Documentation
¶
Index ¶
Constants ¶
View Source
const ( // KeyInjectStatus is the key of the annotation that is added to // a pod after an injection is done. KeyInjectStatus = "consul.hashicorp.com/connect-inject-status" // KeyTransparentProxyStatus is the key of the annotation that is added to // a pod when transparent proxy is done. KeyTransparentProxyStatus = "consul.hashicorp.com/transparent-proxy-status" // KeyManagedBy is the key of the label that is added to pods managed // by the Endpoints controller. This is to support upgrading from consul-k8s // without Endpoints controller to consul-k8s with Endpoints controller // without disrupting services managed the old way. KeyManagedBy = "consul.hashicorp.com/connect-inject-managed-by" // AnnotationInject is the key of the annotation that controls whether // injection is explicitly enabled or disabled for a pod. This should // be set to a truthy or falsy value, as parseable by strconv.ParseBool. AnnotationInject = "consul.hashicorp.com/connect-inject" // AnnotationGatewayKind is the key of the annotation that indicates pods // that represent Consul Connect Gateways. This should be set to a // value that is either "mesh-gateway", "ingress-gateway", "terminating-gateway", // or "api-gateway". AnnotationGatewayKind = "consul.hashicorp.com/gateway-kind" // AnnotationGatewayConsulServiceName is the key of the annotation whose value // is the service name with which the mesh gateway is registered. AnnotationGatewayConsulServiceName = "consul.hashicorp.com/gateway-consul-service-name" // AnnotationMeshGatewayContainerPort is the key of the annotation whose value is // used as the port and also registered as the LAN port when the mesh-gateway // service is registered. AnnotationMeshGatewayContainerPort = "consul.hashicorp.com/mesh-gateway-container-port" // AnnotationGatewayWANSource is the key of the annotation that determines which // source to use to determine the wan address and wan port for the mesh-gateway // service registration. AnnotationGatewayWANSource = "consul.hashicorp.com/gateway-wan-address-source" // AnnotationGatewayWANAddress is the key of the annotation that when the source // of the mesh-gateway is 'Static', is the value of the WAN address for the gateway. AnnotationGatewayWANAddress = "consul.hashicorp.com/gateway-wan-address-static" // AnnotationGatewayWANPort is the key of the annotation whose value is the // WAN port for the mesh-gateway service registration. AnnotationGatewayWANPort = "consul.hashicorp.com/gateway-wan-port" // AnnotationGatewayNamespace is the key of the annotation that indicates the // Consul namespace where a Terminating or Ingress Gateway pod is deployed. AnnotationGatewayNamespace = "consul.hashicorp.com/gateway-namespace" // AnnotationInjectMountVolumes is the key of the annotation that controls whether // the data volume that connect inject uses to store data including the Consul ACL token // is mounted to other containers in the pod. It is a comma-separated list of container names // to mount the volume on. It will be mounted at the path `/consul/connect-inject`. AnnotationInjectMountVolumes = "consul.hashicorp.com/connect-inject-mount-volume" // AnnotationService is the name of the service to proxy. // This defaults to the name of the Kubernetes service associated with the pod. AnnotationService = "consul.hashicorp.com/connect-service" // AnnotationKubernetesService is the name of the Kubernetes service to register. // This allows a pod to specify what Kubernetes service should trigger a Consul // service registration in the case of multiple services referencing a deployment. AnnotationKubernetesService = "consul.hashicorp.com/kubernetes-service" // AnnotationPort is the name or value of the port to proxy incoming // connections to. AnnotationPort = "consul.hashicorp.com/connect-service-port" // AnnotationProxyConfigMap allows for default values to be set in the opaque config map // during proxy registration. The value for this annotation is expected to be valid json. // Other annotations / configuration may overwrite the values in the map. AnnotationProxyConfigMap = "consul.hashicorp.com/proxy-config-map" // AnnotationUpstreams is a list of upstreams to register with the // proxy in the format of `<service-name>:<local-port>,...`. The // service name should map to a Consul service name and the local port // is the local port in the pod that the listener will bind to. It can // be a named port. AnnotationUpstreams = "consul.hashicorp.com/connect-service-upstreams" // AnnotationTags is a list of tags to register with the service // this is specified as a comma separated list e.g. abc,123. AnnotationTags = "consul.hashicorp.com/service-tags" // AnnotationMeta is a list of metadata key/value pairs to add to the service // registration. This is specified in the format `<key>:<value>` // e.g. consul.hashicorp.com/service-meta-foo:bar. AnnotationMeta = "consul.hashicorp.com/service-meta-" // AnnotationUseProxyHealthCheck creates a readiness listener on the sidecar proxy and // queries this instead of the application health check for the status of the application. // Enable this only if the application does not support health checks. AnnotationUseProxyHealthCheck = "consul.hashicorp.com/use-proxy-health-check" // AnnotationSidecarProxyStartupFailureSeconds configures how long the k8s startup probe will wait for // success before the proxy is considered to be unhealthy and the container is restarted. AnnotationSidecarProxyStartupFailureSeconds = "consul.hashicorp.com/sidecar-proxy-startup-failure-seconds" // AnnotationSidecarProxyLivenessFailureSeconds configures how long the k8s liveness probe will wait for // before the proxy is considered to be unhealthy and the container is restarted. AnnotationSidecarProxyLivenessFailureSeconds = "consul.hashicorp.com/sidecar-proxy-liveness-failure-seconds" // annotations for sidecar proxy resource limits. AnnotationSidecarProxyCPULimit = "consul.hashicorp.com/sidecar-proxy-cpu-limit" AnnotationSidecarProxyCPURequest = "consul.hashicorp.com/sidecar-proxy-cpu-request" AnnotationSidecarProxyMemoryLimit = "consul.hashicorp.com/sidecar-proxy-memory-limit" AnnotationSidecarProxyMemoryRequest = "consul.hashicorp.com/sidecar-proxy-memory-request" // annotations for sidecar proxy lifecycle configuration. AnnotationEnableSidecarProxyLifecycle = "consul.hashicorp.com/enable-sidecar-proxy-lifecycle" AnnotationEnableSidecarProxyLifecycleShutdownDrainListeners = "consul.hashicorp.com/enable-sidecar-proxy-lifecycle-shutdown-drain-listeners" AnnotationSidecarProxyLifecycleShutdownGracePeriodSeconds = "consul.hashicorp.com/sidecar-proxy-lifecycle-shutdown-grace-period-seconds" AnnotationSidecarProxyLifecycleGracefulPort = "consul.hashicorp.com/sidecar-proxy-lifecycle-graceful-port" AnnotationSidecarProxyLifecycleGracefulShutdownPath = "consul.hashicorp.com/sidecar-proxy-lifecycle-graceful-shutdown-path" // annotations for sidecar volumes. AnnotationConsulSidecarUserVolume = "consul.hashicorp.com/consul-sidecar-user-volume" AnnotationConsulSidecarUserVolumeMount = "consul.hashicorp.com/consul-sidecar-user-volume-mount" // annotations for sidecar concurrency. AnnotationEnvoyProxyConcurrency = "consul.hashicorp.com/consul-envoy-proxy-concurrency" // annotations for metrics to configure where Prometheus scrapes // metrics from, whether to run a merged metrics endpoint on the consul // sidecar, and configure the connect service metrics. AnnotationEnableMetrics = "consul.hashicorp.com/enable-metrics" AnnotationEnableMetricsMerging = "consul.hashicorp.com/enable-metrics-merging" AnnotationMergedMetricsPort = "consul.hashicorp.com/merged-metrics-port" AnnotationPrometheusScrapePort = "consul.hashicorp.com/prometheus-scrape-port" AnnotationPrometheusScrapePath = "consul.hashicorp.com/prometheus-scrape-path" AnnotationServiceMetricsPort = "consul.hashicorp.com/service-metrics-port" AnnotationServiceMetricsPath = "consul.hashicorp.com/service-metrics-path" // annotations for configuring TLS for Prometheus. AnnotationPrometheusCAFile = "consul.hashicorp.com/prometheus-ca-file" AnnotationPrometheusCAPath = "consul.hashicorp.com/prometheus-ca-path" AnnotationPrometheusCertFile = "consul.hashicorp.com/prometheus-cert-file" AnnotationPrometheusKeyFile = "consul.hashicorp.com/prometheus-key-file" // AnnotationEnvoyExtraArgs is a space-separated list of arguments to be passed to the // envoy binary. See list of args here: https://www.envoyproxy.io/docs/envoy/latest/operations/cli // e.g. consul.hashicorp.com/envoy-extra-args: "--log-level debug --disable-hot-restart" // The arguments passed in via this annotation will take precendence over arguments // passed via the -envoy-extra-args flag. AnnotationEnvoyExtraArgs = "consul.hashicorp.com/envoy-extra-args" // AnnotationConsulNamespace is the Consul namespace the service is registered into. AnnotationConsulNamespace = "consul.hashicorp.com/consul-namespace" // KeyConsulDNS enables or disables Consul DNS for a given pod. It can also be set as a label // on a namespace to define the default behaviour for connect-injected pods which do not otherwise override this setting // with their own annotation. // This annotation/label takes a boolean value (true/false). KeyConsulDNS = "consul.hashicorp.com/consul-dns" // KeyTransparentProxy enables or disables transparent proxy for a given pod. It can also be set as a label // on a namespace to define the default behaviour for connect-injected pods which do not otherwise override this setting // with their own annotation. // This annotation/label takes a boolean value (true/false). KeyTransparentProxy = "consul.hashicorp.com/transparent-proxy" // AnnotationTProxyExcludeInboundPorts is a comma-separated list of inbound ports to exclude from traffic redirection. AnnotationTProxyExcludeInboundPorts = "consul.hashicorp.com/transparent-proxy-exclude-inbound-ports" // AnnotationTProxyExcludeOutboundPorts is a comma-separated list of outbound ports to exclude from traffic redirection. AnnotationTProxyExcludeOutboundPorts = "consul.hashicorp.com/transparent-proxy-exclude-outbound-ports" // AnnotationTProxyExcludeOutboundCIDRs is a comma-separated list of outbound CIDRs to exclude from traffic redirection. AnnotationTProxyExcludeOutboundCIDRs = "consul.hashicorp.com/transparent-proxy-exclude-outbound-cidrs" // AnnotationTProxyExcludeUIDs is a comma-separated list of additional user IDs to exclude from traffic redirection. AnnotationTProxyExcludeUIDs = "consul.hashicorp.com/transparent-proxy-exclude-uids" // AnnotationTransparentProxyOverwriteProbes controls whether the Kubernetes probes should be overwritten // to point to the Envoy proxy when running in Transparent Proxy mode. AnnotationTransparentProxyOverwriteProbes = "consul.hashicorp.com/transparent-proxy-overwrite-probes" // AnnotationRedirectTraffic stores iptables.Config information so that the CNI plugin can use it to apply // iptables rules. AnnotationRedirectTraffic = "consul.hashicorp.com/redirect-traffic-config" // AnnotationOriginalPod is the value of the pod before being overwritten by the consul // webhook/meshWebhook. AnnotationOriginalPod = "consul.hashicorp.com/original-pod" // AnnotationPeeringVersion is the version of the peering resource and can be utilized // to explicitly perform the peering operation again. AnnotationPeeringVersion = "consul.hashicorp.com/peering-version" // LegacyAnnotationConsulK8sVersion is the current version of this binary. // TODO: remove this annotation in a future release. LegacyAnnotationConsulK8sVersion = "consul.hashicorp.com/connect-k8s-version" // AnnotationConsulK8sVersion is the current version of this binary. AnnotationConsulK8sVersion = "consul.hashicorp.com/consul-k8s-version" // LabelServiceIgnore is a label that can be added to a service to prevent it from being // registered with Consul. LabelServiceIgnore = "consul.hashicorp.com/service-ignore" // LabelPeeringToken is a label that can be added to a secret to allow it to be watched // by the peering controllers. LabelPeeringToken = "consul.hashicorp.com/peering-token" // LabelTelemetryCollector is a label signaling the pod is associated with the deployment of a Consul Telemetry // Collector. If this is set, during connect-inject, the endpoints-controller ensures the deployed Namespace exists in Consul and create it if it does not. // This is only meant to be used by Deployment/consul-telemetry-collector. LabelTelemetryCollector = "consul.hashicorp.com/telemetry-collector" // Injected is used as the annotation value for keyInjectStatus and annotationInjected. Injected = "injected" // Enabled is used as the annotation value for keyTransparentProxyStatus. Enabled = "enabled" // ManagedByValue is the value for keyManagedBy. //TODO(zalimeni) rename this to ManagedByLegacyEndpointsValue. ManagedByValue = "consul-k8s-endpoints-controller" )
View Source
const ( // AnnotationMeshInject is the key of the annotation that controls whether // V2 mesh injection is explicitly enabled or disabled for a pod using. // be set to a truthy or falsy value, as parseable by strconv.ParseBool. AnnotationMeshInject = "consul.hashicorp.com/mesh-inject" // KeyMeshInjectStatus is the key of the annotation that is added to // a pod after an injection is done. KeyMeshInjectStatus = "consul.hashicorp.com/mesh-inject-status" // ManagedByEndpointsValue is used in Consul metadata to identify the manager // of resources. The 'v2' suffix is used to differentiate from the legacy // endpoints controller of the same name. ManagedByEndpointsValue = "consul-k8s-endpoints-controller-v2" // ManagedByPodValue is used in Consul metadata to identify the manager // of resources. ManagedByPodValue = "consul-k8s-pod-controller" // ManagedByServiceAccountValue is used in Consul metadata to identify the manager // of resources. ManagedByServiceAccountValue = "consul-k8s-service-account-controller" // AnnotationMeshDestinations is a list of destinations to register with the // proxy. The service name should map to a Consul service name and the local // port is the local port in the pod that the listener will bind to. It can // be a named port. AnnotationMeshDestinations = "consul.hashicorp.com/mesh-service-destinations" // AnnotationMeshInjectMountVolumes is the key of the annotation that controls whether // the data volume that mesh inject uses to store data including the Consul ACL token // is mounted to other containers in the pod. It is a comma-separated list of container names // to mount the volume on. It will be mounted at the path `/consul/mesh-inject`. AnnotationMeshInjectMountVolumes = "consul.hashicorp.com/mesh-inject-mount-volume" )
View Source
const ( AnnotationPrometheusScrape = "prometheus.io/scrape" AnnotationPrometheusPath = "prometheus.io/path" AnnotationPrometheusPort = "prometheus.io/port" )
Annotations used by Prometheus.
View Source
const ( // LegacyConsulCAFile is the location of the Consul CA file inside the injected pod. // This is used with the V1 API. LegacyConsulCAFile = "/consul/connect-inject/consul-ca.pem" // ConsulCAFile is the location of the Consul CA file inside the injected pod. // This is used with the V2 API. ConsulCAFile = "/consul/mesh-inject/consul-ca.pem" // DefaultConsulNS is the default Consul namespace name. DefaultConsulNS = "default" // DefaultConsulPartition is the default Consul partition name. DefaultConsulPartition = "default" // DefaultConsulPeer is the name used to refer to resources that are in the same cluster. DefaultConsulPeer = "local" // ProxyDefaultInboundPort is the default inbound port for the proxy. ProxyDefaultInboundPort = 20000 // ProxyDefaultHealthPort is the default HTTP health check port for the proxy. ProxyDefaultHealthPort = 21000 // MetaGatewayKind is the meta key name for indicating which kind of gateway a Pod is for, if any. // The value should be one of "mesh", "api", or "terminating". MetaGatewayKind = "gateway-kind" // MetaKeyManagedBy is the meta key name for indicating which Kubernetes controller manages a Consul resource. MetaKeyManagedBy = "managed-by" // MetaKeyKubeNS is the meta key name for Kubernetes namespace used for the Consul services. MetaKeyKubeNS = "k8s-namespace" // MetaKeyKubeName is the meta key name for Kubernetes object name used for a Consul object. MetaKeyKubeName = "k8s-name" // MetaKeyDatacenter is the datacenter that this object was registered from. MetaKeyDatacenter = "datacenter" // MetaKeyKubeServiceName is the meta key name for Kubernetes service name used for the Consul services. MetaKeyKubeServiceName = "k8s-service-name" // MetaKeyKubeServiceAccountName is the meta key name for Kubernetes service account name used for the Consul // v2 workload identity. MetaKeyKubeServiceAccountName = "k8s-service-account-name" // MetaKeyPodName is the meta key name for Kubernetes pod name used for the Consul services. MetaKeyPodName = "pod-name" // MetaKeyPodUID is the meta key name for Kubernetes pod uid used for the Consul services. MetaKeyPodUID = "pod-uid" // DefaultGracefulPort is the default port that consul-dataplane uses for graceful shutdown. DefaultGracefulPort = 20600 // DefaultGracefulShutdownPath is the default path that consul-dataplane uses for graceful shutdown. DefaultGracefulShutdownPath = "/graceful_shutdown" // DefaultWANPort is the default port that consul-dataplane uses for WAN. DefaultWANPort = 8443 // ConsulKubernetesCheckType is the type of health check in Consul for Kubernetes readiness status. ConsulKubernetesCheckType = "kubernetes-readiness" // ConsulKubernetesCheckName is the name of health check in Consul for Kubernetes readiness status. ConsulKubernetesCheckName = "Kubernetes Readiness Check" KubernetesSuccessReasonMsg = "Kubernetes health checks passing" // MeshV2VolumePath is the name of the volume that contains the proxy ID. MeshV2VolumePath = "/consul/mesh-inject" UseTLSEnvVar = "CONSUL_USE_TLS" CACertFileEnvVar = "CONSUL_CACERT_FILE" CACertPEMEnvVar = "CONSUL_CACERT_PEM" TLSServerNameEnvVar = "CONSUL_TLS_SERVER_NAME" UnnamedWorkloadPortNamePrefix = "cslport-" )
Variables ¶
This section is empty.
Functions ¶
func GetNormalizedConsulNamespace ¶
GetNormalizedConsulNamespace returns the default namespace if the passed namespace is empty, otherwise returns back the passed in namespace.
func GetNormalizedConsulPartition ¶
GetNormalizedConsulPartition returns the default partition if the passed partition is empty, otherwise returns back the passed in partition.
func GetNormalizedConsulPeer ¶
GetNormalizedConsulPeer returns the default peer if the passed peer is empty, otherwise returns back the passed in peer.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.