nginx

package
v0.0.0-...-8ccf8f9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 3, 2021 License: Apache-2.0 Imports: 22 Imported by: 1

Documentation

Index

Constants

View Source 
const (

	// FrontendRole ...
	FrontendRole = "frontend"
	// AllIngressServiceName ...
	AllIngressServiceName = "fd-k8-all"
)

Variables

View Source 
var IsDefaultServerConfGlobal = true

IsDefaultServerConfGlobal ...

View Source 
var (
	// SnortUpstreamServers used for Snort, if adding new snort container update this Object
	SnortUpstreamServers = Upstream{
		Name: "proxy_snort", UpstreamServers: []UpstreamServer{
			{
				Address: "127.0.0.1",
				Port:    "7481",
			},
			{
				Address: "127.0.0.1",
				Port:    "7482",
			},
			{
				Address: "127.0.0.1",
				Port:    "7483",
			},
		},
	}
)

Functions

func GetIndexesOfValue 

func GetIndexesOfValue(arr []string, key string, cutset string) []int

GetIndexesOfValue returns all the indexes of a key in the string slice

func GetMapKeyAsBool 

func GetMapKeyAsBool(m map[string]string, key string, context apiObject) (bool, bool, error)

GetMapKeyAsBool searches the map for the given key and parses the key as bool

func GetMapKeyAsInt 

func GetMapKeyAsInt(m map[string]string, key string, context apiObject) (int64, bool, error)

GetMapKeyAsInt tries to find and parse a key in a map as int64

func GetMapKeyAsStringSlice 

func GetMapKeyAsStringSlice(m map[string]string, key string, context apiObject, delimiter string) ([]string, bool, error)

GetMapKeyAsStringSlice tries to find and parse a key in the map as string slice splitting it on delimiter

func GetWatchFrequency 

func GetWatchFrequency() string

GetWatchFrequency ...

func HandleMutualAuth 

func HandleMutualAuth(annotation parser.ParsedValidatedAnnotation, resourceName, serverName string) (map[string][]string, []string, error)

HandleMutualAuth ...

func ParseLocationSnippetLine 

func ParseLocationSnippetLine(snippet []string, ingressName string, annotation string, deliminator string) map[string][]string

ParseLocationSnippetLine ...

func ParseStatsdService 

func ParseStatsdService(statsdAnnotationsString string) (enableAllLoc bool, err error)

ParseStatsdService ...

func RemoveFileIfExist 

func RemoveFileIfExist(filename string)

RemoveFileIfExist ...

func SetWatchFrequency 

func SetWatchFrequency(watchFrequencyUpdated string)

SetWatchFrequency ...

Types

type Config 

type Config struct {
	LocationSnippets              map[string][]string
	AllLocationSnippet            []string
	ServerSnippets                []string
	ServerTokens                  bool
	ProxyConnectTimeout           string
	ProxyReadTimeout              string
	ClientMaxBodySize             string
	LargeClientHeaderBuffers      string
	HTTP2                         bool
	RedirectToHTTPS               bool
	MainHTTPSnippets              []string
	MainServerNamesHashBucketSize string
	MainServerNamesHashMaxSize    string
	MainLogFormat                 string
	MainLogFormatEscapeJSON       string
	VtsStatusZoneSize             string
	ProxyBuffering                bool
	ProxyMaxTempFileSize          string
	ProxyProtocol                 bool
	ProxyHideHeaders              []string
	ProxyPassHeaders              []string
	HSTS                          bool
	HSTSMaxAge                    int
	HSTSIncludeSubdomains         bool
	InKeepAlive                   string
	InKeepaliveRequests           string
	Backlog                       string
	ReusePort                     bool
	ProxySslVerifyDepth           int

	// http://nginx.org/en/docs/http/ngx_http_realip_module.html
	RealIPHeader    string
	SetRealIPFrom   []string
	RealIPRecursive bool
	Stream          string

	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html
	MainServerSSLProtocols           string
	MainServerSSLPreferServerCiphers bool
	MainServerSSLCiphers             string
	MainServerSSLDHParam             string

	// Ratelimit Annotations
	RatelimitMemory string
	RatelimitValue  string
	RatelimitBurst  string

	//ActivityTracker log
	ActivityTracker bool

	//Customer Logs
	CustomerLogs bool

	//Access Logs
	AccessLogEnabled bool
	AccessLogBuffer  string
	AccessLogFlush   string

	//Indicates if istio is present
	IsIstioPresent bool
	IstioPort      int64
	IstioIP        string

	IamGlobalEndpoint string
}

Config holds NGINX configuration parameters

func NewDefaultConfig 

func NewDefaultConfig() *Config

NewDefaultConfig creates a Config with default values

type Configurator 

type Configurator struct {
	// contains filtered or unexported fields
}

Configurator transforms an Ingress resource into NGINX Configuration

func NewConfigurator 

func NewConfigurator(nginx *IngressNginxController, config *Config, kubeClient kubernetes.Interface) *Configurator

NewConfigurator creates a new Configurator

func (*Configurator) AddOrUpdateDHParam 

func (cnf *Configurator) AddOrUpdateDHParam(content string) (string, error)

AddOrUpdateDHParam ...

func (*Configurator) AddOrUpdateIngress 

func (cnf *Configurator) AddOrUpdateIngress(name string, ingEx *IngressEx)

AddOrUpdateIngress adds or updates NGINX configuration for an Ingress resource

func (*Configurator) AddOrUpdateTLSSecret 

func (cnf *Configurator) AddOrUpdateTLSSecret(secret *api.Secret, ings []networking.Ingress, sslings []networking.Ingress, mutualAuthings []networking.Ingress, reload bool) error

AddOrUpdateTLSSecret creates or updates a file with the content of the TLS secret

func (*Configurator) DeleteIngress 

func (cnf *Configurator) DeleteIngress(name string)

DeleteIngress deletes NGINX configuration for an Ingress resource

func (*Configurator) DeleteSecret 

func (cnf *Configurator) DeleteSecret(secretName string, ings []networking.Ingress, sslings []networking.Ingress, mutualAuthings []networking.Ingress) error

DeleteSecret deletes secret

func (*Configurator) EventLogf 

func (cnf *Configurator) EventLogf(ingEx *IngressEx, msgCode string, format string, args ...interface{})

EventLogf ...

func (*Configurator) GetAnnotationModel 

func (cnf *Configurator) GetAnnotationModel(annotationStr string, ingEx *IngressEx) (annotationModel parser.ParsedValidatedAnnotation, annotationExists bool)

GetAnnotationModel ...

func (*Configurator) GetCertificateData 

func (cnf *Configurator) GetCertificateData(secret []byte) (map[string]string, error)

GetCertificateData ...

func (*Configurator) GetNginxCertsPath 

func (cnf *Configurator) GetNginxCertsPath() string

GetNginxCertsPath ...

func (*Configurator) GetPodScale 

func (cnf *Configurator) GetPodScale() int

GetPodScale ...

func (*Configurator) GetSSLServices 

func (cnf *Configurator) GetSSLServices(ingEx *IngressEx) (sslServices map[string]SSLServicesData)

GetSSLServices ...

func (*Configurator) ParseAnnotation 

func (cnf *Configurator) ParseAnnotation(annotationStr string, annotationStringIng string, ingEx *IngressEx) (annotationModel parser.ParsedValidatedAnnotation)

ParseAnnotation ...

func (*Configurator) SetPodScale 

func (cnf *Configurator) SetPodScale(PodVal int)

SetPodScale ...

func (*Configurator) UpdateConfig 

func (cnf *Configurator) UpdateConfig(config *Config)

UpdateConfig updates NGINX Configuration parameters

func (*Configurator) UpdateEndpoints 

func (cnf *Configurator) UpdateEndpoints(name string, ingEx *IngressEx)

UpdateEndpoints updates endpoints in NGINX configuration for an Ingress resource

func (*Configurator) VerifyUseOfIstioSvc 

func (cnf *Configurator) VerifyUseOfIstioSvc(ingEx *IngressEx, svc *api.Service) (found bool)

VerifyUseOfIstioSvc ...

type CustomErrorActions 

type CustomErrorActions struct {
	Name  string
	Value []string
}

CustomErrorActions ...

type CustomPort 

type CustomPort struct {
	Port     string
	Protocol string
}

CustomPort ...

type IngressEx 

type IngressEx struct {
	Ingress               *networking.Ingress
	Secrets               map[string]*api.Secret
	Endpoints             map[string][]string
	UpstreamSSLData       map[string]UpstreamSSLConfig
	IsUpsreamSSLs         bool
	SSLCommonNames        map[string]string
	PlainSSL              []string
	IstioIngressUpstreams []IstioIngressUpstream
}

IngressEx holds an Ingress along with Secrets and Endpoints of the services that are referenced in this Ingress

type IngressNginxConfig 

type IngressNginxConfig struct {
	Upstreams             []Upstream
	Servers               []Server
	GlobalRatelimitzones  []RateLimitZone
	ServiceRatelimitzones []RateLimitZone

	// Snort
	SnortEnabled  bool
	SnortUpstream Upstream
}

IngressNginxConfig describes an NGINX configuration

type IngressNginxController 

type IngressNginxController struct {
	// contains filtered or unexported fields
}

IngressNginxController Updates NGINX configuration, starts and reloads NGINX

func NewNginxController 

func NewNginxController(nginxConfPath string, local bool, healthStatus bool) (*IngressNginxController, error)

NewNginxController creates a NGINX controller

func (*IngressNginxController) AddOrUpdateCertAndKey 

func (nginx *IngressNginxController) AddOrUpdateCertAndKey(name string, cert string, key string, ca string) string

AddOrUpdateCertAndKey creates a .pem file wth the cert and the key with the specified name

func (*IngressNginxController) AddOrUpdateDHParam 

func (nginx *IngressNginxController) AddOrUpdateDHParam(dhparam string) (string, error)

AddOrUpdateDHParam creates the servers dhparam.pem file

func (*IngressNginxController) AddOrUpdateIngress 

func (nginx *IngressNginxController) AddOrUpdateIngress(name string, config IngressNginxConfig)

AddOrUpdateIngress creates or updates a file with the specified configuration for the specified ingress

func (*IngressNginxController) AddOrUpdateIngressStream 

func (nginx *IngressNginxController) AddOrUpdateIngressStream(name string, StreamConfigs []IngressNginxStreamConfig, upstreams map[string]Upstream)

AddOrUpdateIngressStream ...

func (*IngressNginxController) AddOrUpdatePemFile 

func (nginx *IngressNginxController) AddOrUpdatePemFile(pemFileName string, content []byte) string

AddOrUpdatePemFile creates a .pem file wth the cert and the key with the specified name

func (*IngressNginxController) AddOrUpdateTrustedCertAndKey 

func (nginx *IngressNginxController) AddOrUpdateTrustedCertAndKey(name string, cert string, key string, trustedCert string) (string, string, string)

AddOrUpdateTrustedCertAndKey creates a .crt file wth the trusted cert and client cert and client key with the specified name

func (*IngressNginxController) DeleteIngress 

func (nginx *IngressNginxController) DeleteIngress(name string)

DeleteIngress deletes the configuration file, which corresponds for the specified ingress from NGINX conf directory

func (*IngressNginxController) DeletePemFile 

func (nginx *IngressNginxController) DeletePemFile(pemFileName string)

DeletePemFile deletes the pem file

func (*IngressNginxController) Reload 

func (nginx *IngressNginxController) Reload() error

Reload reloads NGINX

func (*IngressNginxController) Start 

func (nginx *IngressNginxController) Start()

Start starts NGINX

func (*IngressNginxController) UpdateDefaultConfFile 

func (nginx *IngressNginxController) UpdateDefaultConfFile(cfg *IngressNginxMainConfig)

UpdateDefaultConfFile update the default conf file

func (*IngressNginxController) UpdateDefaultPemFile 

func (nginx *IngressNginxController) UpdateDefaultPemFile(cfg *IngressNginxMainConfig)

UpdateDefaultPemFile update the index html file

func (*IngressNginxController) UpdateIndexHTMLFile 

func (nginx *IngressNginxController) UpdateIndexHTMLFile(cfg *IngressNginxMainConfig)

UpdateIndexHTMLFile update the index html file

func (*IngressNginxController) UpdateLuaUtilityFile 

func (nginx *IngressNginxController) UpdateLuaUtilityFile(cfg *IngressNginxMainConfig)

UpdateLuaUtilityFile update the lua utility file

func (*IngressNginxController) UpdateMainConfigFile 

func (nginx *IngressNginxController) UpdateMainConfigFile(cfg *IngressNginxMainConfig)

UpdateMainConfigFile update the main NGINX configuration file

type IngressNginxCustomError 

type IngressNginxCustomError struct {
	HTTPStatus string
	Action     string
}

IngressNginxCustomError ...

type IngressNginxMainConfig 

type IngressNginxMainConfig struct {
	ServerNamesHashBucketSize string
	ServerNamesHashMaxSize    string
	LogFormat                 string
	LogFormatEscapeJSON       string
	VtsStatusZoneSize         string
	HealthStatus              bool
	HTTPSnippets              []string
	InKeepAlive               string
	InKeepaliveRequests       string
	Backlog                   string
	ReusePort                 bool

	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html
	SSLProtocols           string
	SSLPreferServerCiphers bool
	SSLCiphers             string
	SSLDHParam             string
	ActivityTracker        bool
	CustomerLogs           bool
	PodName                string

	// Used to disable default server in default.conf
	IsDefaultServerConf bool

	// Snort
	SnortEnabled  bool
	SnortUpstream Upstream
	//Access Log buffering
	AccessLogEnabled bool
	AccessLogBuffer  string
	AccessLogFlush   string
}

IngressNginxMainConfig describe the main NGINX configuration file

type IngressNginxStreamConfig 

type IngressNginxStreamConfig struct {
	IngressPort string
	ServiceName string
	ServicePort string
}

IngressNginxStreamConfig ...

func ParseSingleStream 

func ParseSingleStream(stream string) (config IngressNginxStreamConfig, err error)

ParseSingleStream ... ingress.bluemix.net/tcp-ports: "ingressPort=80 serviceName=tea-svc servicePort=8080;ingressPort=81 serviceName=coffee-svc servicePort=8081"

func ParseStreamConfigs 

func ParseStreamConfigs(streams string) (configs []IngressNginxStreamConfig, err error)

ParseStreamConfigs ...

type IngressNginxStreamConfigs 

type IngressNginxStreamConfigs struct {
	StreamConfigs []IngressNginxStreamConfig
	Ups           []Upstream
}

IngressNginxStreamConfigs ...

type IstioIngressUpstream 

type IstioIngressUpstream struct {
	BackendSvc string
	Endpoints  []string
}

IstioIngressUpstream ...

type Location 

type Location struct {
	LocationSnippets     []string
	Path                 string
	Upstream             Upstream
	ProxyConnectTimeout  string
	ProxyReadTimeout     string
	ClientMaxBodySize    string
	Websocket            bool
	Rewrite              string
	SSL                  bool
	ProxyMaxTempFileSize string
	RatelimitMemory      string
	RatelimitValue       string
	RatelimitBurst       string
	ActivityTracker      bool
	CustomerLogs         bool
	ProxySetHeaders      []string
	MoreSetHeaders       []string
	MoreClearHeaders     []string
	LocationModifier     string

	//watson configurations
	MapPath             string
	WatsonAuthURL       bool
	WatsonSecondaryHost string
	WatsonSecondarySvc  string
	WatsonUpstream      bool
	AuthCookie          bool
	Options             bool

	// IAM Oauth Configurations
	IamAuthURL        bool
	ClientID          string
	ClientSecret      string
	ClientSecretNS    string
	SvcName           string
	ClientRedirectURL string

	// IAM CLI Configurations
	IamCLIAuthURL    bool
	IamLogoutEnabled bool

	// AppId Configurations
	AppIDSecret      string
	AppIDNameSpace   string
	AppIDRequestType string
	AppIDToken       bool

	//proxy_next_upstream configuration
	ProxyNextUpstreamValues  string
	ProxyNextUpstreamTimeout string
	ProxyNextUpstreamTries   int

	ExternalLocation           bool
	ExternalSvc                string
	ExtDNSResolver             string
	SSLAuthentication          bool
	SSLTwoWayAuthentication    bool
	ProxySslTrustedCertificate string
	ProxySslCertificate        string
	ProxySslCertificateKey     string
	LocationRateLimitZones     []RateLimitZone
	ProxySslVerifyDepth        int
	PlainSSLAuthentication     bool
	ProxySSLName               string

	KeepAliveTimeout    string
	KeepAliveRequests   string
	AllLocationSnippet  []string
	CustomErrors        []IngressNginxCustomError
	ProxyBuffering      bool
	AddHostPort         bool
	ProxyBuffers        ProxyBuffer
	ProxyBufferSize     string
	ProxyBusyBufferSize string

	IstioEnabled        bool
	IstioPort           int64
	IstioIP             string
	StatsdConfigEnabled bool
}

Location describes an NGINX location

type ProxyBuffer 

type ProxyBuffer struct {
	Size   string
	Number int
}

ProxyBuffer ...

type ProxyPems 

type ProxyPems struct {
	// contains filtered or unexported fields
}

ProxyPems ...

type ProxySSLConfig 

type ProxySSLConfig struct {
	ProxySSLVerifyDepth int
	ProxySSLName        string
}

ProxySSLConfig is to store the SSL config parameters that are used on the upstream connections

type RateLimitZone 

type RateLimitZone struct {
	Name     string
	Key      string
	Rate     string
	RateUnit string
	Conn     string
	ConnMem  string
	RateMem  string
	Burst    int
}

RateLimitZone Struct

type SSLServicesData 

type SSLServicesData struct {
	SecretName          string
	ProxySSLVerifyDepth int
	ProxySSLName        string
}

SSLServicesData holds the value of the attrtibutes parsed from the ssl-services annotation of Ingresses

type Secrets 

type Secrets struct {
	SecretName string
	Secret     *api.Secret
}

Secrets ...

type Server 

type Server struct {
	ServerSnippets           []string
	Name                     string
	ServerTokens             bool
	Locations                []Location
	SSL                      bool
	SSLCertificate           string
	SSLCertificateKey        string
	HTTP2                    bool
	RedirectToHTTPS          bool
	ProxyProtocol            bool
	HSTS                     bool
	HSTSMaxAge               int
	HSTSIncludeSubdomains    bool
	ProxyHideHeaders         []string
	ProxyPassHeaders         []string
	GlobalSerRateLimitZones  []RateLimitZone
	LargeClientHeaderBuffers string

	// Port configurations
	HTTPPort             string
	HTTPSPort            string
	MutualAuthPort       string
	SSLClientCertificate string
	MutualAuthPaths      []string
	NonMutualAuthPaths   []string

	// http://nginx.org/en/docs/http/ngx_http_realip_module.html
	RealIPHeader    string
	SetRealIPFrom   []string
	RealIPRecursive bool

	// Watson configurations
	OptionLocation        bool
	WatsonAuthLocation    string
	IamAuthLocation       bool
	IamCliAuthLocation    bool
	IamAllCliAuthLocation bool
	KeepAliveTimeout      string
	KeepAliveRequests     string
	CustomerLogs          bool
	IamLogoutEnabled      bool

	IamGlobalEndpoint string

	// AppID
	AppIDEnabled    bool
	AppIDWebEnabled bool

	// Used for Healthcheck
	IsDefaultHealthcheck bool

	// Used for setting up a default Server
	IsDefaultServer bool

	ErrorActions       []CustomErrorActions
	GlobalCustomErrors []IngressNginxCustomError
}

Server describes an NGINX server

type Upstream 

type Upstream struct {
	Name             string
	UpstreamServers  []UpstreamServer
	StickyCookie     string
	KeepAlive        int
	LBType           string
	KeepAliveTimeout string
}

Upstream describes an NGINX upstream

func NewUpstreamWithDefaultServer 

func NewUpstreamWithDefaultServer(name string, stickyCookie string) Upstream

NewUpstreamWithDefaultServer creates an upstream with the default server. proxy_pass to an upstream with the default server returns 502. We use it for services that have no endpoints

type UpstreamSSLConfig 

type UpstreamSSLConfig struct {
	Secrets        Secrets
	ProxySSLConfig ProxySSLConfig
}

UpstreamSSLConfig is to store the secrets and other SSL config parameters that are used on the upstream connections

type UpstreamServer 

type UpstreamServer struct {
	Address string
	Port    string

	// Upstream HealthCheck
	MaxFails    string
	FailTimeout string
}

UpstreamServer describes a server in an NGINX upstream

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.