter/pools.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package sorter 7 | 8 | import ( 9 | n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" 10 | ) 11 | 12 | // ByBackendPoolName is a facility to sort slices of ApplicationGatewayBackendAddressPool by Name 13 | type ByBackendPoolName []n.ApplicationGatewayBackendAddressPool 14 | 15 | func (a ByBackendPoolName) Len() int { return len(a) } 16 | func (a ByBackendPoolName) Swap(i, j int) { a[i], a[j] = a[j], a[i] } 17 | func (a ByBackendPoolName) Less(i, j int) bool { 18 | return getPoolName(a[i]) < getPoolName(a[j]) 19 | } 20 | 21 | func getPoolName(pool n.ApplicationGatewayBackendAddressPool) string { 22 | if pool.Name == nil { 23 | return "" 24 | } 25 | return *pool.Name 26 | } 27 | -------------------------------------------------------------------------------- /pkg/sorter/redirects.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package sorter 7 | 8 | import ( 9 | n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" 10 | ) 11 | 12 | // ByRedirectName is a facility to sort slices of ApplicationGatewayRedirectConfiguration by Name 13 | type ByRedirectName []n.ApplicationGatewayRedirectConfiguration 14 | 15 | func (a ByRedirectName) Len() int { return len(a) } 16 | func (a ByRedirectName) Swap(i, j int) { a[i], a[j] = a[j], a[i] } 17 | func (a ByRedirectName) Less(i, j int) bool { 18 | return getRedirectName(a[i]) < getRedirectName(a[j]) 19 | } 20 | 21 | func getRedirectName(redirect n.ApplicationGatewayRedirectConfiguration) string { 22 | if redirect.Name == nil { 23 | return "" 24 | } 25 | return *redirect.Name 26 | } 27 | -------------------------------------------------------------------------------- /pkg/sorter/routing_rules.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package sorter 7 | 8 | import ( 9 | n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" 10 | ) 11 | 12 | // ByRequestRoutingRuleName is a facility to sort slices of ApplicationGatewayRequestRoutingRule by Name 13 | type ByRequestRoutingRuleName []n.ApplicationGatewayRequestRoutingRule 14 | 15 | func (a ByRequestRoutingRuleName) Len() int { return len(a) } 16 | func (a ByRequestRoutingRuleName) Swap(i, j int) { a[i], a[j] = a[j], a[i] } 17 | func (a ByRequestRoutingRuleName) Less(i, j int) bool { 18 | return getRuleName(a[i]) < getRuleName(a[j]) 19 | } 20 | 21 | func getRuleName(rule n.ApplicationGatewayRequestRoutingRule) string { 22 | if rule.Name == nil { 23 | return "" 24 | } 25 | return *rule.Name 26 | } 27 | -------------------------------------------------------------------------------- /pkg/tests/fixtures/app_gateway_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package fixtures 7 | 8 | import ( 9 | . "github.com/onsi/ginkgo" 10 | . "github.com/onsi/gomega" 11 | ) 12 | 13 | var _ = Describe("Test Fixtures", func() { 14 | Context("Testing GetAppGateway", func() { 15 | It("should work as expected", func() { 16 | actual := GetAppGateway() 17 | expected := "Certificate-1" 18 | Expect(*(*(actual.SslCertificates))[0].Name).To(Equal(expected)) 19 | }) 20 | }) 21 | }) 22 | -------------------------------------------------------------------------------- /pkg/tests/fixtures/certificates_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package fixtures 7 | 8 | import ( 9 | . "github.com/onsi/ginkgo" 10 | . "github.com/onsi/gomega" 11 | ) 12 | 13 | var _ = Describe("Test Fixtures", func() { 14 | Context("Testing GetCertificate1", func() { 15 | It("should work as expected", func() { 16 | actual := GetCertificate1() 17 | Expect(*actual.Name).To(Equal("Certificate-1")) 18 | }) 19 | }) 20 | 21 | Context("Testing GetCertificate2", func() { 22 | It("should work as expected", func() { 23 | actual := GetCertificate2() 24 | Expect(*actual.Name).To(Equal("Certificate-2")) 25 | }) 26 | }) 27 | 28 | Context("Testing GetCertificate3", func() { 29 | It("should work as expected", func() { 30 | actual := GetCertificate3() 31 | Expect(*actual.Name).To(Equal("Certificate-3")) 32 | }) 33 | }) 34 | }) 35 | -------------------------------------------------------------------------------- /pkg/tests/fixtures/fixtures_suite_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +build unittest 7 | 8 | package fixtures 9 | 10 | import ( 11 | "testing" 12 | 13 | . "github.com/onsi/ginkgo" 14 | . "github.com/onsi/gomega" 15 | ) 16 | 17 | func TestIngressTestFixtureFactories(t *testing.T) { 18 | RegisterFailHandler(Fail) 19 | RunSpecs(t, "Ingress Test Fixture Factories Suite") 20 | } 21 | -------------------------------------------------------------------------------- /pkg/tests/fixtures/frontend_ipconfiguration_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package fixtures 7 | 8 | import ( 9 | . "github.com/onsi/ginkgo" 10 | . "github.com/onsi/gomega" 11 | ) 12 | 13 | var _ = Describe("Test Fixtures", func() { 14 | Context("Testing GetPublicIPConfiguration", func() { 15 | It("should work as expected", func() { 16 | actual := GetPublicIPConfiguration() 17 | Expect(*actual.Name).To(Equal("PublicIP")) 18 | }) 19 | }) 20 | 21 | Context("Testing GetPrivateIPConfiguration", func() { 22 | It("should work as expected", func() { 23 | actual := GetPrivateIPConfiguration() 24 | Expect(*actual.Name).To(Equal("PrivateIP")) 25 | }) 26 | }) 27 | }) 28 | -------------------------------------------------------------------------------- /pkg/tests/fixtures/http_settings_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package fixtures 7 | 8 | import ( 9 | . "github.com/onsi/ginkgo" 10 | . "github.com/onsi/gomega" 11 | ) 12 | 13 | var _ = Describe("Test Fixtures", func() { 14 | Context("Testing GetHTTPSettings1", func() { 15 | It("should work as expected", func() { 16 | actual := GetHTTPSettings1() 17 | Expect(*actual.Name).To(Equal("BackendHTTPSettings-1")) 18 | }) 19 | }) 20 | 21 | Context("Testing GetHTTPSettings2", func() { 22 | It("should work as expected", func() { 23 | actual := GetHTTPSettings2() 24 | Expect(*actual.Name).To(Equal("BackendHTTPSettings-2")) 25 | }) 26 | }) 27 | 28 | Context("Testing GetHTTPSettings3", func() { 29 | It("should work as expected", func() { 30 | actual := GetHTTPSettings3() 31 | Expect(*actual.Name).To(Equal("BackendHTTPSettings-3")) 32 | }) 33 | }) 34 | }) 35 | -------------------------------------------------------------------------------- /pkg/tests/fixtures/ingress_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package fixtures 7 | 8 | import ( 9 | "github.com/Azure/application-gateway-kubernetes-ingress/pkg/annotations" 10 | . "github.com/onsi/ginkgo" 11 | . "github.com/onsi/gomega" 12 | ) 13 | 14 | var _ = Describe("Test Fixtures", func() { 15 | Context("Testing GetIngress", func() { 16 | It("should work as expected", func() { 17 | actual := GetIngress() 18 | Expect(actual.Spec.Rules[0].Host).To(Equal("foo.baz")) 19 | }) 20 | }) 21 | 22 | Context("Testing GetIngress with Priority", func() { 23 | It("should work as expected", func() { 24 | actual := GetIngressWithPriority() 25 | Expect(actual.Spec.Rules[0].Host).To(Equal("foo.baz")) 26 | Expect(actual.ObjectMeta.Annotations[annotations.RequestRoutingRulePriority]).To(Equal("100")) 27 | }) 28 | }) 29 | }) 30 | -------------------------------------------------------------------------------- /pkg/tests/fixtures/ips.go: -------------------------------------------------------------------------------- 1 | package fixtures 2 | 3 | const ( 4 | // DefaultIPName is a string constant. 5 | DefaultIPName = "appGatewayFrontendIP" 6 | ) 7 | -------------------------------------------------------------------------------- /pkg/tests/fixtures/pools_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package fixtures 7 | 8 | import ( 9 | . "github.com/onsi/ginkgo" 10 | . "github.com/onsi/gomega" 11 | ) 12 | 13 | var _ = Describe("Test Fixtures", func() { 14 | Context("Testing GetDefaultBackendPool", func() { 15 | It("should work as expected", func() { 16 | actual := GetDefaultBackendPool() 17 | Expect(*actual.Name).To(Equal("defaultaddresspool")) 18 | }) 19 | }) 20 | 21 | Context("Testing GetBackendPool1", func() { 22 | It("should work as expected", func() { 23 | actual := GetBackendPool1() 24 | Expect(*actual.Name).To(Equal("BackendAddressPool-1")) 25 | }) 26 | }) 27 | 28 | Context("Testing GetBackendPool2", func() { 29 | It("should work as expected", func() { 30 | actual := GetBackendPool2() 31 | Expect(*actual.Name).To(Equal("BackendAddressPool-2")) 32 | }) 33 | }) 34 | 35 | Context("Testing GetBackendPool3", func() { 36 | It("should work as expected", func() { 37 | actual := GetBackendPool3() 38 | Expect(*actual.Name).To(Equal("BackendAddressPool-3")) 39 | }) 40 | }) 41 | }) 42 | -------------------------------------------------------------------------------- /pkg/tests/fixtures/ports_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package fixtures 7 | 8 | import ( 9 | . "github.com/onsi/ginkgo" 10 | . "github.com/onsi/gomega" 11 | ) 12 | 13 | var _ = Describe("Test Fixtures", func() { 14 | Context("Testing GetDefaultPort", func() { 15 | It("should work as expected", func() { 16 | actual := GetDefaultPort() 17 | expected := "fp-80" 18 | Expect(*actual.Name).To(Equal(expected)) 19 | }) 20 | }) 21 | }) 22 | -------------------------------------------------------------------------------- /pkg/tests/fixtures/probes_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package fixtures 7 | 8 | import ( 9 | . "github.com/onsi/ginkgo" 10 | . "github.com/onsi/gomega" 11 | ) 12 | 13 | var _ = Describe("Test Fixtures", func() { 14 | Context("Testing GetApplicationGatewayProbe", func() { 15 | It("should work as expected", func() { 16 | host := "host" 17 | path := "path" 18 | actual := GetApplicationGatewayProbe(&host, &path) 19 | expected := "probe-name-aG9zdA-cGF0aA" 20 | Expect(*actual.Name).To(Equal(expected)) 21 | }) 22 | }) 23 | }) 24 | -------------------------------------------------------------------------------- /pkg/tests/fixtures/ssl_profile.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package fixtures 7 | 8 | import ( 9 | n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" 10 | "github.com/Azure/go-autorest/autorest/to" 11 | ) 12 | 13 | const ( 14 | // CertificateName1 is a string constant. 15 | SslProfileName1 = "hardend-tls" 16 | ) 17 | 18 | // GetSslProfile1 generates a certificate. 19 | func GetSslProfile1() n.ApplicationGatewaySslProfile { 20 | return n.ApplicationGatewaySslProfile{ 21 | Name: to.StringPtr(SslProfileName1), 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /pkg/tests/fixtures/ssl_profile_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package fixtures 7 | 8 | import ( 9 | . "github.com/onsi/ginkgo" 10 | . "github.com/onsi/gomega" 11 | ) 12 | 13 | var _ = Describe("Test Fixtures", func() { 14 | Context("Testing GetSslProfile1", func() { 15 | It("should work as expected", func() { 16 | actual := GetSslProfile1() 17 | Expect(*actual.Name).To(Equal("hardend-tls")) 18 | }) 19 | }) 20 | }) 21 | -------------------------------------------------------------------------------- /pkg/tests/fixtures/targets_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package fixtures 7 | 8 | import ( 9 | . "github.com/onsi/ginkgo" 10 | . "github.com/onsi/gomega" 11 | ) 12 | 13 | var _ = Describe("Test Fixtures", func() { 14 | Context("Testing GetAzureIngressProhibitedTargets", func() { 15 | It("should work as expected", func() { 16 | actual := GetAzureIngressProhibitedTargets() 17 | expected := "bye.com" 18 | Expect(actual[0].Spec.Hostname).To(Equal(expected)) 19 | }) 20 | }) 21 | }) 22 | -------------------------------------------------------------------------------- /pkg/tests/ingress-complex.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: websocket-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/ssl-redirect: "true" 8 | spec: 9 | tls: 10 | - hosts: 11 | - ws.contoso.com 12 | secretName: testsecret-tls 13 | rules: 14 | - host: ws.contoso.com 15 | http: 16 | paths: 17 | - backend: 18 | service: 19 | name: websocket-service 20 | port: 21 | number: 80 22 | 23 | - host: ftp.contoso.com 24 | http: 25 | paths: 26 | - path: / 27 | backend: 28 | service: 29 | name: websocket-service 30 | port: 31 | number: 80 32 | pathType: Exact 33 | 34 | - host: www.contoso.com 35 | http: 36 | paths: 37 | - path: /store/* 38 | backend: 39 | service: 40 | name: web-service 41 | port: 42 | number: 80 43 | pathType: Prefix 44 | - path: /static/* 45 | backend: 46 | service: 47 | name: static-content-service 48 | port: 49 | number: 8765 50 | pathType: Prefix 51 | -------------------------------------------------------------------------------- /pkg/tests/ingress-namespace-1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-coffeeshop 5 | namespace: store-ns 6 | spec: 7 | tls: 8 | - hosts: 9 | - cafe.contoso.com 10 | secretName: secret-token-nj3gy 11 | rules: 12 | - host: cafe.contoso.com 13 | http: 14 | paths: 15 | - path: /greentea 16 | backend: 17 | service: 18 | name: tea-shop-service 19 | port: 20 | number: 80 21 | pathType: Exact 22 | - path: /blackcoffee 23 | backend: 24 | service: 25 | name: coffe-shop-service 26 | port: 27 | number: 80 28 | pathType: Exact 29 | -------------------------------------------------------------------------------- /pkg/tests/ingress-namespace-2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-roastery 5 | namespace: factory-ns 6 | spec: 7 | tls: 8 | - hosts: 9 | - cafe.contoso.com 10 | secretName: secret-token-ath3x 11 | rules: 12 | - host: cafe.contoso.com 13 | http: 14 | paths: 15 | - path: / 16 | backend: 17 | service: 18 | name: roastery-service 19 | port: 20 | number: 80 21 | pathType: Exact 22 | -------------------------------------------------------------------------------- /pkg/tests/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: websocket-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/ssl-redirect: "true" 8 | spec: 9 | rules: 10 | - host: ws.contoso.com 11 | http: 12 | paths: 13 | - path: / 14 | backend: 15 | service: 16 | name: websocket-service 17 | port: 18 | number: 80 19 | pathType: Exact 20 | -------------------------------------------------------------------------------- /pkg/tests/mocks/clock.go: -------------------------------------------------------------------------------- 1 | package mocks 2 | 3 | import ( 4 | "time" 5 | ) 6 | 7 | // Clock is a custom implementation of Time. 8 | type Clock struct{} 9 | 10 | // Now is a static never changing Time. 11 | func (Clock) Now() time.Time { 12 | return time.Date(2009, 11, 17, 20, 34, 58, 651387237, time.UTC) 13 | } 14 | 15 | // After is what it was before. 16 | func (Clock) After(d time.Duration) <-chan time.Time { return time.After(d) } 17 | -------------------------------------------------------------------------------- /pkg/tests/mocks/logger.go: -------------------------------------------------------------------------------- 1 | package mocks 2 | 3 | import "strings" 4 | 5 | // MockLogger is a struct, which allows mocking of the logging facility. 6 | type MockLogger struct { 7 | // LogLines is the string list, where we accumulate log lines. 8 | LogLines []string 9 | } 10 | 11 | // Info emits a log line. 12 | func (m *MockLogger) Info(args ...interface{}) { 13 | var stringArgs []string 14 | for _, arg := range args { 15 | stringArgs = append(stringArgs, arg.(string)) 16 | } 17 | m.LogLines = append(m.LogLines, strings.Join(stringArgs, "_")) 18 | } 19 | -------------------------------------------------------------------------------- /pkg/utils/retry.go: -------------------------------------------------------------------------------- 1 | package utils 2 | 3 | import ( 4 | "time" 5 | 6 | "k8s.io/klog/v2" 7 | ) 8 | 9 | // Retriable is returned by RetriableFunction and tells whether to retry the function or not. 10 | type Retriable bool 11 | 12 | // RetriableFunction is function that can be retried 13 | type RetriableFunction func() (Retriable, error) 14 | 15 | // Retry retries retriableFunction for totalRetryCount times with a gap of retryPause. 16 | // if retriableFunction returns boolean as false, then Retry will not retry and return error 17 | // if retriableFunction returns boolean as true, then Retry will retry if fn returned an error 18 | // if totalRetryCount is -1, then retry happen forever until one of the two above conditions are satisfied. 19 | func Retry(totalRetryCount int, retryPause time.Duration, retriableFunction RetriableFunction) (err error) { 20 | retryCounter := 0 21 | retry := Retriable(true) 22 | for { 23 | retry, err = retriableFunction() 24 | if err == nil || !retry { 25 | break 26 | } 27 | 28 | retryCounter++ 29 | if totalRetryCount != -1 && retryCounter >= totalRetryCount { 30 | break 31 | } 32 | 33 | klog.Infof("Retrying in %s", retryPause) 34 | time.Sleep(retryPause) 35 | } 36 | return 37 | } 38 | -------------------------------------------------------------------------------- /pkg/version/version.go: -------------------------------------------------------------------------------- 1 | package version 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | ) 7 | 8 | // BuildDate is the date when the binary was built 9 | var BuildDate string 10 | 11 | // GitCommit is the commit hash when the binary was built 12 | var GitCommit string 13 | 14 | // Version is the version of the compiled software 15 | var Version string 16 | 17 | // PrintVersionAndExit prints the version and exits 18 | func PrintVersionAndExit() { 19 | fmt.Printf("Version: %s; Commit: %s; Date: %s\n", Version, GitCommit, BuildDate) 20 | os.Exit(0) 21 | } 22 | -------------------------------------------------------------------------------- /pkg/worker/fake.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package worker 7 | 8 | import ( 9 | "github.com/Azure/application-gateway-kubernetes-ingress/pkg/events" 10 | ) 11 | 12 | // FakeEventProcessor is fake event processor type 13 | type FakeEventProcessor struct { 14 | processEventCallBack func(event events.Event) error 15 | } 16 | 17 | // ProcessEvent will invoke the callback provided 18 | func (fp FakeEventProcessor) ProcessEvent(event events.Event) error { 19 | return fp.processEventCallBack(event) 20 | } 21 | 22 | // ShouldProcess will return true 23 | func (fp FakeEventProcessor) ShouldProcess(event events.Event) (bool, *string) { 24 | return true, nil 25 | } 26 | 27 | // NewFakeProcessor returns a fake processor struct. 28 | func NewFakeProcessor(processEvent func(event events.Event) error) FakeEventProcessor { 29 | return FakeEventProcessor{ 30 | processEventCallBack: processEvent, 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /pkg/worker/types.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | package worker 7 | 8 | import ( 9 | "github.com/Azure/application-gateway-kubernetes-ingress/pkg/events" 10 | ) 11 | 12 | // EventProcessor provides a mechanism to act on events in the internal queue. 13 | type EventProcessor interface { 14 | ProcessEvent(events.Event) error 15 | ShouldProcess(events.Event) (bool, *string) 16 | } 17 | 18 | // Worker listens to the eventChannel and runs the EventProcessor.MutateAppGateway and MutateAKS 19 | // for each event. 20 | type Worker struct { 21 | EventProcessor 22 | } 23 | -------------------------------------------------------------------------------- /pkg/worker/worker_suite_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +build unittest 7 | 8 | package worker_test 9 | 10 | import ( 11 | "testing" 12 | 13 | . "github.com/onsi/ginkgo" 14 | . "github.com/onsi/gomega" 15 | ) 16 | 17 | func TestWorker(t *testing.T) { 18 | RegisterFailHandler(Fail) 19 | RunSpecs(t, "Worker Suite") 20 | } 21 | -------------------------------------------------------------------------------- /scripts/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "Logging into docker...." 3 | echo "$DOCKER_PASSWORD" | docker login $ACR_REGISTRY -u "$DOCKER_USERNAME" --password-stdin 4 | echo "Login successful. Getting ready to deploy." 5 | 6 | set -x 7 | pushd $TRAVIS_BUILD_DIR/build 8 | cmake --build . --target dockerpush 9 | popd 10 | set +x -------------------------------------------------------------------------------- /scripts/e2e/README.md: -------------------------------------------------------------------------------- 1 | # AGIC E2E 2 | AGIC E2E consists of two scenarios, MFU, Most Frequently Use, and LFU, Least Frequently Use. 3 | For each of the scenario, test cases are organized in a way that how ingress is defined with namespace: 4 | - One Namespace One Ingress, 1N1I 5 | - One Namespace Many Ingresses, 1NMI 6 | 7 | One scenario can have multiple test suites, and one test suite can have multiple test cases. 8 | 9 | for example, Test Suite or context "One Namespace One Ingress" defines a Test case or Spec "ssl-e2e-redirect", the test case deploys one ingress in a namespace. 10 | ```bash 11 | // scenario 12 | var _ = Describe("MFU", func() { 13 | var ( 14 | clientset *kubernetes.Clientset 15 | crdClient *versioned.Clientset 16 | err error 17 | ) 18 | // test suite, 1N1I 19 | Context("One Namespace One Ingress", func() { 20 | BeforeEach(func() { 21 | clientset, crdClient, err = getClients() 22 | Expect(err).To(BeNil()) 23 | cleanUp(clientset) 24 | }) 25 | 26 | // test case 27 | It("[ssl-e2e-redirect] ssl termination and ssl redirect to https backend should work", func() { 28 | ... 29 | }) 30 | ... 31 | }) 32 | } 33 | ``` -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/runner_test.go: -------------------------------------------------------------------------------- 1 | // ------------------------------------------------------------------------------------------- 2 | // Copyright (c) Microsoft Corporation. All rights reserved. 3 | // Licensed under the MIT License. See License.txt in the project root for license information. 4 | // -------------------------------------------------------------------------------------------- 5 | 6 | // +build e2e e2eingressclass 7 | 8 | package runner 9 | 10 | import ( 11 | "testing" 12 | 13 | . "github.com/onsi/ginkgo" 14 | "github.com/onsi/ginkgo/reporters" 15 | . "github.com/onsi/gomega" 16 | ) 17 | 18 | func TestE2E(t *testing.T) { 19 | RegisterFailHandler(Fail) 20 | junitReporter := reporters.NewJUnitReporter("report.xml") 21 | RunSpecsWithDefaultAndCustomReporters(t, "AGIC-E2E", []Reporter{junitReporter}) 22 | } 23 | -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-many-ingresses/fifty-ingresses-with-services/README.md: -------------------------------------------------------------------------------- 1 | Inspired by this: https://github.com/Azure/application-gateway-kubernetes-ingress/issues/528 2 | -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-many-ingresses/fifty-ingresses-with-services/app/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0.0" 3 | description: This is a test app 4 | name: sample-http-bin-app 5 | version: 1.0.0 -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-many-ingresses/fifty-ingresses-with-services/generate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -x 3 | 4 | helm template ./app/ > generated.yaml -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-many-ingresses/three-ingresses-slash-sth/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -auexo pipefail 4 | 5 | kubectl create namespace e2e-three-ings || true 6 | 7 | kubectl apply -f app.yaml -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/container-readiness-probe/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -auexo pipefail 4 | 5 | echo -e "The goal of this is to ensure health probe is generated from container readiness probe and backend should be removed when the probe is unhealthy" 6 | 7 | for ns in e2e-probe1 e2e-probe2; do 8 | kubectl create namespace "${ns}" || true 9 | 10 | kubectl apply -f app.yaml -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/empty-secret/app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: backend-deployment 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: app 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | app: app 14 | spec: 15 | containers: 16 | - name: backendapp 17 | imagePullPolicy: Always 18 | image: docker.io/kennethreitz/httpbin 19 | ports: 20 | - containerPort: 80 21 | --- 22 | apiVersion: v1 23 | kind: Service 24 | metadata: 25 | name: backend-service 26 | spec: 27 | selector: 28 | app: app 29 | ports: 30 | - protocol: TCP 31 | port: 80 32 | targetPort: 80 33 | --- 34 | apiVersion: extensions/v1beta1 35 | kind: Ingress 36 | metadata: 37 | name: ingress 38 | annotations: 39 | kubernetes.io/ingress.class: azure/application-gateway 40 | spec: 41 | tls: 42 | - secretName: testsecret-tls 43 | hosts: 44 | - example.com 45 | rules: 46 | - host: example.com 47 | http: 48 | paths: 49 | - path: / 50 | backend: 51 | serviceName: backend-service 52 | servicePort: 80 53 | -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/empty-secret/empty-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: testsecret-tls 5 | type: kubernetes.io/tls 6 | data: 7 | tls.crt: "" 8 | tls.key: "" -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/empty-secret/populated-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: testsecret-tls 5 | type: kubernetes.io/tls 6 | data: 7 | tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJEVENCdEFJSkFLWTlOYkJMVjlJTE1Bb0dDQ3FHU000OUJBTUNNQTh4RFRBTEJnTlZCQU1NQkhSbGMzUXcKSGhjTk1qQXdOVEU0TWpFeU1UUXpXaGNOTWpFd05URTRNakV5TVRReldqQVBNUTB3Q3dZRFZRUUREQVIwWlhOMApNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUU2eHlzV0lhZUFkenYveXdUNTl5NDNreXppUGViCmMvaEpLOCt1Nm9uMmtOYjJpZ2tuTDZndU9PYWxsamQxOVB1dTYwYmh4aEpobGJpcHpBcWZCcFYzYnpBS0JnZ3EKaGtqT1BRUURBZ05JQURCRkFpRUFzbGNmNjNId0hxUDZoMHJTdjg3TXlBRVVoWmRoUlNZdm5sMGQyazRxZGtZQwpJRG1qNWdDcFAzTldmZWRVZHh6bTlsOEtxRUl2c1VxL1hXYWxUODhTWitWQQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 8 | tls.key: LS0tLS1CRUdJTiBFQyBQQVJBTUVURVJTLS0tLS0KQmdncWhrak9QUU1CQnc9PQotLS0tLUVORCBFQyBQQVJBTUVURVJTLS0tLS0KLS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUdQeE1qSytnOEd1dWhlMW1PQUZHY1V3V09xdHZRbjZCTHBQZVJGUTZUNHhvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNnh5c1dJYWVBZHp2L3l3VDU5eTQza3l6aVBlYmMvaEpLOCt1Nm9uMmtOYjJpZ2tuTDZndQpPT2FsbGpkMTlQdXU2MGJoeGhKaGxiaXB6QXFmQnBWM2J3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/health-probe-configurations/probe-path-bad.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: test-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/health-probe-path: "/statuss/200" 8 | appgw.ingress.kubernetes.io/health-probe-interval: "1" 9 | appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold: "3" 10 | appgw.ingress.kubernetes.io/health-probe-timeout: "1" 11 | spec: 12 | rules: 13 | - http: 14 | paths: 15 | - path: /status/* 16 | backend: 17 | serviceName: test-service 18 | servicePort: 80 -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/health-probe-configurations/probe-path-good.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: test-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/health-probe-path: "/status/200" 8 | appgw.ingress.kubernetes.io/health-probe-interval: "1" 9 | appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold: "3" 10 | appgw.ingress.kubernetes.io/health-probe-timeout: "1" 11 | spec: 12 | rules: 13 | - http: 14 | paths: 15 | - path: /status/* 16 | backend: 17 | serviceName: test-service 18 | servicePort: 80 -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/health-probe-configurations/probe-port-bad.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: test-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/health-probe-port: "81" 8 | appgw.ingress.kubernetes.io/health-probe-interval: "1" 9 | appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold: "3" 10 | appgw.ingress.kubernetes.io/health-probe-timeout: "1" 11 | spec: 12 | rules: 13 | - http: 14 | paths: 15 | - path: /status/* 16 | backend: 17 | serviceName: test-service 18 | servicePort: 80 -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/health-probe-configurations/probe-port-good.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: test-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/health-probe-port: "80" 8 | appgw.ingress.kubernetes.io/health-probe-interval: "1" 9 | appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold: "3" 10 | appgw.ingress.kubernetes.io/health-probe-timeout: "1" 11 | spec: 12 | rules: 13 | - http: 14 | paths: 15 | - path: /status/* 16 | backend: 17 | serviceName: test-service 18 | servicePort: 80 -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/health-probe-configurations/probe-status-bad.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: test-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/health-probe-status-codes: "201" 8 | appgw.ingress.kubernetes.io/health-probe-interval: "1" 9 | appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold: "3" 10 | appgw.ingress.kubernetes.io/health-probe-timeout: "1" 11 | spec: 12 | rules: 13 | - http: 14 | paths: 15 | - path: /status/* 16 | backend: 17 | serviceName: test-service 18 | servicePort: 80 -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/health-probe-configurations/probe-status-good.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: test-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/health-probe-status-codes: "200" 8 | appgw.ingress.kubernetes.io/health-probe-interval: "1" 9 | appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold: "3" 10 | appgw.ingress.kubernetes.io/health-probe-timeout: "1" 11 | spec: 12 | rules: 13 | - http: 14 | paths: 15 | - path: /status/* 16 | backend: 17 | serviceName: test-service 18 | servicePort: 80 -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/ssl-e2e-redirect/README.md: -------------------------------------------------------------------------------- 1 | To add the root certificate to app gateway, use 2 | 3 | ``` 4 | az network application-gateway root-cert create -n test --cert-file test.crt --gateway-name --resource-group 5 | ``` 6 | 7 | To generate a new self-signed certificate: 8 | ``` 9 | openssl ecparam -out test.key -name prime256v1 -genkey 10 | openssl req -new -sha256 -key test.key -out test.csr -subj "/CN=test" 11 | openssl x509 -req -sha256 -days 365 -in test.csr -signkey test.key -out test.crt 12 | ``` 13 | 14 | If you are using a different certificate, don't forget to update the tls secret in the app.yaml. 15 | -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/ssl-e2e-redirect/probe-hostname-bad.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ssl-redirect-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/health-probe-hostname: localhostx 8 | appgw.ingress.kubernetes.io/ssl-redirect: "true" 9 | appgw.ingress.kubernetes.io/backend-hostname: "test" 10 | appgw.ingress.kubernetes.io/appgw-trusted-root-certificate: "test" 11 | appgw.ingress.kubernetes.io/waf-policy-for-path : "/subscriptions/2ce9a29e-219e-422b-b9f8-5c5e54d5439e/resourceGroups/agic-e2e/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/waf-policy" 12 | spec: 13 | tls: 14 | - secretName: testsecret-tls 15 | rules: 16 | - http: 17 | paths: 18 | - path: /index.html 19 | backend: 20 | serviceName: ssl-redirect-service 21 | servicePort: 443 22 | - path: /* 23 | backend: 24 | serviceName: ssl-redirect-service 25 | servicePort: 443 -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/ssl-e2e-redirect/probe-hostname-good.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ssl-redirect-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/ssl-redirect: "true" 8 | appgw.ingress.kubernetes.io/backend-hostname: "test" 9 | appgw.ingress.kubernetes.io/appgw-trusted-root-certificate: "test" 10 | appgw.ingress.kubernetes.io/waf-policy-for-path : "/subscriptions/2ce9a29e-219e-422b-b9f8-5c5e54d5439e/resourceGroups/agic-e2e/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/waf-policy" 11 | spec: 12 | tls: 13 | - secretName: testsecret-tls 14 | rules: 15 | - http: 16 | paths: 17 | - path: /index.html 18 | backend: 19 | serviceName: ssl-redirect-service 20 | servicePort: 443 21 | - path: /* 22 | backend: 23 | serviceName: ssl-redirect-service 24 | servicePort: 443 -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/ssl-e2e-redirect/test.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIBDTCBtAIJAKY9NbBLV9ILMAoGCCqGSM49BAMCMA8xDTALBgNVBAMMBHRlc3Qw 3 | HhcNMjAwNTE4MjEyMTQzWhcNMjEwNTE4MjEyMTQzWjAPMQ0wCwYDVQQDDAR0ZXN0 4 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6xysWIaeAdzv/ywT59y43kyziPeb 5 | c/hJK8+u6on2kNb2igknL6guOOalljd19Puu60bhxhJhlbipzAqfBpV3bzAKBggq 6 | hkjOPQQDAgNIADBFAiEAslcf63HwHqP6h0rSv87MyAEUhZdhRSYvnl0d2k4qdkYC 7 | IDmj5gCpP3NWfedUdxzm9l8KqEIvsUq/XWalT88SZ+VA 8 | -----END CERTIFICATE----- 9 | -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/extensions-v1beta1/one-namespace-one-ingress/three-namespaces/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -auexo pipefail 4 | 5 | echo -e "The goal of this is to ensure that containers with the same probel and same labels in 3 different namespaces have unique and working health probes" 6 | 7 | for ns in e2e-ns-x e2e-ns-y e2e-ns-z; do 8 | kubectl create namespace "${ns}" || true 9 | 10 | kubectl apply -f app.yaml -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-many-ingresses/fifty-ingresses-with-services/README.md: -------------------------------------------------------------------------------- 1 | Inspired by this: https://github.com/Azure/application-gateway-kubernetes-ingress/issues/528 2 | -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-many-ingresses/fifty-ingresses-with-services/app/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0.0" 3 | description: This is a test app 4 | name: sample-http-bin-app 5 | version: 1.0.0 -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-many-ingresses/fifty-ingresses-with-services/generate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -x 3 | 4 | helm template ./app/ > generated.yaml -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-many-ingresses/three-ingresses-slash-sth/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -auexo pipefail 4 | 5 | kubectl create namespace e2e-three-ings || true 6 | 7 | kubectl apply -f app.yaml -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/container-readiness-probe/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -auexo pipefail 4 | 5 | echo -e "The goal of this is to ensure health probe is generated from container readiness probe and backend should be removed when the probe is unhealthy" 6 | 7 | for ns in e2e-probe1 e2e-probe2; do 8 | kubectl create namespace "${ns}" || true 9 | 10 | kubectl apply -f app.yaml -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/empty-secret/app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: backend-deployment 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: app 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | app: app 14 | spec: 15 | containers: 16 | - name: backendapp 17 | imagePullPolicy: Always 18 | image: docker.io/kennethreitz/httpbin 19 | ports: 20 | - containerPort: 80 21 | --- 22 | apiVersion: v1 23 | kind: Service 24 | metadata: 25 | name: backend-service 26 | spec: 27 | selector: 28 | app: app 29 | ports: 30 | - protocol: TCP 31 | port: 80 32 | targetPort: 80 33 | --- 34 | apiVersion: networking.k8s.io/v1 35 | kind: Ingress 36 | metadata: 37 | name: ingress 38 | annotations: 39 | kubernetes.io/ingress.class: azure/application-gateway 40 | spec: 41 | tls: 42 | - secretName: testsecret-tls 43 | hosts: 44 | - example.com 45 | rules: 46 | - host: example.com 47 | http: 48 | paths: 49 | - path: / 50 | backend: 51 | service: 52 | name: backend-service 53 | port: 54 | number: 80 55 | pathType: Exact 56 | -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/empty-secret/empty-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: testsecret-tls 5 | type: kubernetes.io/tls 6 | data: 7 | tls.crt: "" 8 | tls.key: "" -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/empty-secret/populated-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: testsecret-tls 5 | type: kubernetes.io/tls 6 | data: 7 | tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJEVENCdEFJSkFLWTlOYkJMVjlJTE1Bb0dDQ3FHU000OUJBTUNNQTh4RFRBTEJnTlZCQU1NQkhSbGMzUXcKSGhjTk1qQXdOVEU0TWpFeU1UUXpXaGNOTWpFd05URTRNakV5TVRReldqQVBNUTB3Q3dZRFZRUUREQVIwWlhOMApNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUU2eHlzV0lhZUFkenYveXdUNTl5NDNreXppUGViCmMvaEpLOCt1Nm9uMmtOYjJpZ2tuTDZndU9PYWxsamQxOVB1dTYwYmh4aEpobGJpcHpBcWZCcFYzYnpBS0JnZ3EKaGtqT1BRUURBZ05JQURCRkFpRUFzbGNmNjNId0hxUDZoMHJTdjg3TXlBRVVoWmRoUlNZdm5sMGQyazRxZGtZQwpJRG1qNWdDcFAzTldmZWRVZHh6bTlsOEtxRUl2c1VxL1hXYWxUODhTWitWQQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 8 | tls.key: LS0tLS1CRUdJTiBFQyBQQVJBTUVURVJTLS0tLS0KQmdncWhrak9QUU1CQnc9PQotLS0tLUVORCBFQyBQQVJBTUVURVJTLS0tLS0KLS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUdQeE1qSytnOEd1dWhlMW1PQUZHY1V3V09xdHZRbjZCTHBQZVJGUTZUNHhvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNnh5c1dJYWVBZHp2L3l3VDU5eTQza3l6aVBlYmMvaEpLOCt1Nm9uMmtOYjJpZ2tuTDZndQpPT2FsbGpkMTlQdXU2MGJoeGhKaGxiaXB6QXFmQnBWM2J3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/health-probe-configurations/probe-path-bad.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: test-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/health-probe-path: "/statuss/200" 8 | appgw.ingress.kubernetes.io/health-probe-interval: "1" 9 | appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold: "3" 10 | appgw.ingress.kubernetes.io/health-probe-timeout: "1" 11 | spec: 12 | rules: 13 | - http: 14 | paths: 15 | - path: /status/* 16 | backend: 17 | service: 18 | name: test-service 19 | port: 20 | number: 80 21 | pathType: Prefix -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/health-probe-configurations/probe-path-good.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: test-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/health-probe-path: "/status/200" 8 | appgw.ingress.kubernetes.io/health-probe-interval: "1" 9 | appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold: "3" 10 | appgw.ingress.kubernetes.io/health-probe-timeout: "1" 11 | spec: 12 | rules: 13 | - http: 14 | paths: 15 | - path: /status/* 16 | backend: 17 | service: 18 | name: test-service 19 | port: 20 | number: 80 21 | pathType: Prefix -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/health-probe-configurations/probe-port-bad.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: test-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/health-probe-port: "81" 8 | appgw.ingress.kubernetes.io/health-probe-interval: "1" 9 | appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold: "3" 10 | appgw.ingress.kubernetes.io/health-probe-timeout: "1" 11 | spec: 12 | rules: 13 | - http: 14 | paths: 15 | - path: /status/* 16 | backend: 17 | service: 18 | name: test-service 19 | port: 20 | number: 80 21 | pathType: Prefix -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/health-probe-configurations/probe-port-good.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: test-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/health-probe-port: "80" 8 | appgw.ingress.kubernetes.io/health-probe-interval: "1" 9 | appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold: "3" 10 | appgw.ingress.kubernetes.io/health-probe-timeout: "1" 11 | spec: 12 | rules: 13 | - http: 14 | paths: 15 | - path: /status/* 16 | backend: 17 | service: 18 | name: test-service 19 | port: 20 | number: 80 21 | pathType: Prefix -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/health-probe-configurations/probe-status-bad.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: test-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/health-probe-status-codes: "201" 8 | appgw.ingress.kubernetes.io/health-probe-interval: "1" 9 | appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold: "3" 10 | appgw.ingress.kubernetes.io/health-probe-timeout: "1" 11 | spec: 12 | rules: 13 | - http: 14 | paths: 15 | - path: /status/* 16 | backend: 17 | service: 18 | name: test-service 19 | port: 20 | number: 80 21 | pathType: Prefix -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/health-probe-configurations/probe-status-good.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: test-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/health-probe-status-codes: "200" 8 | appgw.ingress.kubernetes.io/health-probe-interval: "1" 9 | appgw.ingress.kubernetes.io/health-probe-unhealthy-threshold: "3" 10 | appgw.ingress.kubernetes.io/health-probe-timeout: "1" 11 | spec: 12 | rules: 13 | - http: 14 | paths: 15 | - path: /status/* 16 | backend: 17 | service: 18 | name: test-service 19 | port: 20 | number: 80 21 | pathType: Prefix -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/ingress-class-resource/other-ingress-class.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # A second ingress class 3 | # no controller will be running for this class but the resource will exist in kubernetes 4 | apiVersion: networking.k8s.io/v1 5 | kind: IngressClass 6 | metadata: 7 | annotations: 8 | app.kubernetes.io/component: controller 9 | name: other-gateway 10 | spec: 11 | controller: azure/application-gateway -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/rewrite-rule/app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: backend-deployment 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: app 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | app: app 14 | spec: 15 | containers: 16 | - name: backendapp 17 | imagePullPolicy: Always 18 | image: docker.io/kennethreitz/httpbin 19 | ports: 20 | - containerPort: 80 21 | --- 22 | apiVersion: v1 23 | kind: Service 24 | metadata: 25 | name: backend-service 26 | spec: 27 | selector: 28 | app: app 29 | ports: 30 | - protocol: TCP 31 | port: 80 32 | targetPort: 80 33 | --- 34 | apiVersion: networking.k8s.io/v1 35 | kind: Ingress 36 | metadata: 37 | name: ingress 38 | annotations: 39 | kubernetes.io/ingress.class: azure/application-gateway 40 | appgw.ingress.kubernetes.io/rewrite-rule-set: "test-rewrite-rule" 41 | spec: 42 | rules: 43 | - host: example.com 44 | http: 45 | paths: 46 | - path: / 47 | backend: 48 | service: 49 | name: backend-service 50 | port: 51 | number: 80 52 | pathType: Exact 53 | -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/ssl-e2e-redirect/README.md: -------------------------------------------------------------------------------- 1 | To add the root certificate to app gateway, use 2 | 3 | ``` 4 | az network application-gateway root-cert create -n test --cert-file test.crt --gateway-name --resource-group 5 | ``` 6 | 7 | To generate a new self-signed certificate: 8 | ``` 9 | openssl ecparam -out test.key -name prime256v1 -genkey 10 | openssl req -new -sha256 -key test.key -out test.csr -subj "/CN=test" 11 | openssl x509 -req -sha256 -days 720 -in test.csr -signkey test.key -out test.crt 12 | ``` 13 | 14 | If you are using a different certificate, don't forget to update the tls secret in the app.yaml. 15 | ``` 16 | # set tls.crt with: 17 | cat test.crt | base64 -w0 18 | 19 | # set tls.key with: 20 | cat test.key | base64 -w0 21 | ``` -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/ssl-e2e-redirect/probe-hostname-bad.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: ssl-redirect-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/health-probe-hostname: localhostx 8 | appgw.ingress.kubernetes.io/ssl-redirect: "true" 9 | appgw.ingress.kubernetes.io/backend-hostname: "test" 10 | appgw.ingress.kubernetes.io/appgw-trusted-root-certificate: "test" 11 | appgw.ingress.kubernetes.io/waf-policy-for-path : "/subscriptions/2ce9a29e-219e-422b-b9f8-5c5e54d5439e/resourceGroups/agic-e2e/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/waf-policy" 12 | spec: 13 | tls: 14 | - secretName: testsecret-tls 15 | rules: 16 | - http: 17 | paths: 18 | - path: /index.html 19 | backend: 20 | service: 21 | name: ssl-redirect-service 22 | port: 23 | number: 443 24 | pathType: Exact 25 | - path: /* 26 | backend: 27 | service: 28 | name: ssl-redirect-service 29 | port: 30 | number: 443 31 | pathType: Prefix -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/ssl-e2e-redirect/probe-hostname-good.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: ssl-redirect-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/ssl-redirect: "true" 8 | appgw.ingress.kubernetes.io/backend-hostname: "test" 9 | appgw.ingress.kubernetes.io/appgw-trusted-root-certificate: "test" 10 | appgw.ingress.kubernetes.io/waf-policy-for-path : "/subscriptions/2ce9a29e-219e-422b-b9f8-5c5e54d5439e/resourceGroups/agic-e2e/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/waf-policy" 11 | spec: 12 | tls: 13 | - secretName: testsecret-tls 14 | rules: 15 | - http: 16 | paths: 17 | - path: /index.html 18 | backend: 19 | service: 20 | name: ssl-redirect-service 21 | port: 22 | number: 443 23 | pathType: Exact 24 | - path: /* 25 | backend: 26 | service: 27 | name: ssl-redirect-service 28 | port: 29 | number: 443 30 | pathType: Prefix -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/ssl-e2e-redirect/test.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIBFzCBvwIUYATaCsIuOLko6+a7J8cjIKIu1gEwCgYIKoZIzj0EAwIwDzENMAsG 3 | A1UEAwwEdGVzdDAeFw0yMTA3MTQwNDI2MzlaFw0yMzA3MDQwNDI2MzlaMA8xDTAL 4 | BgNVBAMMBHRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARSwgLuKsEjh7ca 5 | CIqGC+/6o/W37hpMbvaYohwApQs6Abwy/DzcARcoobtNthp7U1qY+SAynOf6Rra/ 6 | mr8Ad8bQMAoGCCqGSM49BAMCA0cAMEQCIAQFQCePCn+YbCTn6r1w6EvciuWUDhF6 7 | /8YnjGNBCy2fAiA2HW3DZdJ8a2NeS9T1D7u27SCTeCxuXC/+Y978agsn2A== 8 | -----END CERTIFICATE----- 9 | -------------------------------------------------------------------------------- /scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/three-namespaces/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -auexo pipefail 4 | 5 | echo -e "The goal of this is to ensure that containers with the same probel and same labels in 3 different namespaces have unique and working health probes" 6 | 7 | for ns in e2e-ns-x e2e-ns-y e2e-ns-z; do 8 | kubectl create namespace "${ns}" || true 9 | 10 | kubectl apply -f app.yaml -------------------------------------------------------------------------------- /scripts/e2e/helm-config-with-prohibited-rules.yaml: -------------------------------------------------------------------------------- 1 | appgw: 2 | shared: true 3 | prohibitedTargets: 4 | - name: www.microsoft.com 5 | hostname: www.microsoft.com 6 | paths: 7 | - "/landing/*" 8 | 9 | armAuth: 10 | type: aadPodIdentity 11 | 12 | rbac: 13 | enabled: true -------------------------------------------------------------------------------- /scripts/e2e/run-e2e.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -ex 3 | 4 | . helper.sh 5 | 6 | SetupApplicationGateway 7 | 8 | InstallAGIC 9 | 10 | # run test 11 | go mod init || true 12 | go mod tidy 13 | go test -v -timeout 240m -tags e2e ./... || true 14 | mv ./cmd/runner/report.xml report.e2e.xml 15 | 16 | # install with custom tag 17 | InstallAGIC "custom-ingress-class" 18 | 19 | go test -v -timeout 240m -tags e2eingressclass ./... || true 20 | mv ./cmd/runner/report.xml report.e2eingressclass.xml 21 | 22 | EvaluateTestStatus 23 | -------------------------------------------------------------------------------- /scripts/find_duplicate_error_codes.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | grep 'errors.New' $(find . -name '*.go' -not -path './git/*' -not -path './vendor/*' | grep -v '_test.go' | grep -v 'crd_client') | grep -oE '\([A-Z]{4}[0-9]{3}\)' | sort | uniq -c | awk '{if ($1 > 1) print $0}' 4 | -------------------------------------------------------------------------------- /scripts/install-without-tiller.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | AGIC_NAME="ingress-azure" 4 | AGIC_NAMESPACE="default" 5 | HELM_CONFIG="./helm-config.yaml" 6 | 7 | [[ -f $HELM_CONFIG ]] || { echo "File $HELM_CONFIG does not exist!"; exit 1; } 8 | 9 | 10 | helm template "${AGIC_NAME}" ./helm/ingress-azure \ 11 | --namespace "${AGIC_NAMESPACE=}" \ 12 | --values "${HELM_CONFIG}" \ 13 | | tee /dev/tty | kubectl apply -f - 14 | 15 | 16 | -------------------------------------------------------------------------------- /scripts/release-helm.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | ENV=${1:-"staging"} 6 | TAG=${2:-$(git describe --abbrev=0 --tags)} 7 | 8 | IMAGE_REGISTRY="mcr.microsoft.com/azure-application-gateway/kubernetes-ingress" 9 | CHART_PATH="appgwreg.azurecr.io/public/azure-application-gateway/charts" 10 | 11 | echo "Generating Helm chart with tag [$TAG]" 12 | cat ./helm/ingress-azure/Chart-template.yaml | sed "s/XXVERSIONXX/$TAG/g" > ./helm/ingress-azure/Chart.yaml 13 | cat ./helm/ingress-azure/values-template.yaml | sed "s/XXVERSIONXX/$TAG/g" | sed "s#XXREGISTRYXX#$IMAGE_REGISTRY#g" >./helm/ingress-azure/values.yaml 14 | helm package ./helm/ingress-azure --version "$TAG" 15 | 16 | CHART_TAR="$(ls -1t ingress-azure-*.tgz | head -n 1)" 17 | echo "Pushing chart $CHART_TAR to $CHART_PATH" 18 | 19 | helm push "$CHART_TAR" oci://"$CHART_PATH" 20 | echo "Chart pushed successfully" -------------------------------------------------------------------------------- /scripts/replicate-chart.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | # This script is used to replicate the helm chart from storage account to OCI registry 6 | # Note: This script is being added for historical purpose. The helm chart is now being pushed to 7 | # the OCI registry directly from the pipeline 8 | # Usage: ./replicate-chart.sh 9 | 10 | if [ "$#" -ne 2 ]; then 11 | echo "Usage: $0 " 12 | exit 1 13 | fi 14 | 15 | DESTINATION_ACR="$1" 16 | DESTINATION_REPO="$DESTINATION_ACR/public/azure-application-gateway/charts" 17 | SOURCE_VERSION="$2" 18 | 19 | SOURCE_CHART_BASE_URL="https://appgwingress.blob.core.windows.net/ingress-azure-helm-package" 20 | SOURCE_CHART_NAME="ingress-azure" 21 | CHART_TAR="$SOURCE_CHART_NAME-$SOURCE_VERSION".tgz 22 | SOURCE_URL="$SOURCE_CHART_BASE_URL/$CHART_TAR" 23 | 24 | wget "$SOURCE_URL" 25 | 26 | helm push "$CHART_TAR" oci://"$DESTINATION_REPO" -------------------------------------------------------------------------------- /scripts/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -aueo pipefail 4 | 5 | source .env 6 | 7 | GOBIN=$(pwd)/bin 8 | 9 | echo -e "Cleanup: delete $GOBIN" 10 | rm -rf "$GOBIN" 11 | 12 | ORG_PATH="github.com/Azure" 13 | PROJECT_NAME="application-gateway-kubernetes-ingress" 14 | REPO_PATH="${ORG_PATH}/${PROJECT_NAME}" 15 | VERSION_VAR="${REPO_PATH}/pkg/version.Version" 16 | DATE_VAR="${REPO_PATH}/pkg/version.BuildDate" 17 | COMMIT_VAR="${REPO_PATH}/pkg/version.GitCommit" 18 | VERSION=$(git describe --abbrev=0 --tags) 19 | BUILD_DATE=$(date +%Y-%m-%d-%H:%MT%z) 20 | GIT_HASH=$(git rev-parse --short HEAD) 21 | 22 | echo -e "Compiling..." 23 | go build -ldflags "-s -X ${VERSION_VAR}=${VERSION} -X ${DATE_VAR}=${BUILD_DATE} -X ${COMMIT_VAR}=${GIT_HASH}" -o ./bin/appgw-ingress -v ./cmd/appgw-ingress 24 | RESULT=$? 25 | if [ "$RESULT" -eq "0" ]; then 26 | chmod -R 777 bin 27 | echo -e "Build SUCCEEDED" 28 | else 29 | echo -e "Build FAILED" 30 | exit 1 31 | fi 32 | 33 | # Print Version 34 | ./bin/appgw-ingress --version || true 35 | 36 | # Feature Flags 37 | export APPGW_ENABLE_SAVE_CONFIG_TO_FILE="true" 38 | 39 | # Run 40 | ./bin/appgw-ingress \ 41 | --in-cluster=false \ 42 | --kubeconfig="$KUBE_CONFIG_FILE" \ 43 | --verbosity=9 44 | -------------------------------------------------------------------------------- /scripts/vendor.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | rm -rf vendor 3 | go mod vendor 4 | chmod -R 777 vendor 5 | -------------------------------------------------------------------------------- /tests/data/k8s.x509.cert: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDvDCCAqQCCQDf27w5i4qqrzANBgkqhkiG9w0BAQsFADCBnzELMAkGA1UEBhMC 3 | VVMxCzAJBgNVBAgMAkNBMRIwEAYDVQQHDAlTdW5ueXZhbGUxEjAQBgNVBAoMCU1p 4 | Y3Jvc29mdDEZMBcGA1UECwwQQXp1cmUgTmV0d29ya2luZzEQMA4GA1UEAwwHQXZp 5 | bmFzaDEuMCwGCSqGSIb3DQEJARYfYXZpbmFzaC5zcmlkaGFyYW5AbWljcm9zb2Z0 6 | LmNvbTAeFw0xODA5MTMyMzA0NTZaFw0xOTA5MTMyMzA0NTZaMIGfMQswCQYDVQQG 7 | EwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVN1bm55dmFsZTESMBAGA1UECgwJ 8 | TWljcm9zb2Z0MRkwFwYDVQQLDBBBenVyZSBOZXR3b3JraW5nMRAwDgYDVQQDDAdB 9 | dmluYXNoMS4wLAYJKoZIhvcNAQkBFh9hdmluYXNoLnNyaWRoYXJhbkBtaWNyb3Nv 10 | ZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwy/9UNspJwc 11 | BGa5j33+/boZt4q+kb9Kmzt7lSzgCC7vVkLYau76s4c4sv1qZqzhjKXZc4YSYsTO 12 | jO98zZ8sbUIVlzJkT+cngE1ogCu/oBioobiZ06ssDhM4QQ3Se3PZ8YqBcViGTtQX 13 | AWyAGxHdIwz6uKHY3o68QJOPosxyxAygM+AJPymbt4bAWYzh+USLHtoLO4dghOTw 14 | 8AYUZbCghkrgYRgjHwcH6gIik0SCpPFNHaazQ/pFMdXLKDqjmDBCZMIatK5+NIwz 15 | 6Cz0sl8aK4kiEJp81PAjrkad2wr68K4Otz4mzKcrOT8tI+ptqA7mAT+fUEszN2cE 16 | ztAO4CHbHwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBAjIUeppHhb6rPcSygN9bt 17 | MpU6vzI92s5NDvrlrA6rNZ/suqfMXx+Es31IRf9oAra1XbgM5C+YZmQRAyMLDLjI 18 | nAiUuW5yvSuNT5h7sbRme/B1Vxfr13CHiqb0Nz/1WVrefnYdLkGhZqktlUl+fGA5 19 | PXHdW3uaha2OqgNAEaZUf0XiXrMidu3WHQyHw6QqvG3GCuV5P7oOdBI1vHKpa6At 20 | s62eUxo1jBxsBT9srGggOC8cIS77leu11lckCfgIaAMsKrVpTZ1N/kuXJaNmPb8X 21 | 59O9/X10XQBchyfrENysYJnYH3szAc1HsEVqy9flzGaesxjxD7I1VnGo8kchtTrE 22 | -----END CERTIFICATE----- 23 | --------------------------------------------------------------------------------