Documentation ¶
Index ¶
- func AddAnnotations(req router.Request, resp router.Response) error
- func AddLinkerdServer(req router.Request, resp router.Response) error
- func RegisterRoutes(router *router.Router, client kubernetes.Interface, ...) error
- func Start(ctx context.Context, opt Options) error
- type Handler
- func (h Handler) AddAuthorizationPolicy(req router.Request, resp router.Response) error
- func (h Handler) ConfigureNetworkAuthorizationForIngress(req router.Request, resp router.Response) error
- func (h Handler) ConfigureNetworkPolicyForBuildServer(req router.Request, resp router.Response) error
- func (h Handler) KillLinkerdSidecar(req router.Request, resp router.Response) error
- type Options
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddAnnotations ¶
AddAnnotations adds linkerd annotations to all acorn projects so that it can propagate into app namespaces
func AddLinkerdServer ¶
AddLinkerdServer adds linkerd server CRD to each acorn apps. This will create a policy to disallow apps from talking to each other unless a specific AuthorizationPolicy is defined.
func RegisterRoutes ¶
Types ¶
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
func (Handler) AddAuthorizationPolicy ¶
AddAuthorizationPolicy makes sure within each acorn project, apps can talk to each other. It does the following: 1. Programs MeshTLSAuthentication for each app namespaces to represent all the service account identities in the same project 2. For each server, create an AuthorizationPolicy per project to allow network access.
func (Handler) ConfigureNetworkAuthorizationForIngress ¶
func (h Handler) ConfigureNetworkAuthorizationForIngress(req router.Request, resp router.Response) error
ConfigureNetworkAuthorizationForIngress configures the authorization policy so that Ingress pod is able to reach acorn apps. This should normally be done through service account identity but not sure why it is not working. TODO: need to figure out how service account works when ingress mode is enabled