Affected by 
Documentation
¶
Overview ¶
Package ingress contains all the logic for Cilium Ingress Controller. Only Ingress resources having annotations."kubernetes.io/ingress.class" or spec.ingressClassName set to "cilium" are managed and processed by the Cilium Ingress Controller.
Two LB modes are supported:
- dedicated LB mode: a dedicated LB is used for each Ingress.
- shared LB mode: all eligible Ingresses are using the same LB.
Each LB mode will have its own translation logic, which converts Ingress resource(s) into internal representation, and then turns it into a set of Cilium configurations (e.g. CiliumEnvoyConfig, LB Service, Endpoints etc.).
- Create one Load Balancer service, the external IP/FQDN is available will bubble up to Ingress status once ready. (dedicated LB mode only)
- Create dummy Endpoint for above LB service. (dedicated LB mode only)
- Create CiliumEnvoyConfig with all routing details. (both modes)
There is a small secret sync component, which will watch all tls ingress secrets and sync them to another give namespace. This is to limit the permission during runtime in all nodes.
Index ¶
- Constants
- Variables
- type Controller
- type Option
- func WithCiliumNamespace(ciliumNamespace string) Option
- func WithDefaultLoadbalancerMode(defaultLoadbalancerMode string) Option
- func WithHTTPSEnforced(enforcedHTTPS bool) Option
- func WithLBAnnotationPrefixes(lbAnnotationPrefixes []string) Option
- func WithMaxRetries(maxRetries int) Option
- func WithSecretsNamespace(secretsNamespace string) Option
- func WithSecretsSyncEnabled(enabledSecretsSync bool) Option
- func WithSharedLBServiceName(sharedLBServiceName string) Option
- type Options
Constants ¶
const Subsys = "ingress-controller"
Variables ¶
var DefaultIngressOptions = Options{ MaxRetries: 10, EnforcedHTTPS: true, EnabledSecretsSync: true, LBAnnotationPrefixes: []string{}, SharedLBServiceName: "cilium-ingress", CiliumNamespace: "kube-system", DefaultLoadbalancerMode: "shared", }
DefaultIngressOptions specifies default values for cilium ingress controller.
Functions ¶
This section is empty.
Types ¶
type Controller ¶
type Controller struct {
// contains filtered or unexported fields
}
Controller is a simple pattern that allows to perform the following tasks:
- Watch cilium Ingress object
- Manage related child resources for this Ingress - Service - Endpoint - CiliumEnvoyConfig
- Manage synced TLS secrets in given namespace - TLS secrets
func NewController ¶
func NewController(clientset k8sClient.Clientset, options ...Option) (*Controller, error)
NewController returns a controller for ingress objects having ingressClassName as cilium
type Option ¶
Option customizes the configuration of cilium ingress controller
func WithCiliumNamespace ¶
WithCiliumNamespace configures the namespace of cilium
func WithDefaultLoadbalancerMode ¶
WithDefaultLoadbalancerMode configures the default loadbalancer mode
func WithHTTPSEnforced ¶
WithHTTPSEnforced specifies if https enforcement should be done or not
func WithLBAnnotationPrefixes ¶
WithLBAnnotationPrefixes configures LB annotations to be used for LB service
func WithMaxRetries ¶
WithMaxRetries sets the maximum number of retries while processing events
func WithSecretsNamespace ¶
WithSecretsNamespace configures destination namespace for syncing all TLS secrets across namespaces.
func WithSecretsSyncEnabled ¶
WithSecretsSyncEnabled specifies if secrets syncs process should be done or not
func WithSharedLBServiceName ¶
WithSharedLBServiceName configures the name of the shared LB service
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package annotations contains all annotations that supported by cilium ingress controller along with some sensible defaults.
|
Package annotations contains all annotations that supported by cilium ingress controller along with some sensible defaults. |