Documentation
¶
Index ¶
- func AddLabels(req router.Request, resp router.Response) error
- func DoNothing(req router.Request, resp router.Response) error
- func GCOrphans(req router.Request, resp router.Response) error
- func PoliciesForIngress(req router.Request, resp router.Response) error
- func PoliciesForService(req router.Request, resp router.Response) error
- func RegisterRoutes(router *router.Router, client kubernetes.Interface, ...) error
- func Start(ctx context.Context, opt Options) error
- func VirtualServiceForLink(req router.Request, resp router.Response) error
- type Handler
- type Options
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddLabels ¶
AddLabels adds the "istio-injection: enabled" label on every Acorn project namespace
func PoliciesForIngress ¶
PoliciesForIngress creates Istio an PeerAuthentication for each Ingress resource created by Acorn. The PeerAuthentication sets mTLS to PERMISSIVE mode on the ports exposed by the Ingresses so that the containers will accept traffic coming from outside the Istio mesh.
func PoliciesForService ¶
PoliciesForService creates an Istio PeerAuthentication for each LoadBalancer Service created by Acorn. The PeerAuthentication sets mTLS to PERMISSIVE mode on the ports targeted by the Service so that the containers will accept traffic coming from outside the Istio mesh.
func RegisterRoutes ¶
Types ¶
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
func (Handler) KillIstioSidecar ¶
KillIstioSidecar kills the Istio sidecar on every pod that corresponds to an Acorn job, once the job is complete
func (Handler) PoliciesForApp ¶
PoliciesForApp creates an Istio PeerAuthentication in each app's namespace. The PeerAuthentication sets mTLS to STRICT mode, meaning that all pods in the namespace will only accept incoming network traffic from other pods in the Istio mesh.
Source Files