util

package
v0.0.0-...-e408518 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package util provides common constants and helper functions for vetters.

Index

Constants

View Source 
const (
	DefaultSidecarProxyUID              = uint64(1337)
	DefaultVerbosity                    = 2
	DefaultImagePullPolicy              = "IfNotPresent"
	DefaultStatusPort                   = 15020
	DefaultReadinessInitialDelaySeconds = 1
	DefaultReadinessPeriodSeconds       = 2
	DefaultReadinessFailureThreshold    = 30
	DefaultIncludeIPRanges              = "*"
	DefaultIncludeInboundPorts          = "*"
	DefaultkubevirtInterfaces           = ""
)

Defaults values for injecting istio proxy into kubernetes resources.

View Source 
const (
	IstioNamespace                = "istio-system"
	IstioProxyContainerName       = "istio-proxy"
	IstioInitContainerName        = "istio-init"
	IstioConfigMap                = "istio"
	IstioConfigMapKey             = "mesh"
	IstioInitializerPodAnnotation = "sidecar.istio.io/status"
	IstioInitializerConfigMap     = "istio-sidecar-injector"
	IstioInitializerConfigMapKey  = "config"
	IstioAppLabel                 = "app"
	KubernetesDomainSuffix        = ".svc.cluster.local"
	ServiceProtocolUDP            = "UDP"
)

Constants related to Istio

View Source 
const (
	InterceptionNone string = "NONE"
)

Aspenmesh inserts: --------------------------------------------- Copied from other isto file locations:

View Source 
const (
	// ProxyContainerName is used by e2e integration tests for fetching logs
	ProxyContainerName = "istio-proxy"
)

Variables

This section is empty.

Functions

func ComputeID 

func ComputeID(n *apiv1.Note) string

ComputeID returns MD5 checksum of the Note struct which can be used as ID for the note.

func ConvertHostnameToFQDN 

func ConvertHostnameToFQDN(hostname string, namespace string) (string, error)

ConvertHostnameToFQDN returns the FQDN if a short name is passed

func DefaultExemptedNamespaces 

func DefaultExemptedNamespaces() []string

DefaultExemptedNamespaces returns list of default Namsepaces which are exempted from automatic sidecar injection. List includes "kube-system", "kube-public" and "istio-system"

func ExemptedNamespace 

func ExemptedNamespace(ns string) bool

ExemptedNamespace checks if a Namespace is by default exempted from automatic sidecar injection.

func GetInitializerConfigMap 

func GetInitializerConfigMap(cmLister v1.ConfigMapLister) (*corev1.ConfigMap, error)

GetInitializerConfig retrieves the Istio Initializer config. Istio Initializer config is stored as "istio-sidecar-injector" configmap in "istio-system" Namespace.

func GetMeshConfig 

func GetMeshConfig(cm *corev1.ConfigMap) (*meshv1alpha1.MeshConfig, error)

func GetMeshConfigMap 

func GetMeshConfigMap(cmLister v1.ConfigMapLister) (*corev1.ConfigMap, error)

GetMeshConfig retrieves the Istio Mesh config. Istio Mesh config is stored as "istio" configmap in "istio-system" Namespace.

func Image 

func Image(n string, s corev1.PodSpec) (string, error)

Image returns the image for the container named n if present in the pod spec, or an error otherwise.

func InitImage 

func InitImage(n string, s corev1.PodSpec) (string, error)

InitImage returns the image for the init container named n if present in the pod spec, or an error otherwise.

func InitImageName 

func InitImageName(hub string, tag string, _ bool) string

InitImageName returns the fully qualified image name for the istio init image given a docker hub and tag and debug flag

func IsEndpointInMesh 

func IsEndpointInMesh(ea *corev1.EndpointAddress, podLister v1.PodLister) bool

func IstioInitializerDisabledNote 

func IstioInitializerDisabledNote(e, vetterID, vetterType string) *apiv1.Note

IstioInitializerDisabledNote generates an INFO note if the error string contains "istio-inject configmap not found".

func ListEndpointsInMesh 

func ListEndpointsInMesh(nsLister v1.NamespaceLister, epLister v1.EndpointsLister) ([]*corev1.Endpoints, error)

ListEndpointsInMesh returns the list of Endpoints in the mesh. Endpoints in Namespaces returned by ListNamespacesInMesh are considered in the mesh.

func ListNamespacesInMesh 

func ListNamespacesInMesh(nsLister v1.NamespaceLister) ([]*corev1.Namespace, error)

ListNamespacesInMesh returns the list of Namespaces in the mesh. Namespaces with label "istio-inject=enabled" are considered in the mesh.

func ListPodsInMesh 

func ListPodsInMesh(nsLister v1.NamespaceLister, podLister v1.PodLister) ([]*corev1.Pod, error)

ListPodsInMesh returns the list of Pods in the mesh. Pods in Namespaces returned by ListNamespacesInMesh with sidecar injected as determined by SidecarInjected are considered in the mesh.

func ListServicesInMesh 

func ListServicesInMesh(nsLister v1.NamespaceLister, svcLister v1.ServiceLister) ([]*corev1.Service, error)

ListServicesInMesh returns the list of Services in the mesh. Services in Namespaces returned by ListNamespacesInMesh are considered in the mesh.

func ListVirtualServicesInMesh 

func ListVirtualServicesInMesh(nsLister v1.NamespaceLister,
	vsLister istioNetListers.VirtualServiceLister) ([]*istioClientNet.VirtualService, error)

ListVirtualServices returns a list of VirtualService resources in the mesh.

func ProxyImageName 

func ProxyImageName(hub string, tag string, debug bool) string

ProxyImageName returns the fully qualified image name for the istio proxy image given a docker hub and tag and whether to use debug or not.

func ProxyStatusPort 

func ProxyStatusPort(container corev1.Container) (uint32, error)

ProxyStatusPort extracts status port from the cmd arguments for a given container, as per Istio 1.1 doc, global.proxy.statusPort https://istio.io/docs/reference/config/installation-options-changes/

func ServicePortPrefixed 

func ServicePortPrefixed(n string) bool

ServicePortPrefixed checks if the Service port name is prefixed with Istio supported protocols.

func SidecarInjected 

func SidecarInjected(p *corev1.Pod) bool

SidecarInjected checks if sidecar is injected in a Pod. Sidecar is considered injected if initializer annotation and proxy container are both present in the Pod Spec.

func ValidateExcludeIPRanges 

func ValidateExcludeIPRanges(ipRanges string) error

ValidateExcludeIPRanges validates the excludeIPRanges parameter

func ValidateExcludeInboundPorts 

func ValidateExcludeInboundPorts(ports string) error

ValidateExcludeInboundPorts validates the excludeInboundPorts parameter

func ValidateIncludeIPRanges 

func ValidateIncludeIPRanges(ipRanges string) error

ValidateIncludeIPRanges validates the includeIPRanges parameter

func ValidateIncludeInboundPorts 

func ValidateIncludeInboundPorts(ports string) error

ValidateIncludeInboundPorts validates the includeInboundPorts parameter

Types

type Config 

type Config struct {
	Policy InjectionPolicy `json:"policy"`

	// Template is the templated version of `SidecarInjectionSpec` prior to
	// expansion over the `SidecarTemplateData`.
	Template string `json:"template"`

	// NeverInjectSelector: Refuses the injection on pods whose labels match this selector.
	// It's an array of label selectors, that will be OR'ed, meaning we will iterate
	// over it and stop at the first match
	// Takes precedence over AlwaysInjectSelector.
	NeverInjectSelector []metav1.LabelSelector `json:"neverInjectSelector"`

	// AlwaysInjectSelector: Forces the injection on pods whose labels match this selector.
	// It's an array of label selectors, that will be OR'ed, meaning we will iterate
	// over it and stop at the first match
	AlwaysInjectSelector []metav1.LabelSelector `json:"alwaysInjectSelector"`
}

Config specifies the sidecar injection configuration This includes the sidecar template and cluster-side injection policy. It is used by kube-inject, sidecar injector, and http endpoint.

type InjectionPolicy 

type InjectionPolicy string

InjectionPolicy determines the policy for injecting the sidecar proxy into the watched namespace(s). 

const (
	// InjectionPolicyDisabled specifies that the sidecar injector
	// will not inject the sidecar into resources by default for the
	// namespace(s) being watched. Resources can enable injection
	// using the "sidecar.istio.io/inject" annotation with value of
	// true.
	InjectionPolicyDisabled InjectionPolicy = "disabled"

	// InjectionPolicyEnabled specifies that the sidecar injector will
	// inject the sidecar into resources by default for the
	// namespace(s) being watched. Resources can disable injection
	// using the "sidecar.istio.io/inject" annotation with value of
	// false.
	InjectionPolicyEnabled InjectionPolicy = "enabled"
)

type IstioInjectConfig 

type IstioInjectConfig struct {
	Policy InjectionPolicy `json:"policy"`

	// Template is the templated version of `SidecarInjectionSpec` prior to
	// expansion over the `SidecarTemplateData`.
	Template string `json:"template"`
}

Config specifies the sidecar injection configuration This includes the sidear template and cluster-side injection policy. It is used by kube-inject, sidecar injector, and http endpoint.

func GetIstioInjectConfig 

func GetIstioInjectConfig(cm *corev1.ConfigMap) (*IstioInjectConfig, error)

GetIstioInjectConfig is separated for testing in util_test.go

type Params 

type Params struct {
	InitImage                    string                 `json:"initImage"`
	RewriteAppHTTPProbe          bool                   `json:"rewriteAppHTTPProbe"`
	ProxyImage                   string                 `json:"proxyImage"`
	Verbosity                    int                    `json:"verbosity"`
	SidecarProxyUID              uint64                 `json:"sidecarProxyUID"`
	Version                      string                 `json:"version"`
	EnableCoreDump               bool                   `json:"enableCoreDump"`
	DebugMode                    bool                   `json:"debugMode"`
	Privileged                   bool                   `json:"privileged"`
	Mesh                         *meshconfig.MeshConfig `json:"-"`
	ImagePullPolicy              string                 `json:"imagePullPolicy"`
	StatusPort                   int                    `json:"statusPort"`
	ReadinessInitialDelaySeconds uint32                 `json:"readinessInitialDelaySeconds"`
	ReadinessPeriodSeconds       uint32                 `json:"readinessPeriodSeconds"`
	ReadinessFailureThreshold    uint32                 `json:"readinessFailureThreshold"`
	SDSEnabled                   bool                   `json:"sdsEnabled"`
	EnableSdsTokenMount          bool                   `json:"enableSdsTokenMount"`
	// Comma separated list of IP ranges in CIDR form. If set, only redirect outbound traffic to Envoy for these IP
	// ranges. All outbound traffic can be redirected with the wildcard character "*". Defaults to "*".
	IncludeIPRanges string `json:"includeIPRanges"`
	// Comma separated list of IP ranges in CIDR form. If set, outbound traffic will not be redirected for
	// these IP ranges. Exclusions are only applied if configured to redirect all outbound traffic. By default,
	// no IP ranges are excluded.
	ExcludeIPRanges string `json:"excludeIPRanges"`
	// Comma separated list of inbound ports for which traffic is to be redirected to Envoy. All ports can be
	// redirected with the wildcard character "*". Defaults to "*".
	IncludeInboundPorts string `json:"includeInboundPorts"`
	// Comma separated list of inbound ports. If set, inbound traffic will not be redirected for those ports.
	// Exclusions are only applied if configured to redirect all inbound traffic. By default, no ports are excluded.
	ExcludeInboundPorts string `json:"excludeInboundPorts"`
	// Comma separated list of virtual interfaces whose inbound traffic (from VM) will be treated as outbound
	// By default, no interfaces are configured.
	KubevirtInterfaces string `json:"kubevirtInterfaces"`
}

Params describes configurable parameters for injecting istio proxy into a kubernetes resource.

func (*Params) Validate 

func (p *Params) Validate() error

Validate validates the parameters and returns an error if there is configuration issue.

type SidecarInjectionSpec 

type SidecarInjectionSpec struct {
	// RewriteHTTPProbe indicates whether Kubernetes HTTP prober in the PodSpec
	// will be rewritten to be redirected by pilot agent.
	RewriteAppHTTPProbe bool                          `yaml:"rewriteAppHTTPProbe"`
	InitContainers      []corev1.Container            `yaml:"initContainers"`
	Containers          []corev1.Container            `yaml:"containers"`
	Volumes             []corev1.Volume               `yaml:"volumes"`
	DNSConfig           *corev1.PodDNSConfig          `yaml:"dnsConfig"`
	ImagePullSecrets    []corev1.LocalObjectReference `yaml:"imagePullSecrets"`
}

SidecarInjectionSpec collects all container types and volumes for sidecar mesh injection

func GetInitializerSidecarSpec 

func GetInitializerSidecarSpec(cmLister v1.ConfigMapLister) (*SidecarInjectionSpec, error)

GetInitializerSidecarSpec retrieves the sidecar spec which will be inserted by the initializer

type SidecarInjectionStatus 

type SidecarInjectionStatus struct {
	Version          string   `json:"version"`
	InitContainers   []string `json:"initContainers"`
	Containers       []string `json:"containers"`
	Volumes          []string `json:"volumes"`
	ImagePullSecrets []string `json:"imagePullSecrets"`
}

SidecarInjectionStatus contains basic information about the injected sidecar. This includes the names of added containers and volumes.

type SidecarTemplateData 

type SidecarTemplateData struct {
	DeploymentMeta *metav1.ObjectMeta
	ObjectMeta     *metav1.ObjectMeta
	Spec           *corev1.PodSpec
	ProxyConfig    *meshconfig.ProxyConfig
	MeshConfig     *meshconfig.MeshConfig
}

SidecarTemplateData is the data object to which the templated version of `SidecarInjectionSpec` is applied.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.