ingress

package
v1.14.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 18, 2024 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Overview

Package ingress contains all the logic for Cilium Ingress Controller. Only Ingress resources having annotations."kubernetes.io/ingress.class" or spec.ingressClassName set to "cilium" are managed and processed by the Cilium Ingress Controller.

Two LB modes are supported:

  • dedicated LB mode: a dedicated LB is used for each Ingress.
  • shared LB mode: all eligible Ingresses are using the same LB.

Each LB mode will have its own translation logic, which converts Ingress resource(s) into internal representation, and then turns it into a set of Cilium configurations (e.g. CiliumEnvoyConfig, LB Service, Endpoints etc.).

  • Create one Load Balancer service, the external IP/FQDN is available will bubble up to Ingress status once ready. (dedicated LB mode only)
  • Create dummy Endpoint for above LB service. (dedicated LB mode only)
  • Create CiliumEnvoyConfig with all routing details. (both modes)

There is a small secret sync component, which will watch all tls ingress secrets and sync them to another give namespace. This is to limit the permission during runtime in all nodes.

Index

Constants

View Source
const CiliumIngressClassIsDefault = "cilium-is-default"
View Source
const Subsys = "ingress-controller"

Variables

View Source
var DefaultIngressOptions = Options{
	MaxRetries:              10,
	EnforcedHTTPS:           true,
	EnabledSecretsSync:      true,
	LBAnnotationPrefixes:    []string{},
	SharedLBServiceName:     "cilium-ingress",
	CiliumNamespace:         "kube-system",
	DefaultLoadbalancerMode: "shared",
	IdleTimeoutSeconds:      60,
}

DefaultIngressOptions specifies default values for cilium ingress controller.

Functions

This section is empty.

Types

type Controller

type Controller struct {
	// contains filtered or unexported fields
}

Controller is a simple pattern that allows to perform the following tasks:

  1. Watch cilium Ingress object
  2. Manage related child resources for this Ingress - Service - Endpoint - CiliumEnvoyConfig
  3. Manage synced TLS secrets in given namespace - TLS secrets

func NewController

func NewController(
	ctx context.Context,
	clientset k8sClient.Clientset,
	ingressClasses resource.Resource[*slim_networkingv1.IngressClass],
	options ...Option,
) (*Controller, error)

NewController returns a controller for ingress objects having ingressClassName as cilium

func (*Controller) Run

func (ic *Controller) Run(ctx context.Context) error

Run kicks off the controlled loop

type Option

type Option func(o *Options) error

Option customizes the configuration of cilium ingress controller

func WithCiliumNamespace

func WithCiliumNamespace(ciliumNamespace string) Option

WithCiliumNamespace configures the namespace of cilium

func WithDefaultLoadbalancerMode

func WithDefaultLoadbalancerMode(defaultLoadbalancerMode string) Option

WithDefaultLoadbalancerMode configures the default loadbalancer mode

func WithDefaultSecretName

func WithDefaultSecretName(defaultSecretName string) Option

WithDefaultSecretNamespace configures the default secret name

func WithDefaultSecretNamespace

func WithDefaultSecretNamespace(defaultSecretNamespace string) Option

WithDefaultSecretNamespace configures the default secret namespace

func WithHTTPSEnforced

func WithHTTPSEnforced(enforcedHTTPS bool) Option

WithHTTPSEnforced specifies if https enforcement should be done or not

func WithIdleTimeoutSeconds

func WithIdleTimeoutSeconds(idleTimeoutSeconds int) Option

WithIdleTimeoutSeconds configures the default idle timeout

func WithLBAnnotationPrefixes

func WithLBAnnotationPrefixes(lbAnnotationPrefixes []string) Option

WithLBAnnotationPrefixes configures LB annotations to be used for LB service

func WithMaxRetries

func WithMaxRetries(maxRetries int) Option

WithMaxRetries sets the maximum number of retries while processing events

func WithSecretsNamespace

func WithSecretsNamespace(secretsNamespace string) Option

WithSecretsNamespace configures destination namespace for syncing all TLS secrets across namespaces.

func WithSecretsSyncEnabled

func WithSecretsSyncEnabled(enabledSecretsSync bool) Option

WithSecretsSyncEnabled specifies if secrets syncs process should be done or not

func WithSharedLBServiceName

func WithSharedLBServiceName(sharedLBServiceName string) Option

WithSharedLBServiceName configures the name of the shared LB service

type Options

type Options struct {
	MaxRetries              int
	EnforcedHTTPS           bool
	EnabledSecretsSync      bool
	SecretsNamespace        string
	LBAnnotationPrefixes    []string
	SharedLBServiceName     string
	CiliumNamespace         string
	DefaultLoadbalancerMode string
	DefaultSecretNamespace  string
	DefaultSecretName       string
	IdleTimeoutSeconds      int
}

Options stores all the configurations values for cilium ingress controller.

Directories

Path Synopsis
Package annotations contains all annotations that supported by cilium ingress controller along with some sensible defaults.
Package annotations contains all annotations that supported by cilium ingress controller along with some sensible defaults.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL